SINGAPORE –
New amendments to the law
that would allow government agencies to share data with external parties, such as social service agencies and community groups, will ensure more effective and timely delivery of services for Singaporeans.
Without the proposed changes, the Government will have to seek consent from individuals before their data is shared, or establish legally that such sharing is in the public interest.
That process can be slow and legally uncertain even for clearly public-spirited programmes, said experts. The proposed changes provide legal clarity for data sharing and hold external parties accountable to standards similar to those applied to public agencies, they added.
Amendments to the Public Sector (Governance) Act (PSGA) are expected to be tabled for second reading when Parliament sits in the week of Jan 12. A public consultation to discuss the recommended changes was held for three weeks between Aug 12, 2025, and Sept 2, 2025.
Introduced in 2018, the PSGA allows for data sharing across the public sector, and sets out data protection and sharing requirements for government agencies.
Under the law, data can be shared between public sector agencies for seven specific purposes. These include improving the efficiency or effectiveness of policy planning and service delivery, and supporting a whole-of-government approach in public sector work.
Under the amendments, the Government would be able to rely on these seven prescribed purposes to share data with authorised external parties.
The amendments also require that the minister who is responsible for the relevant public sector agency to authorise each case of data sharing with an external partner.
The authorisation must be documented, clearly stating the specified purposes for which the data will be used, and identifying which of the PSGA purposes provides the basis for sharing. The specified partners and the parties engaged by them, as well as the specific scope of data to be shared, must also be documented.
Mr Lim Chong Kin, head of technology, media and telecommunications at law firm Drew & Napier, noted that many front-line services today are delivered by external partners such as social service agencies, community groups and trade associations, which often have closer and more direct contact with residents and businesses.
“Without timely access to relevant data, these partners may face delays in identifying needs, verifying eligibility or providing assistance,” he said.
“For example, community organisations providing social assistance may need timely access to a list of eligible households in a neighbourhood to distribute aid or offer follow-up support. Without this, assistance may be delayed or miss those most in need.”
Under current laws, government agencies have to seek consent from individuals or families before they can share data with external partners.
But there are challenges to seeking consent. For example, a government agency may already know who needs help based on previous support, but it will have to seek consent for new programmes.
Another challenge is that individuals may be uncontactable due to missing or outdated contact information, or they may miss notifications – which prevents them from receiving help under new programmes.
Another scenario arises when multiple partners are involved in delivering coordinated services to individuals. In such a case, the individuals have to repeatedly give consent to all partners. If they miss giving consent to one party, their data is incomplete and the services they receive will be limited.
Another way that agencies seek to share data with external partners is to establish legally that data sharing meets the common law ground of public interest. But experts say that can be an onerous process.
“As the common law develops on a case-by-case basis, there is presently a lack of legal certainty and clarity about whether specific purposes or circumstances would comprise public interest grounds,” said Mr Lim.
Concurring, Mr Josh Lee, managing director (Apac) of non-profit organisation Future of Privacy Forum, said that agencies often have to go through multiple layers of internal governance and legal review to determine what is public interest.
“As part of the review, agencies likely need to be satisfied that a proposed sharing of data is linked to a legitimate public purpose, that the data is necessary to achieve that purpose, and that the same outcome cannot be achieved through other means,” said Mr Lee, adding that public officers would be more cautious as the PSGA carries criminal penalties for wrongful disclosure.
In addition, if there is a new community initiative or pilot programme, it may need to be re-assessed afresh, said Mr Lee. This can cause delays or discourage potentially beneficial collaborations.
While the experts acknowledge that some Singaporeans may have concerns about their personal data being shared with external parties, they also highlighted the safeguards in the proposed amendments.
These include provisions ensuring that external parties who misuse shared data may be subject to the same level of penalties as public officers under the PSGA.
It criminalises the acts of unauthorised disclosure of data, misuse of data and the re-identification of individuals from anonymised data. Public officers found guilty of these offences can be fined up to $5,000 and jailed for up to two years.
In addition, the Personal Data Protection Act (PDPA) obligations and penalties – which primarily applies to private sector organisations – will continue to apply for these external partners.
Professor Simon Chesterman, the David Marshall Professor of Law at the National University of Singapore, said that the amendments are clearer on accountability. External partners remain subject to the PDPA, and the amended PSGA framework ensures that external parties who mishandle shared government data will face consequences.
But Mr Lee said whether the safeguards are sufficient will depend on how the provisions and data governance practices are implemented over time.
“It may be prudent for greater support to be extended to external parties that receive public sector data on enhancing data governance practices and internal compliance controls, and navigating the twin regimes of the PSGA and the PDPA,” he added.
Concurring, Prof Chesterman said: “If more sensitive data is to be shared to improve service delivery, there should be commensurate investment in partner capability – clear minimum standards, practical support, and proportionate compliance expectations – so partners are not given new responsibilities without the capacity to carry them out safely.”
Overall, experts agree that the amendments strike a balance between safeguarding personal data of Singaporeans, and enabling it to be used responsibly.
“These amendments tilt the scale towards suiting Singapore’s model of efficiency, which is necessary to enable the Government to work with social service agencies and community groups to deliver effective and timely support to Singaporeans, especially where more timely help is being expected by Singaporeans arising from the ageing population and other welfare challenges,” said Mr Lim.