Reading time: 14 minutes

Written by Moo Wen Si, Amelia | Edited by Josh Lee Kok Thong

We’re all law and tech scholars now, says every law and tech sceptic. That is only half-right. Law and technology is about law, but it is also about technology. This is not obvious in many so-called law and technology pieces which tend to focus exclusively on the law. No doubt this draws on what Judge Easterbrook famously said about three decades ago, to paraphrase: “lawyers will never fully understand tech so we might as well not try”.

In open defiance of this narrative, LawTech.Asia is proud to announce a collaboration with the Singapore Management University Yong Pung How School of Law’s LAW4032 Law and Technology class. This collaborative special series is a collection featuring selected essays from students of the class. Ranging across a broad range of technology law and policy topics, the collaboration is aimed at encouraging law students to think about where the law is and what it should be vis-a-vis technology.

This piece, written by Moo Wen Si, Amelia, seeks to examine the sufficiency of the PDPA in today’s world. In a technologically advanced world where e-commerce, cloud computing and data mining are flourishing, data has become one of the most valuable assets in the economy. This has raised concerns as to whether our data is being fully protected from misuse and the remedial actions available in cases of data breaches. In response, the Singapore Parliament enacted the Personal Data Protection Act 2012 (“PDPA”) seeking to protect individuals’ data from misuse by organisations in the private sectors. The PDPA, aimed to be a comprehensive data protection law, is however severely lacking in the protection it affords to individuals. This paper seeks to argue how the PDPA is insufficient to protect one’s data from being misused and the limited recourse that individuals have even when their data privacy has been compromised.