On March 25, the Singapore Policy Journal hosted its second virtual event of the Spring 2021 semester in collaboration with The Sessions from the NUS University Scholars Programme, titled “Data Go Where? Data Governance in Singapore.” The event included a short small-group pre-event discussion followed by a speaker panel featuring Quek Su Lynn (Director, Government Data Office), Yi-Ling Teo (Senior Fellow, Centre of Excellence for National Security at RSIS), and Timothy Lin (Co-Founder, Cylynx). In both the discussion and the Q&A with the speakers, a variety of ideas were discussed regarding data governance, and the participants were introduced to private and public sector perspectives of some of the challenges that consumers, companies, and the government face in a field that seems ever-growing.
The event began with small-group discussions, where participants first spoke about their interest in the topic at hand. Many stated that in a world that relies more heavily on technology than ever before, gaining a better understanding on how data privacy works was of utmost importance. Participants also discussed how other countries’ data protection laws, such as the General Data Protection Regulation (GDPR) in the European Union, may shape future implementations in Singapore. Others spoke about how the idea of data governance was contingent on trust between the parties, and if that trust is broken, the system that is currently in place has the potential to collapse. Some cited specific examples that have eroded public trust in governments and private companies, such as the SingHealth, Cambridge Analytica, or the Equifax data breach incidents, reiterating that building trust between these parties is something that is extremely difficult to do.
Another point that was brought up was the current segregation of data governance policies between governments. Currently, there are no international standards on how companies should manage data, making it extremely difficult for governments to regulate multinational corporations, especially social media giants such as Facebook or Snapchat. Participants echoed the idea that implementing an effective data protection plan was almost impossible to achieve, as it involves balancing on a tightrope between rules that are too strict and cause companies to leave, and not doing enough to help the public secure their data.
At this point, we were joined by our invited speakers who shared about how their work related to the topic at hand. Together, we examined the limitations of data governance and the steps that are currently being taken in the public and private sectors to allow people to have more control over their data. The current data protection regimes in Singapore for the public and private sectors were highlighted. Additionally, it was noted that though there are separate data protection regimes for the public and private sectors, both were founded on common principles, such as: ensuring that there are clear grounds, and notification of individuals, for the collection, use and disclosure of personal data; giving individuals the right to access and correct their personal data controlled by organisations, and making sure organizations had a duty of care for their users’ data.
We examined broad questions regarding data governance; specifically, what the limits of data governance are, and how private companies collect users’ data. It was noted that due to the rapid pace of innovation in digital technology, governments will always be playing catch-up in terms of regulation. Consequently, the government needed to have a certain “agility” in their policymaking to effectively regulate the technological industry. A point was made about how although data may be commonly referred to as the “oil of the 21st century,” there are significant differences between the two resources. The main difference is that oil is excludable and rivalrous, meaning if someone gets more oil, someone else has to lose it. This is not the same with data, which is non-rivalrous. With data, many people can access it without reducing the amount available to others. Additionally, they explained that data governance does not just revolve around privacy; there are many other factors that should be taken into consideration, such as the quality, integrity, and accessibility of the data.
After these introductions, the event moved to the Q&A segment, where participants asked the speakers about the many facets of data governance. This began with participants bringing up the idea of the trade-offs that citizens and governments are willing to make regarding data governance for the benefit of technological advancements. It was noted that there are ways to balance the tradeoff between data privacy and AI development, for example, such as creating synthetic data instead of using real people’s data, although that industry is still in its infancy. It was also pointed out that the government has also been trying to promote the use of AI, through the National AI strategy. Despite that, there are always ethical concerns that come with the implementation of AI models, and these issues must be addressed by strong governance frameworks.
Next, we explored how to bridge the gap of understanding of data privacy between different stakeholders. The conversation focused on the idea of education and awareness. Currently, the public does not have much insight on how the government or corporations use their information, and so education on data privacy alone can only go so far in helping to quell this problem. It was pointed out that many of the general public who do take time to educate themselves on this topic still choose to use social media accounts, or accept cookies on their favorite websites. This seemingly indifferent attitude makes it hard to meaningfully inspire any kind of change. Some opined that the Singapore Government could do more in communication and engagement, so citizens have an easier time understanding the issues, and making informed decisions when trusting others with their data. Overall, the issue of trust is particularly salient in data privacy policies. There was agreement that governments could look into working with stakeholders and the public to amplify and increase trust institutionally in the public sector and generate greater understanding of how the private sector should handle personal data.
Finally, we examined how data governance may change in the future. There was consensus that with the nature of this topic, there will be new problems that arise in the future that cannot be effectively dealt with by current regulations. One example brought up was that of quantum computing, which does not have much regulation in place given that it is not yet a reality. This example highlighted how legislation by its very nature has to be reactive, as it is hard to regulate things that have not been invented yet, and that the speed of innovation will always exceed that of legislation. However, Singapore does want to continue to attract global talent to the country. In the future, the government will need to allow these experts to test and experiment with their technology, but still be watchful to minimize potential harm for the citizens. Lastly, the event ended with an acknowledgement of the need for fine balance between harnessing new technologies to create substantial benefits for society and minimizing or mitigating potential harm that these new technologies may bring.
We would like to extend our sincere gratitude to the speakers: Quek Su Lynn, Timothy Lin, and Teo Yi-Ling, for taking time out of their busy schedules to come speak to us, as well as to the enthusiastic participants, who came prepared with a plethora of questions and ideas in the discussion. We would also like to thank the incredibly professional organizing team at The Sessions for working with us to make the event run as smoothly as possible. It is our hope that those who attended will continue to think about the future of data governance in the nation, and we hope that you will continue to join the Singapore Policy Journal and The Sessions for future events.