KEEP IN TOUCH
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!
Singapore’s approach to governance has long been defined by efficiency, coordination, and trust. As social needs become increasingly complex and service delivery relies more heavily on collaboration between government agencies and external partners, the question of how data is shared has moved to the forefront. Proposed amendments to the Public Sector (Governance) Act represent a significant shift in how the Government intends to manage data sharing while maintaining accountability and public confidence.
The changes aim to reduce administrative red tape that currently hinders data sharing, particularly when public agencies collaborate with social service organisations, community groups, and other partners that operate closer to citizens on the ground. Experts argue that clearer legal pathways for data sharing could improve outcomes for Singaporeans, especially those requiring timely assistance. At the same time, the amendments introduce safeguards designed to ensure that data protection obligations remain robust and enforceable.
Under the existing framework, public agencies often face delays when attempting to share data with external partners. Consent must typically be obtained from individuals, or agencies must establish that data sharing meets the legal threshold of public interest. While these requirements are well-intentioned, they can introduce uncertainty and slow decision-making, even for programmes with clear social benefits.
In practice, this means that agencies may already know who needs help based on prior interactions, yet still need to restart consent processes for new initiatives. Individuals may be uncontactable due to outdated details or may miss notifications, resulting in delays or missed support. When multiple partners are involved, repeated consent requests can fragment service delivery and reduce effectiveness.
Experts note that these procedural hurdles do not reflect how modern public services operate. Many frontline services are delivered by non-government organisations that have direct, ongoing relationships with beneficiaries. Without timely access to relevant data, these partners are constrained in their ability to assess eligibility, coordinate support, or follow up with those in need.
The proposed amendments would allow government agencies to rely on the existing seven prescribed purposes under the Public Sector (Governance) Act to share data with authorised external parties. This represents a significant evolution from the current model, which limits such sharing largely within the public sector.
Crucially, each instance of data sharing with an external partner would still require ministerial authorisation. The authorisation must be documented and specify the purpose of data use, the legal basis under the PSGA, the parties involved, and the scope of data shared. This creates a clear audit trail and reinforces accountability while enabling faster operational decisions.
Parliament is expected to debate these amendments in January, following a public consultation held in late 2025. According to experts cited in The Straits Times, the intent is to provide legal clarity rather than deregulate data sharing. You can read the full report on the proposed changes here.
One of the central concerns surrounding expanded data sharing is whether personal data will remain adequately protected. The proposed amendments address this by extending PSGA penalties to authorised external partners who misuse shared data. These penalties mirror those faced by public officers, including fines and imprisonment for unauthorised disclosure or misuse.
Importantly, external partners will also continue to be subject to obligations under the Personal Data Protection Act. This creates a dual compliance landscape where partners must navigate both the PSGA and the PDPA. Legal experts suggest that this layered accountability framework strengthens protection rather than weakens it, provided that partners are adequately supported in meeting these requirements.
Professor Simon Chesterman of the National University of Singapore has noted that the amendments clarify accountability rather than dilute it. External parties remain answerable for how data is handled, and the Government retains oversight through formal authorisation processes and documentation requirements.
While the amendments offer opportunities for faster service delivery, they also raise practical questions for external partners. Many social service agencies and community organisations operate with limited resources and varying levels of data governance maturity. The prospect of handling government data under stricter accountability regimes may be daunting without additional support.
Experts have highlighted the need for commensurate investment in partner capability. This includes clear minimum standards, practical guidance, and proportionate compliance expectations. Without such measures, there is a risk that partners may be assigned new responsibilities without the operational capacity to manage them safely.
This perspective underscores that data sharing reform is not solely a legal exercise. It is also an organisational and cultural one, requiring alignment between policy intent and real-world execution. Effective data sharing depends as much on training, governance, and systems as it does on legal authority.
Public confidence remains a critical factor in any discussion about data sharing. Some Singaporeans may feel uneasy about their personal data being shared beyond government agencies, even for well-intentioned purposes. Transparency about how data is used, who has access, and what safeguards are in place will be essential in maintaining trust.
The proposed amendments attempt to address these concerns by embedding accountability at multiple levels. Ministerial authorisation, documented purposes, and enforceable penalties signal that data sharing is not being taken lightly. At the same time, the focus on improving service delivery reflects evolving societal expectations for timely and coordinated support, particularly in the context of an ageing population and increasing welfare complexity.
Experts generally agree that the amendments strike a pragmatic balance. They recognise Singapore’s governance model, which prioritises efficiency, while reinforcing the principle that personal data must be handled responsibly and transparently.
For organisations that may become authorised external partners, the amendments signal a need to reassess data governance practices. Handling public sector data will require clear internal controls, documented processes, and an understanding of both PSGA and PDPA obligations. Data sharing agreements, access controls, and incident response readiness will become even more critical.
This shift also presents an opportunity. Organisations that invest early in strong data protection frameworks will be better positioned to collaborate with government agencies and contribute meaningfully to public service delivery. Conversely, those that treat compliance as an afterthought may find themselves excluded from such partnerships or exposed to regulatory risk.
As Singapore moves towards a more collaborative data sharing model, organisations will need trusted partners to help navigate the evolving landscape. Privacy Ninja supports organisations through DPO-as-a-Service, data protection advisory, and breach management services that align with both the PDPA and emerging public sector expectations.
Our approach focuses on practical readiness rather than theoretical compliance. We help organisations assess governance gaps, design clear policies, and build internal capabilities to manage shared data responsibly. For partners working with public agencies, this includes guidance on managing dual obligations under the PSGA and PDPA, as well as preparing for regulatory scrutiny.
By combining legal insight with operational expertise, Privacy Ninja enables organisations to participate confidently in data sharing initiatives that deliver social value while safeguarding trust.
The proposed amendments to Singapore’s Public Sector (Governance) Act reflect a maturing data governance landscape. By reducing red tape and clarifying legal pathways for data sharing, the Government aims to improve the speed and effectiveness of social support delivery. At the same time, strengthened accountability measures seek to preserve public trust and data protection standards.
Success will depend not only on the legislation itself, but on how it is implemented and supported in practice. With the right safeguards, capacity building, and partnerships, the reforms have the potential to enhance collaboration without compromising privacy. For organisations involved in this ecosystem, now is the time to strengthen data governance and prepare for a more integrated, accountable future.
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
Latest resources sent to your inbox weekly
© 2025 Privacy Ninja. All rights reserved
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!