Singapore: Adopted Advisory Guidelines on Use of Personal Data in AI Systems under the Personal Data Protection Act (PDPA)

On 1 March 2024, the Data Protection Authority in Singapore (PDPC) adopted the Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems. The guidelines cover scenarios where organisations can use the business improvement and research exception, allowing them to use personal data without prior consent. However, when deploying AI Systems that collect and use personal data in products or services, organisations must adhere to consent and notification obligations. Users should be informed about the purpose and intended use of their personal data when consent is sought. Additionally, the guidelines highlight that service providers developing and deploying bespoke AI Systems may be considered data intermediaries and must comply with relevant obligations under the Personal Data Protection Act (PDPA). The guidelines provide organisations with clarity on the use of personal data to develop AI systems, guidance on information to be provided to consumers when seeking consent, and best practices for compliance with the PDPA. The guidelines also outline the obligations of third-party developers of bespoke AI Systems under the PDPA.