书面答复 · 2024-04-03 · 第 14 届国会
个人数据删除权及救济机制
Provision for Deletion of Personal Data Upon Request under Personal Data Protection Act 2012 and Recourse Available to Individuals
议员质询个人数据保护法中是否包含个人数据删除权及相关救济机制。政府回应指出,法律规定组织在数据不再需要时必须停止保留或妥善处理,无论是否有同意,且个人数据保护委员会有权指令组织销毁数据或停止使用。核心争议在于是否存在明确的"删除权"条款及其执行保障。
关键要点
- • 无明确删除权条款
- • 数据保留有严格限制
- • 监管机构有执法权
支持现行法律规定及监管机制
质疑缺乏明确删除权保障
强化数据保留与销毁监管
"The Personal Data Protection Commission (PDPC) has the power to direct the organisation to destroy, or stop collecting, using or disclosing, the personal data concerned."
参与人员(2)
完整译文(中文)
Hansard 英文原文译文 · 翻译日期:2026-05-02
27号蔡庆伟先生问通讯及资讯部长,鉴于缺乏“删除权”条款,《2012年个人数据保护法》是否规定了(i) 对于未同意其个人数据被收集、使用或披露的个人,是否可要求组织在请求时删除其个人数据;以及(ii) 如果组织未予删除,该等个人可采取何种补救措施。
张玉娟女士答:个人数据保护法(PDPA)要求组织在个人数据不再用于收集时的目的或其他合法商业或法律目的时,停止保留该个人数据或以适当方式处置。
无论是否已给予同意,组织均须遵守此项要求。PDPA下的保留期限足以保障个人数据不被进一步使用。如组织未遵守这些要求,个人数据保护委员会(PDPC)有权指示该组织销毁相关个人数据,或停止收集、使用或披露该个人数据。
英文原文
SPRS Hansard 原始记录 · 抓取日期:2026-05-02
27 Mr Chua Kheng Wee Louis asked the Minister for Communications and Information given the absence of a 'right to erasure' clause, whether the Personal Data Protection Act 2012 provides for (i) individuals who have not given consent for the collection, use, or disclosure of their personal data and requiring an organisation to delete their personal data upon request and (ii) the recourse for such individuals if the organisation does not do so.
Mrs Josephine Teo : The Personal Data Protection Act (PDPA) requires an organisation to cease retention of personal data or dispose of it in a proper manner when it is no longer needed for the purposes it was collected for, or other legitimate business or legal purpose.
This requirement applies regardless of whether consent had or had not been given for the organisation's collection, use or disclosure of personal data. Retention limits under the PDPA sufficiently safeguard the further use of an individual's personal data. If the organisation does not adhere to these requirements, the Personal Data Protection Commission (PDPC) has the power to direct the organisation to destroy, or stop collecting, using or disclosing, the personal data concerned.