MDDI 演講稿 · 2023-07-18
部長 Josephine Teo 在個人資料保護周開幕式上的演講
要點
- • 演講援引調查資料顯示,38%的企業在整合多內部系統資料時面臨挑戰,34%存在資料質量問題,揭示東盟地區高質量AI開發的結構性瓶頸。
- • 新加坡於2019年推出《人工智慧治理框架》,並陸續開源「AI Verify」測試框架與軟體工具包,旨在提升業界對AI系統的透明度。
- • 新加坡個人資料保護委員會(PDPC)正將《人工智慧推薦與決策系統個人資料使用諮詢指引》推進至公開徵詢階段,為企業釐清利用個人資料訓練AI模型及獲取消費者同意的合規要求。
- • 資訊通訊媒體發展局(IMDA)於2022年啟動的隱私增強技術(PET)沙盒試驗已覆蓋金融、電商、媒體及科技等多個領域,製藥分銷商澤聯醫藥藉此與區域資料夥伴合作,在合規前提下精準追蹤亞洲藥品流轉動態。
- • IMDA與谷歌聯合推出「PET x Privacy Sandbox」,這是谷歌在亞太地區與監管機構就隱私增強技術測試與應用開展的首次合作。
- • 東盟已建立跨境資料流轉機制,包括《東盟示範合同條款》及其與歐盟標準合同條款的聯合對照指南,新加坡承諾將在即將擔任的東盟數字部長會議主席國任期內推動該程序進入下一階段。
完整譯文(繁體中文)
MDDI 英文原文譯文 · 翻譯日期: 2026-06-21
早上好。很高興與各位共同出席個人資料保護周的啟動儀式。自2013年舉辦此活動以來,本次是首次迎來東盟所有成員國國家資料保護機構的同仁共襄盛舉。
各位的蒞臨,無論是個人還是集體,都彰顯了資料對本地區蓬勃發展的數字經濟的重要性,也體現了東盟在制定有利於民眾和企業的資料政策方面的關注與興趣。
為此,我謹向撥冗出席的東盟同仁們致以格外熱烈的歡迎。
過去一年,人工智慧(AI)已成為新聞頭條和眾多話題的焦點。人們的興奮之情,很大程度上源於AI已變得多麼像人類、多麼聰明——它能夠回答複雜問題、撰寫文章、編寫程式碼,甚至創作令人驚歎的音樂、影像和影片。
與此同時,外界對AI生成內容也存在諸多擔憂,包括它可能被濫用於散佈虛假資訊,或從事詐騙等犯罪活動。
另一個問題是,AI生成的內容是否存在偏見,或對特定群體構成歧視。如果用於訓練AI模型的資料集本身已包含此類偏見和歧視性特徵,上述情況便可能發生。
鑑於上述擔憂,AI治理已成為當務之急,部分國家(包括新加坡)已開始採取措施加以應對。
我們於2019年推出了《人工智慧治理框架》。近期,我們又成立了一個基金會,以指導AI Verify的開發工作。AI Verify是一套已開源的測試框架和軟體工具包,旨在幫助業界提升其AI的透明度。
在採取措施強化AI治理的同時,我們也應關注AI模型的開發方式。
在很多方面,AI模型產生的結果,其質量與開發者所使用的訓練資料集的質量密切相關。
俗話說"垃圾進,垃圾出",這同樣適用於AI。這已預設了資料首先是可獲取的。然而,我們都知道,高質量AI落地的兩個前提條件——資料可及性與資料質量——並非總能得到滿足。
一項調查發現:
a. 38%的組織在從多個內部系統收集資料方面面臨挑戰,這一情況在東盟地區同樣存在;
b. 34%的組織存在資料質量問題。
在某些情況下,這可能就像一架缺少幾個琴鍵的鋼琴,或一支缺少某些樂器、或某些樂器未經妥善調音的管弦樂團。你仍然能聽到音樂,但聽起來可能並不悅耳。然而,如果資料問題更像是建築物缺失或質量低劣的支柱,後果則可能更為嚴重。
若要在數字經濟中實現高質量的AI落地,我們需要為地區內的企業提供更多支援,幫助它們獲取和整合優質資料。若希望從廣泛的AI創新中獲益,這是必不可少的。
與此同時,我們必須確保消費者資料得到妥善保護。缺乏適當的資料保護,人們將缺乏足夠的安全感以充分參與數字化發展,也不會支援將資料更廣泛地用於AI及其他創新領域。
但如何提升保護力度至關重要。我們的目標應當是在允許創新發生的同時加強保護,並隨著時間推移學習如何更有效地兼顧這兩個目標。這些考量構成了新加坡資料監管方式的基礎,我今天將進一步闡述。
明確AI中個人資料的使用規則,助力企業創新
一旦企業明確了可使用哪些資料(包括個人資料),優質資料集便更易於構建。當業界清楚瞭解個人資料如何以安全可信的方式應用於AI時,消費者同樣受益。
我曾於三月宣佈,個人資料保護委員會(PDPC)將釋出《人工智慧推薦與決策系統中個人資料使用指導準則》。這是我們為AI開發與部署構建可信生態系統這一更廣泛努力的組成部分。
PDPC已在閉門徵詢階段收到來自廣泛持份者的寶貴反饋。我很高興地宣佈,該指導準則現將進入公開徵詢階段,此後方正式釋出。
該指導準則將為企業提供更清晰的指引,說明如何使用個人資料來訓練或開發AI模型。為促進透明度,準則將就以下事項提供指導:在向消費者尋求同意、使用其個人資料供AI系統作出推薦、決策或預測之前,應提供哪些說明。
該準則還鼓勵AI解決方案提供商支援其客戶遵守《個人資料保護法》(PDPA)。這可包括設計系統,使客戶能夠便捷地提取提供說明所需的資訊。
本指導準則適用於用於推薦和決策的傳統AI系統。
PDPC認識到在生成式AI中使用個人資料所引發的新擔憂,例如利用公開可獲取的個人資料訓練大型模型、生成合成媒體或"深度偽造"內容。PDPC正就上述問題展開研究,並正在考慮是否應在PDPA框架下提供進一步指引。
善用技術,構建支援AI創新的可信資料生態系統
政府幫助企業構建資料集的另一途徑,是通過使用隱私增強技術(PETs)。
PETs使企業能夠從消費者資料集中提取價值,同時確保個人資料受到保護。通過促進資料共享,PETs還能幫助企業開發有價值的資料洞察和AI系統。
例如,藉助PETs,銀行可以匯聚資料並構建創新性AI模型,以實現更有效的欺詐檢測,同時保護客戶的身份資訊和財務資訊。
IMDA積極鼓勵業界採用隱私增強技術(PET)。去年PDP Week期間,我宣佈啟動IMDA的PET沙盒試點專案。通過這一試點,參與企業可以接觸一批PET解決方案提供商,並獲得一系列全面支援,包括開發PET解決方案的資助以及監管指導。
該沙盒引發了廣泛興趣。我們已與金融、電商、媒體及科技等多元行業的企業合作,開發出一系列應用場景。
一個典型案例是Zuellig Pharma,這是一家區域總部設於新加坡的大型藥品分銷企業。加入PET沙盒幫助Zuellig Pharma瞭解如何與區域資料合作伙伴協同使用PET。通過訪問合作伙伴的資料,他們得以對藥品在亞洲的流通情況進行更精準的分析,同時滿足監管合規要求。
IMDA PET沙盒的成功,為我們與本地及國際合作夥伴開展合作開闢了新途徑。
我很高興宣佈,IMDA與Google今天聯合推出"PET x Privacy Sandbox"。這是Google在亞太地區首次與監管機構合作,支援業界測試和採用PET。
PET x Privacy Sandbox將使企業和消費者雙方受益。
新加坡及區域內的眾多企業將獲得一個安全空間,可在其已運營的平臺上試行PET專案。隨著第三方Cookie的棄用,企業無法再依賴其通過瀏覽器追蹤消費者行為,需要以PET作為替代方案。
消費者將在無需擔憂個人資料遭到侵害的情況下,享受到更具針對性的內容推送。
事實上,這並非IMDA首次與科技企業在PET沙盒領域展開合作。目前已有眾多大大小小的企業參與IMDA的PET沙盒。IMDA正積極推動更多此類合作。通過實驗與測試,我們致力於構建穩健的科技生態系統。促進跨境資料流通,提升東盟從人工智慧中獲益的能力
促進資料訪問的另一途徑是推動跨境資料共享。這豐富了企業可呼叫的資料資源池,總體上受到業界歡迎。
然而,必須明確規定跨境資料傳輸在何種情況下、以何種方式方可被接受。確實存在某些資料集,任何國家都不願其落入外國之手,必須加以妥善保護。但這不應阻礙支援商業創新的非敏感資料的正常流通。
新加坡認為,就允許的跨境資料流通制定清晰透明的指引,比一刀切地全面推行資料本地化規則更為有效。在這方面,我們對印度尼西亞、泰國等鄰國為推動跨境資料傳輸而頒佈進步性立法表示讚賞。我們可以在區域層面進一步推動這些努力。
東盟將跨境資料流通視為戰略優先事項,我們一直致力於通過制定穩健實用的資料傳輸機制來推動協調對齊。
我們在若干關鍵領域取得了良好進展。例如,我們於2016年推出《東盟數字資料治理框架》,將制定區域資料傳輸機制確立為戰略優先事項。其中一項資料傳輸機制是東盟示範合同條款(MCCs),該條款提供"即用型"模板,幫助企業按照區域監管要求制定資料傳輸合同。
作為一個地區整體,我們還致力於促進東盟與歐盟之間的跨境資料流通,以提升企業的資料獲取能力。
《東盟MCCs與歐盟標準合同條款(SCCs)聯合指南》梳理了兩套模板之間的共同點,有助於形成共識,並促進東盟與歐盟商業夥伴之間就資料傳輸展開的合同談判。
新加坡將繼續與東盟及歐盟合作伙伴推進該專案的下一階段工作。我們希望在明年擔任東盟數字部長級會議(ADGMIN)主席國期間,推動這一工作取得成果。
結語
最後,我感謝在座各位對數字經濟發展中資料安全負責任使用的關注與支援。
人工智慧的興起凸顯了資料的價值與重要性。作為監管機構,我們有責任確保資料得到妥善保護並以合乎道德的方式使用。同樣,我們也致力於確保人工智慧模型以優質資料為基礎構建。
我們能夠且應當採取整體性方法,最大化資料作為人工智慧生態系統推動力的價值。這需要國際社會與多方利益相關者的協同合作。
我今天所涉及的領域——人工智慧系統中個人資料使用指引、PET以及跨境資料流通的促進——是新加坡希望為這一不斷演進的領域和這場極為重要的對話作出貢獻的方式。
在接下來的幾天裡,我們期待就這些舉措及更多議題交流意見,攜手推動這項重要工作向前邁進。
祝各位討論富有洞見、成果豐碩。
謝謝。
演講PDF版本
英文原文
MDDI 官網原始記錄 · 抓取日期: 2026-06-21
Good morning. I am happy to join you for the launch of the Personal Data Protection Week. For the first time since this event has been organised in 2013, we are joined by our colleagues from the national data protection authorities of all ASEAN Member States.
Your presence, individually and collectively, reflects the importance of data to our region’s growing digital economy. It also says something about ASEAN’s interest in developing data policies that help people and businesses.
Therefore, I would like to extend an especially warm welcome to our ASEAN colleagues, for making time to be here today.
In the past year, Artificial intelligence (AI) has come to dominate the headlines and a lot of conversations. Much of the excitement is around how human-like and clever AI has become, with the ability to answer complex questions, compose essays, write code, or even produce amazing music, images, and videos.
Equally, there are many concerns about AI-generated content, including how it can be misused for disinformation or criminal activities like scams.
Another question is whether AI-generated content contain biases or discriminate against certain groups. This could happen if the datasets used to train the AI models already contain such biases and discriminatory features.
As a result of these concerns, AI Governance is an urgent priority which some countries are already taking steps to address, including Singapore.
We introduced the Model AI Governance Framework in 2019. More recently, we set up a foundation to guide the development of AI Verify, a testing framework and software toolkit that has been open sourced, to help industries be more transparent about their AI.
While we take steps to strengthen AI Governance, we should also pay attention to how AI model are being developed.
In many ways, the AI models produce results that are only as good as the training datasets used by the developers.
The old saying “garbage in, garbage out” applies to AI too. This already presumes that data is accessible in the first place. And yet we all know that the two pre-conditions for high-quality AI implementation – data access and quality – are not always met.
One survey found that:
a. 38% of organisations faced challenges collecting data from multiple internal systems. This applies to the ASEAN region;
b. 34% had problems with data quality.
In some cases, this may be like a piano with a few missing keys, or an orchestra that has left out some instruments or have some of the instruments not properly tuned. You will still hear music, though it will probably not sound very good. However, if the data issues are more like missing or poorly-made pillars of a building, the consequences could be more serious.
If we want to see high quality AI implementation in our digital economy, we will need to do more to help businesses in the region access and collate quality data. This is necessary if we hope to benefit from widespread AI innovations.
At the same time, we must ensure that consumers’ data are properly protected. Without proper data protection, people will not feel safe enough to fully participate in digital developments. Nor will they support the greater use of data for AI and other innovations.
But how we improve protection is important. Our aim should be to do so whilst allowing innovation to take place and learning how to marry these twin objectives more effectively over time. These considerations underpin Singapore’s approach to data regulations, which I will say more about today.
Clarity on use of personal data in AI helps companies innovate
Quality data sets are easier to build once companies are clear on what data they can use, including personal data. Consumers also benefit when industry has clarity on how personal data can be applied to AI in a safe and trusted manner.
I had announced in March that our Personal Data Protection Commission, the PDPC, would be launching Advisory Guidelines on the use of Personal Data in AI Recommendation and Decision Systems. This is part of our wider effort to lay the groundwork for a trusted ecosystem for AI development and deployment.
The PDPC has received useful feedback from a wide range of stakeholders during closed consultations, and I am pleased to share that the Advisory Guidelines will now progress to the stage of open consultation, before being published .
The Advisory Guidelines will provide businesses with more clarity on the use of personal data to train or develop AI models. To promote transparency, there will be guidance on explanations that should be provided before seeking consent from consumers who are providing personal data for use in an AI system to make recommendations, decisions, or predictions.
The Guidelines also encourage AI solution providers to support their clients in their compliance with the PDPA. This can include designing systems such that it is easy to extract information clients need for providing their explanations.
This Advisory Guideline applies to traditional AI systems used for recommendations and decision-making.
The PDPC recognises the new concerns arising from the use of personal data in generative AI. For instance, the use of publicly available personal data to train large models, to produce synthetic media or ‘Deep Fakes’. The PDPC is looking into these issues and considering whether further guidance should be provided under the PDPA.
Harness technology to build up a trusted data ecosystem that supports AI innovation
Another way for governments to help companies build up their datasets is through the use of privacy enhancing technologies, or PETs.
PETs allow businesses to extract value from consumer datasets, while ensuring that personal data is protected. Through facilitating data sharing, they can also help businesses develop useful data insights and AI systems.
For instance, using PETs, banks can pool data and build innovative AI models for better fraud detection, while protecting their customers’ identity and financial information.
IMDA actively encourages industry to adopt PETs. At PDP Week last year, I announced the launch of IMDA’s PET Sandbox pilot. Through this pilot, participating businesses could access a panel of PET solution providers and a comprehensive suite of support, including grants to develop PET solutions and regulatory guidance.
This Sandbox has generated much interest. A range of use cases have been developed in partnership with industry across diverse sectors such as finance, e-commerce, media, and technology.
One example is Zuellig Pharma, a major pharmaceuticals distribution firm with regional headquarters in Singapore. Joining the PET Sandbox helped Zuellig Pharma understand how to use PETs in collaboration with regional data partners. Access to their partners’ data have helped them derive more precise analytics around the movement of pharmaceutical products in Asia, while complying with their regulatory obligations.
The success of IMDA’s PET sandbox has opened new ways for us to work with local and international partners.
I am glad to announce that IMDA and Google are jointly launching the “PET x Privacy Sandbox” today. This is Google’s first partnership in Asia Pacific with a regulator to support industry in testing and adopting PETs.
The PET x Privacy Sandbox will benefit both companies and consumers.
Many companies in Singapore and the region will gain a safe space to pilot projects using PETs on a platform they already operate on. With the deprecation of third-party cookies, businesses can no longer rely on these to track consumers’ behaviour through the browser and will need PETs as an alternative.
Consumers will experience being served more relevant content without fearing that their personal data is compromised.
This is, in fact, not the first collaboration that IMDA has with tech companies in the PET sandbox. We already have many companies, large and small, participating in IMDA’s PET sandbox. IMDA is actively pursuing more of such collaborations. Through experimentation and testing, we strive to build a robust tech ecosystem. Facilitate cross border data flows to boost ASEAN’s ability to gain from the benefits of AI
Another way to improve data access is through facilitating data sharing across borders. This enriches the pool of data companies can draw on and is generally welcome by businesses.
However, there must be clarity on the regulations that determine when and how such cross-border data transfers are acceptable. There are certainly datasets which no country will be comfortable falling into foreign hands, and which must be properly secured. This should however not prevent the movement of non-sensitive data that supports business innovations.
Singapore believes that clear and transparent guidelines on permissible cross-border data flows work better than a blunt application of data localisation rules across the board. On this, we commend our neighbours such as Indonesia and Thailand for enacting progressive legislation to enable data transfers across borders. We can give these efforts a further boost at the regional level.
ASEAN recognises cross-border data flows as a strategic priority, and we have been working towards alignment through the development of robust and practical data transfer mechanisms.
We have made good progress in some key areas. For example, we introduced the ASEAN Framework on Digital Data Governance in 2016, which established developing regional data transfer mechanisms as a strategic priority. One such data transfer mechanism is the ASEAN Model Contractual Clauses (MCCs), which provide a “ready-to-use" template to help businesses develop contracts in compliance with regional regulatory requirements for transferring data.
As a region, we have also worked to facilitate cross-border data flows between ASEAN and EU to enhance companies’ access to data.
The Joint Guide to the ASEAN MCCs and EU Standard Contractual Clauses (SCCs) identifies commonalities between the two sets of templates. This helps foster a common understanding and facilitates contractual negotiations on data transfers between ASEAN and EU business partners.
Singapore will continue to work with our ASEAN and EU partners on the next stage of this project. We hope to steward this to fruition during our upcoming ASEAN Digital Ministers Meeting (ADGMIN) Chairmanship next year.
Conclusion
To conclude, I thank everyone here for your interest and support for the safe and responsible use of data in developing the digital economy.
The rise of AI underscores the value and importance of data. As regulators, we have a duty to ensure their proper protection and ethical use. Equally, we have an interest to ensure AI models are built with quality data.
We can and should adopt a holistic approach to maximise the value of data as an enabler for the AI ecosystem. This will require an international and multi-stakeholder cooperation.
The areas I touched on today – guidelines for the use of personal data in AI systems, PETs, and facilitating cross-border data flows – are ways Singapore hopes to contribute to this evolving field and very important conversation.
In the next few days, we look forward to exchanging ideas on these initiatives and more, so that we can together take this important work forward.
I wish you insightful and fruitful discussions ahead.
Thank you.
PDF version of the speech