By Chei-Liang Sin, Luke Grubb & Sally Murphy

The Personal Data Protection Commission (the Commission) was established in January 2013 to implement and enforce The Personal Data Protection Act 2012 (PDPA). The PDPA fully came into force on 2 July 2014. So far, the Commission has mainly used its investigation and enforcement powers to take action against organisations not adhering to the Do Not Call provisions of the PDPA. However, the Commission is also in the process of investigating

The Straits Times reported on 14 August that Singapore’s Personal Data Protection Commission (the “Commission”) is investigating a complaint from a user that Xiaomi has breached the Personal Data Protection Act 2012 (“PDPA”). This is believed to be the first investigation under the main PDPA rules unrelated to the Do Not Call registry which came into force on 2 July 2014. This investigation will be followed with interest as it may set the tone for how