MDDI 演讲稿 · 2023-07-18
部长 Josephine Teo 在个人数据保护周开幕式上的演讲
部长 Josephine Teo 在个人数据保护周开幕式上的演讲
要点
- • 演讲援引调查数据显示,38%的企业在整合多内部系统数据时面临挑战,34%存在数据质量问题,揭示东盟地区高质量AI开发的结构性瓶颈。
- • 新加坡于2019年推出《人工智能治理框架》,并陆续开源「AI Verify」测试框架与软件工具包,旨在提升业界对AI系统的透明度。
- • 新加坡个人资料保护委员会(PDPC)正将《人工智能推荐与决策系统个人资料使用咨询指引》推进至公开征询阶段,为企业厘清利用个人资料训练AI模型及获取消费者同意的合规要求。
- • 资讯通信媒体发展局(IMDA)于2022年启动的隐私增强技术(PET)沙盒试验已覆盖金融、电商、媒体及科技等多个领域,制药分销商泽联医药借此与区域数据伙伴合作,在合规前提下精准追踪亚洲药品流转动态。
- • IMDA与谷歌联合推出「PET x Privacy Sandbox」,这是谷歌在亚太地区与监管机构就隐私增强技术测试与应用开展的首次合作。
- • 东盟已建立跨境数据流转机制,包括《东盟示范合同条款》及其与欧盟标准合同条款的联合对照指南,新加坡承诺将在即将担任的东盟数字部长会议主席国任期内推动该进程进入下一阶段。
完整译文(中文)
MDDI 英文原文译文 · 翻译日期: 2026-06-21
早上好。很高兴与各位共同出席个人数据保护周的启动仪式。自2013年举办此活动以来,本次是首次迎来东盟所有成员国国家数据保护机构的同仁共襄盛举。
各位的莅临,无论是个人还是集体,都彰显了数据对本地区蓬勃发展的数字经济的重要性,也体现了东盟在制定有利于民众和企业的数据政策方面的关注与兴趣。
为此,我谨向拨冗出席的东盟同仁们致以格外热烈的欢迎。
过去一年,人工智能(AI)已成为新闻头条和众多话题的焦点。人们的兴奋之情,很大程度上源于AI已变得多么像人类、多么聪明——它能够回答复杂问题、撰写文章、编写代码,甚至创作令人惊叹的音乐、图像和视频。
与此同时,外界对AI生成内容也存在诸多担忧,包括它可能被滥用于散布虚假信息,或从事诈骗等犯罪活动。
另一个问题是,AI生成的内容是否存在偏见,或对特定群体构成歧视。如果用于训练AI模型的数据集本身已包含此类偏见和歧视性特征,上述情况便可能发生。
鉴于上述担忧,AI治理已成为当务之急,部分国家(包括新加坡)已开始采取措施加以应对。
我们于2019年推出了《人工智能治理框架》。近期,我们又成立了一个基金会,以指导AI Verify的开发工作。AI Verify是一套已开源的测试框架和软件工具包,旨在帮助业界提升其AI的透明度。
在采取措施强化AI治理的同时,我们也应关注AI模型的开发方式。
在很多方面,AI模型产生的结果,其质量与开发者所使用的训练数据集的质量密切相关。
俗话说"垃圾进,垃圾出",这同样适用于AI。这已预设了数据首先是可获取的。然而,我们都知道,高质量AI落地的两个前提条件——数据可及性与数据质量——并非总能得到满足。
一项调查发现:
a. 38%的组织在从多个内部系统收集数据方面面临挑战,这一情况在东盟地区同样存在;
b. 34%的组织存在数据质量问题。
在某些情况下,这可能就像一架缺少几个琴键的钢琴,或一支缺少某些乐器、或某些乐器未经妥善调音的管弦乐团。你仍然能听到音乐,但听起来可能并不悦耳。然而,如果数据问题更像是建筑物缺失或质量低劣的支柱,后果则可能更为严重。
若要在数字经济中实现高质量的AI落地,我们需要为地区内的企业提供更多支持,帮助它们获取和整合优质数据。若希望从广泛的AI创新中获益,这是必不可少的。
与此同时,我们必须确保消费者数据得到妥善保护。缺乏适当的数据保护,人们将缺乏足够的安全感以充分参与数字化发展,也不会支持将数据更广泛地用于AI及其他创新领域。
但如何提升保护力度至关重要。我们的目标应当是在允许创新发生的同时加强保护,并随着时间推移学习如何更有效地兼顾这两个目标。这些考量构成了新加坡数据监管方式的基础,我今天将进一步阐述。
明确AI中个人数据的使用规则,助力企业创新
一旦企业明确了可使用哪些数据(包括个人数据),优质数据集便更易于构建。当业界清楚了解个人数据如何以安全可信的方式应用于AI时,消费者同样受益。
我曾于三月宣布,个人数据保护委员会(PDPC)将发布《人工智能推荐与决策系统中个人数据使用指导准则》。这是我们为AI开发与部署构建可信生态系统这一更广泛努力的组成部分。
PDPC已在闭门征询阶段收到来自广泛持份者的宝贵反馈。我很高兴地宣布,该指导准则现将进入公开征询阶段,此后方正式发布。
该指导准则将为企业提供更清晰的指引,说明如何使用个人数据来训练或开发AI模型。为促进透明度,准则将就以下事项提供指导:在向消费者寻求同意、使用其个人数据供AI系统作出推荐、决策或预测之前,应提供哪些说明。
该准则还鼓励AI解决方案提供商支持其客户遵守《个人数据保护法》(PDPA)。这可包括设计系统,使客户能够便捷地提取提供说明所需的信息。
本指导准则适用于用于推荐和决策的传统AI系统。
PDPC认识到在生成式AI中使用个人数据所引发的新担忧,例如利用公开可获取的个人数据训练大型模型、生成合成媒体或"深度伪造"内容。PDPC正就上述问题展开研究,并正在考虑是否应在PDPA框架下提供进一步指引。
善用技术,构建支持AI创新的可信数据生态系统
政府帮助企业构建数据集的另一途径,是通过使用隐私增强技术(PETs)。
PETs使企业能够从消费者数据集中提取价值,同时确保个人数据受到保护。通过促进数据共享,PETs还能帮助企业开发有价值的数据洞察和AI系统。
例如,借助PETs,银行可以汇聚数据并构建创新性AI模型,以实现更有效的欺诈检测,同时保护客户的身份信息和财务信息。
IMDA积极鼓励业界采用隐私增强技术(PET)。去年PDP Week期间,我宣布启动IMDA的PET沙盒试点项目。通过这一试点,参与企业可以接触一批PET解决方案提供商,并获得一系列全面支持,包括开发PET解决方案的资助以及监管指导。
该沙盒引发了广泛兴趣。我们已与金融、电商、媒体及科技等多元行业的企业合作,开发出一系列应用场景。
一个典型案例是Zuellig Pharma,这是一家区域总部设于新加坡的大型药品分销企业。加入PET沙盒帮助Zuellig Pharma了解如何与区域数据合作伙伴协同使用PET。通过访问合作伙伴的数据,他们得以对药品在亚洲的流通情况进行更精准的分析,同时满足监管合规要求。
IMDA PET沙盒的成功,为我们与本地及国际合作伙伴开展合作开辟了新途径。
我很高兴宣布,IMDA与Google今天联合推出"PET x Privacy Sandbox"。这是Google在亚太地区首次与监管机构合作,支持业界测试和采用PET。
PET x Privacy Sandbox将使企业和消费者双方受益。
新加坡及区域内的众多企业将获得一个安全空间,可在其已运营的平台上试行PET项目。随着第三方Cookie的弃用,企业无法再依赖其通过浏览器追踪消费者行为,需要以PET作为替代方案。
消费者将在无需担忧个人数据遭到侵害的情况下,享受到更具针对性的内容推送。
事实上,这并非IMDA首次与科技企业在PET沙盒领域展开合作。目前已有众多大大小小的企业参与IMDA的PET沙盒。IMDA正积极推动更多此类合作。通过实验与测试,我们致力于构建稳健的科技生态系统。促进跨境数据流通,提升东盟从人工智能中获益的能力
促进数据访问的另一途径是推动跨境数据共享。这丰富了企业可调用的数据资源池,总体上受到业界欢迎。
然而,必须明确规定跨境数据传输在何种情况下、以何种方式方可被接受。确实存在某些数据集,任何国家都不愿其落入外国之手,必须加以妥善保护。但这不应阻碍支持商业创新的非敏感数据的正常流通。
新加坡认为,就允许的跨境数据流通制定清晰透明的指引,比一刀切地全面推行数据本地化规则更为有效。在这方面,我们对印度尼西亚、泰国等邻国为推动跨境数据传输而颁布进步性立法表示赞赏。我们可以在区域层面进一步推动这些努力。
东盟将跨境数据流通视为战略优先事项,我们一直致力于通过制定稳健实用的数据传输机制来推动协调对齐。
我们在若干关键领域取得了良好进展。例如,我们于2016年推出《东盟数字数据治理框架》,将制定区域数据传输机制确立为战略优先事项。其中一项数据传输机制是东盟示范合同条款(MCCs),该条款提供"即用型"模板,帮助企业按照区域监管要求制定数据传输合同。
作为一个地区整体,我们还致力于促进东盟与欧盟之间的跨境数据流通,以提升企业的数据获取能力。
《东盟MCCs与欧盟标准合同条款(SCCs)联合指南》梳理了两套模板之间的共同点,有助于形成共识,并促进东盟与欧盟商业伙伴之间就数据传输展开的合同谈判。
新加坡将继续与东盟及欧盟合作伙伴推进该项目的下一阶段工作。我们希望在明年担任东盟数字部长级会议(ADGMIN)主席国期间,推动这一工作取得成果。
结语
最后,我感谢在座各位对数字经济发展中数据安全负责任使用的关注与支持。
人工智能的兴起凸显了数据的价值与重要性。作为监管机构,我们有责任确保数据得到妥善保护并以合乎道德的方式使用。同样,我们也致力于确保人工智能模型以优质数据为基础构建。
我们能够且应当采取整体性方法,最大化数据作为人工智能生态系统推动力的价值。这需要国际社会与多方利益相关者的协同合作。
我今天所涉及的领域——人工智能系统中个人数据使用指引、PET以及跨境数据流通的促进——是新加坡希望为这一不断演进的领域和这场极为重要的对话作出贡献的方式。
在接下来的几天里,我们期待就这些举措及更多议题交流意见,携手推动这项重要工作向前迈进。
祝各位讨论富有洞见、成果丰硕。
谢谢。
演讲PDF版本
英文原文
MDDI 官网原始记录 · 抓取日期: 2026-06-21
Good morning. I am happy to join you for the launch of the Personal Data Protection Week. For the first time since this event has been organised in 2013, we are joined by our colleagues from the national data protection authorities of all ASEAN Member States.
Your presence, individually and collectively, reflects the importance of data to our region’s growing digital economy. It also says something about ASEAN’s interest in developing data policies that help people and businesses.
Therefore, I would like to extend an especially warm welcome to our ASEAN colleagues, for making time to be here today.
In the past year, Artificial intelligence (AI) has come to dominate the headlines and a lot of conversations. Much of the excitement is around how human-like and clever AI has become, with the ability to answer complex questions, compose essays, write code, or even produce amazing music, images, and videos.
Equally, there are many concerns about AI-generated content, including how it can be misused for disinformation or criminal activities like scams.
Another question is whether AI-generated content contain biases or discriminate against certain groups. This could happen if the datasets used to train the AI models already contain such biases and discriminatory features.
As a result of these concerns, AI Governance is an urgent priority which some countries are already taking steps to address, including Singapore.
We introduced the Model AI Governance Framework in 2019. More recently, we set up a foundation to guide the development of AI Verify, a testing framework and software toolkit that has been open sourced, to help industries be more transparent about their AI.
While we take steps to strengthen AI Governance, we should also pay attention to how AI model are being developed.
In many ways, the AI models produce results that are only as good as the training datasets used by the developers.
The old saying “garbage in, garbage out” applies to AI too. This already presumes that data is accessible in the first place. And yet we all know that the two pre-conditions for high-quality AI implementation – data access and quality – are not always met.
One survey found that:
a. 38% of organisations faced challenges collecting data from multiple internal systems. This applies to the ASEAN region;
b. 34% had problems with data quality.
In some cases, this may be like a piano with a few missing keys, or an orchestra that has left out some instruments or have some of the instruments not properly tuned. You will still hear music, though it will probably not sound very good. However, if the data issues are more like missing or poorly-made pillars of a building, the consequences could be more serious.
If we want to see high quality AI implementation in our digital economy, we will need to do more to help businesses in the region access and collate quality data. This is necessary if we hope to benefit from widespread AI innovations.
At the same time, we must ensure that consumers’ data are properly protected. Without proper data protection, people will not feel safe enough to fully participate in digital developments. Nor will they support the greater use of data for AI and other innovations.
But how we improve protection is important. Our aim should be to do so whilst allowing innovation to take place and learning how to marry these twin objectives more effectively over time. These considerations underpin Singapore’s approach to data regulations, which I will say more about today.
Clarity on use of personal data in AI helps companies innovate
Quality data sets are easier to build once companies are clear on what data they can use, including personal data. Consumers also benefit when industry has clarity on how personal data can be applied to AI in a safe and trusted manner.
I had announced in March that our Personal Data Protection Commission, the PDPC, would be launching Advisory Guidelines on the use of Personal Data in AI Recommendation and Decision Systems. This is part of our wider effort to lay the groundwork for a trusted ecosystem for AI development and deployment.
The PDPC has received useful feedback from a wide range of stakeholders during closed consultations, and I am pleased to share that the Advisory Guidelines will now progress to the stage of open consultation, before being published .
The Advisory Guidelines will provide businesses with more clarity on the use of personal data to train or develop AI models. To promote transparency, there will be guidance on explanations that should be provided before seeking consent from consumers who are providing personal data for use in an AI system to make recommendations, decisions, or predictions.
The Guidelines also encourage AI solution providers to support their clients in their compliance with the PDPA. This can include designing systems such that it is easy to extract information clients need for providing their explanations.
This Advisory Guideline applies to traditional AI systems used for recommendations and decision-making.
The PDPC recognises the new concerns arising from the use of personal data in generative AI. For instance, the use of publicly available personal data to train large models, to produce synthetic media or ‘Deep Fakes’. The PDPC is looking into these issues and considering whether further guidance should be provided under the PDPA.
Harness technology to build up a trusted data ecosystem that supports AI innovation
Another way for governments to help companies build up their datasets is through the use of privacy enhancing technologies, or PETs.
PETs allow businesses to extract value from consumer datasets, while ensuring that personal data is protected. Through facilitating data sharing, they can also help businesses develop useful data insights and AI systems.
For instance, using PETs, banks can pool data and build innovative AI models for better fraud detection, while protecting their customers’ identity and financial information.
IMDA actively encourages industry to adopt PETs. At PDP Week last year, I announced the launch of IMDA’s PET Sandbox pilot. Through this pilot, participating businesses could access a panel of PET solution providers and a comprehensive suite of support, including grants to develop PET solutions and regulatory guidance.
This Sandbox has generated much interest. A range of use cases have been developed in partnership with industry across diverse sectors such as finance, e-commerce, media, and technology.
One example is Zuellig Pharma, a major pharmaceuticals distribution firm with regional headquarters in Singapore. Joining the PET Sandbox helped Zuellig Pharma understand how to use PETs in collaboration with regional data partners. Access to their partners’ data have helped them derive more precise analytics around the movement of pharmaceutical products in Asia, while complying with their regulatory obligations.
The success of IMDA’s PET sandbox has opened new ways for us to work with local and international partners.
I am glad to announce that IMDA and Google are jointly launching the “PET x Privacy Sandbox” today. This is Google’s first partnership in Asia Pacific with a regulator to support industry in testing and adopting PETs.
The PET x Privacy Sandbox will benefit both companies and consumers.
Many companies in Singapore and the region will gain a safe space to pilot projects using PETs on a platform they already operate on. With the deprecation of third-party cookies, businesses can no longer rely on these to track consumers’ behaviour through the browser and will need PETs as an alternative.
Consumers will experience being served more relevant content without fearing that their personal data is compromised.
This is, in fact, not the first collaboration that IMDA has with tech companies in the PET sandbox. We already have many companies, large and small, participating in IMDA’s PET sandbox. IMDA is actively pursuing more of such collaborations. Through experimentation and testing, we strive to build a robust tech ecosystem. Facilitate cross border data flows to boost ASEAN’s ability to gain from the benefits of AI
Another way to improve data access is through facilitating data sharing across borders. This enriches the pool of data companies can draw on and is generally welcome by businesses.
However, there must be clarity on the regulations that determine when and how such cross-border data transfers are acceptable. There are certainly datasets which no country will be comfortable falling into foreign hands, and which must be properly secured. This should however not prevent the movement of non-sensitive data that supports business innovations.
Singapore believes that clear and transparent guidelines on permissible cross-border data flows work better than a blunt application of data localisation rules across the board. On this, we commend our neighbours such as Indonesia and Thailand for enacting progressive legislation to enable data transfers across borders. We can give these efforts a further boost at the regional level.
ASEAN recognises cross-border data flows as a strategic priority, and we have been working towards alignment through the development of robust and practical data transfer mechanisms.
We have made good progress in some key areas. For example, we introduced the ASEAN Framework on Digital Data Governance in 2016, which established developing regional data transfer mechanisms as a strategic priority. One such data transfer mechanism is the ASEAN Model Contractual Clauses (MCCs), which provide a “ready-to-use" template to help businesses develop contracts in compliance with regional regulatory requirements for transferring data.
As a region, we have also worked to facilitate cross-border data flows between ASEAN and EU to enhance companies’ access to data.
The Joint Guide to the ASEAN MCCs and EU Standard Contractual Clauses (SCCs) identifies commonalities between the two sets of templates. This helps foster a common understanding and facilitates contractual negotiations on data transfers between ASEAN and EU business partners.
Singapore will continue to work with our ASEAN and EU partners on the next stage of this project. We hope to steward this to fruition during our upcoming ASEAN Digital Ministers Meeting (ADGMIN) Chairmanship next year.
Conclusion
To conclude, I thank everyone here for your interest and support for the safe and responsible use of data in developing the digital economy.
The rise of AI underscores the value and importance of data. As regulators, we have a duty to ensure their proper protection and ethical use. Equally, we have an interest to ensure AI models are built with quality data.
We can and should adopt a holistic approach to maximise the value of data as an enabler for the AI ecosystem. This will require an international and multi-stakeholder cooperation.
The areas I touched on today – guidelines for the use of personal data in AI systems, PETs, and facilitating cross-border data flows – are ways Singapore hopes to contribute to this evolving field and very important conversation.
In the next few days, we look forward to exchanging ideas on these initiatives and more, so that we can together take this important work forward.
I wish you insightful and fruitful discussions ahead.
Thank you.
PDF version of the speech