SINGAPORE Law and Practice Contributed by: Lim Chong Kin, Drew & Napier LLC
transferred. However, in the context of a CSP cloud outsourcing arrangement, an organisa - tion may have to agree to a CSP’s standard contractual terms, which may include a term that confers discretion onto the CSP as to the exact jurisdictions to which personal data may be transferred. According to the PDPC’s Cloud Services Guide - lines, in such a situation, the organisation may be considered to have taken appropriate steps to comply with the transfer limitation obligation if: • the CSP based in Singapore is certified or accredited as meeting relevant industry standards (such as MTCS Level 3 and ISO 27001); and • the CSP provides assurances that all the data centres or sub-processors in such overseas locations to which the personal data is trans - ferred comply with these standards. 3. Artificial Intelligence 3.1 Liability, Data Protection, IP and Fundamental Rights There is currently no specific legislation regulat - ing the use of big data, machine learning and artificial intelligence (AI) technologies in Singa - pore. However, various government and regula - tory agencies have developed non-legally bind - ing frameworks to provide industry guidance on these subjects. Applicable Frameworks Examples of these frameworks include: • the PDPC’s Model AI Governance Framework and its companion guide, the Implementa - tion and Self-Assessment Guide for Organi -
sations, which give organisations practical recommendations on implementing ethical principles and adopting responsible AI gov - ernance; • the MAS’s Principles to Promote Fairness, Ethics, Accountability and Transparency (FEAT) in the Use of AI and Data Analytics in Singapore’s Financial Sector, which provide a set of principles for the use of AI in decision making in the provision of financial products and services; and • the MAS’s Veritas Initiative, which assists FIs in evaluating their AI and data analytics solu - tions against the MAS’s FEAT principles. Notably, the PDPC’s Model AI Governance Framework represents the efforts of Singapore’s policymakers and regulators to articulate a com - mon approach, and a set of consistent defini - tions and principles in the governance of AI. Broadly, it sets out principles in four key areas: • internal governance structures and measures – organisations should ensure that there are clear roles and responsibilities as well as risk management and internal controls in place for the ethical deployment of AI; • AI decision-making models – organisations should consider the risks of different AI models and determine the appropriate degree of human oversight based on the expected probability and severity of harm; • operations management – organisations should understand the lineage, provenance and quality of the data used, as well as the transparency of the algorithms chosen; and • stakeholder interaction and communica - tion – organisations should seek to build trust and maintain open relationships with individuals regarding the use of AI through general disclosure, transparency and policy
410 CHAMBERS.COM
Powered by FlippingBook