Last review date: 29 December 2023

☐        applies to organizations located in the jurisdiction

☐        applies to organizations located outside of the jurisdiction offering goods or services to data subjects in the jurisdiction

☐        applies to organizations located outside of the jurisdiction engaged in the monitoring of the behavior of data subjects located in the jurisdiction

☐        no express territorial scope, but would require some nexus to the jurisdiction

☒        other

The PDPA has territorial and extraterritorial applicability and applies to any organization that collects, uses and discloses personal data in Singapore. The term "organization" covers natural persons, corporate bodies (such as companies), and unincorporated bodies of persons (such as associations), regardless of whether they are formed or recognized under the law of Singapore or whether they are residents or have an office or place of business in Singapore.

However, note that in Re Singapore Technologies Engineering Limited [2020] SGPDPC 21, the PDPC expressed a view on the territorial scope of the PDPA. In that case, the PDPC found that the PDPA did not apply to certain entities located in the United States because these entities did not carry out any activities in relation to the collection, use or disclosure of the affected individual's personal data in Singapore. These entities only received personal data transferred from another entity located in Singapore and processed Singapore individuals' personal data in the United States for their own purposes.