Privacy & Data Protection

Singapore: Proposed Guidelines for Children’s Personal Data

Latest developments

On 19 July 2023, the PDPC commenced a public consultation on proposed new Advisory Guidelines on the PDPA for Children’s Personal Data. The public consultation closed on 31 August 2023.

The new guidelines are proposed against the backdrop that children are now spending more time online, and may not fully understand the risks, consequences and implications of their personal data being collected and used.

Summary

The proposed guidelines will provide guidance on how the PDPC interprets the PDPA in relation to children’s personal data.

It is proposed for the new guidelines to apply to organisations that offer products or services that are likely to be accessed by children, or are in fact accessed by children, even if the products or services are not targeted at children.

Data intermediaries (also commonly referred to as “processors”) that retain children’s personal data will also be expected to implement additional measures to protect children’s personal data.

The PDPC also sought comments on the following proposals in its consultation paper:

  • Requiring organisations to use language that is readily understandable by children when communicating with them;
  • Minimising the collection, use and disclosure of children’s personal data;
  • Switching off geolocation data by default so that products and services cannot automatically start collecting geolocation data when first used;
  • Requiring organisations to conduct a data protection impact assessment (DPIA) before releasing products or services likely to be accessed by children;
  • Adopting the practical view that a child between 13 and 17 years of age has sufficient understanding to consent on his/her own behalf to the collection, use and disclosure of his/her personal data, as well as to withdraw consent; and
  • Notifying a child’s parent or guardian of a data breach so that the parent or guardian can take steps to mitigate harm to the child.

How could it be relevant for you?

Organisations whose products or services are accessed by children, or are likely to be accessed by children, may need to take additional measures to protect children’s personal data that they handle when the new guidelines are issued.

Next steps

The PDPC is evaluating comments received during the public consultation exercise, and can be expected to review its proposals before the final guidelines are issued subsequently. As the PDPC’s consultation paper set out the relevant issues for comments at a high level, it remains to be seen what detailed requirements will be included in the actual guidelines. Organisations that handle children’s personal data should continue to monitor this space for further developments.

*Information is accurate up to 27 November 2023

Privacy & Data Protection - Explore further sections

Explore other chapters in the guide

Data as a key digital asset

Crypto assets

AI as a digital asset

Privacy & Data Protection

Cybersecurity

Digital Identity and Trust Services

Consumer