We work, live, and play in a world today that is very much interconnected, facilitated by digital technologies, that have been improving by leaps and bounds. AI, for instance, including Gen AI is fast becoming a “must-have” for many organisations, rather than a “good-to-have”. And most if not all of us here are already experimenting with Gen AI-enabled consumer tools today, whether to help us write better or to generate new ideas. Let’s not forget, it has been barely 2 years since ChatGPT was launched.

 Since taking on the role of a digital regulator looking at the intersection of issues that cut across AI and Data, I have come to appreciate the complexity of these issues.  And how often, the goals of one party, seemingly straightforward, does not necessarily mean that another party shares the same goal. This complexity is further increased by the pace in which the technologies themselves advanced.

It is hence important that in such a complex environment, that we place a renewed emphasis on trust as a cornerstone of the work we do. Frameworks and tools that are aligned with common principles, help to facilitate this.

For instance, here in the region of Southeast Asia, even though we speak many different languages, and enjoy many different types of foods due to our cultural differences, we have still come together as ASEAN to develop the ASEAN Guide on AI Governance and Ethics. This guide serves as the first common standard in the region that provides guidance on implementing trustworthy AI in ASEAN.  

In the area of data, ASEAN has also come together to develop a data management framework as early as 2016, and has also put together a set of ASEAN Model Contractual Clauses, a template for intra-ASEAN data transfers that is increasingly recognised by data protection regulators in the region as a valid tool for data transfers. 

Trust is not a theoretical concept. We have always and will continue to place an emphasis on taking practical steps forward to bridge the divisions that sometimes occur between regulators and industry, in order to build a trusted environment that enables innovation to take root. 

 In Singapore, we have adopted a pragmatic approach forward. We understand that many organisations want to collect and leverage data to make better informed decisions, build connections with their customers and partners, or improve their businesses.   We are hence encouraging of organisations to do so responsibly and safely.

For instance, we encourage the adoption of Privacy Enhancing Technologies or PETs through a use case-centric approach. PETs may offer viable solutions to effectively address and mitigate data protection challenges, particularly those arising from AI. 

a.      The IMDA PET Sandbox was launched to provide a safe space for organisations to learn and use PETs to meet their specific needs. By encouraging experimentation, organisations can identify the most appropriate PET for their unique business needs and existing workflows, boosting their readiness for PET adoption.

b.      Earlier this week, we also announced the expansion of the sandbox to include a new archetype focused on “data use for Gen AI”.

c.      Additionally, new guides are being developed to help organisations begin their journey with PETs, including recommendations for generating and using synthetic data to address data-related challenges.

This practical approach is not only useful in helping organisations build confidence to innovate in a safe space, but also for us as a regulator to co-learn with the industry in an agile fashion, to better understand and address privacy-related risks before developing policies and standards.

I would now like to conclude by highlighting the work of the IAPP. As the world’s largest privacy community, the IAPP has provided invaluable insights to the data privacy community through their extensive knowledge, experience and networks with both regulators and the industry. 

 Through the invaluable insights shared at the IAPP Forums such as this one held in Asia, the IAPP has also helped many professionals from both government or private sector organisations, including myself, keep up with the developments in AI and Data. Not only do we learn much, but we have also been able to come together at such events to discover potential partners and collaborators, and to discuss our common goals and how to advance them.       

To this end, I am delighted to announce that we have renewed our Memorandum of Intent with IAPP, and that Singapore will continue to play host to the Asia Privacy Forum in Singapore for the next three years.

This MOI is a crystallisation of the long-standing partnership that the IAPP has had with us. And we believe that the IAPP would be able to support both our local data protection community in Singapore as well as the communities in the Asian region, as we tackle the myriad of complex and challenging issues ahead in the digital era.   

I thank you for your time, and wish all of you a very fruitful and productive Forum ahead over the next two days.