Reply to Parliamentary Question on Implications of Consumer Data Monopoly by Firms
QUESTION NO 521
NOTICE PAPER 219 OF 2021
FOR WRITTEN ANSWER
Date: For Parliament Sitting on 1 February 2021
Name and Constituency of Member of Parliament
Mr Saktiandi Supaat, MP, Bishan-Toa Payoh GRC
To ask the Prime Minister (a) whether MAS has done any study to monitor the extent and implications of consumer data monopoly by firms; (b) how is the personal data of users of digital payments being protected when they use this payment mode; and (c) what has been the progress on the Central Digital Currency project and whether it will be an appropriate substitute for consumers who wish to preserve their privacy when paying digitally.
Answer by Mr Tharman Shanmugaratnam, Senior Minister and Minister in charge of MAS:
1. In the course of providing services to their customers, financial institutions (FIs) will use information from their transactions and details, in order to provide services that are more suited to the needs and wants of the customers.
2. For instance, we can obtain better financial advice if FIs have more comprehensive information of our financial positions and commitments. The recent introduction of the Singapore Financial Data Exchange (SGFinDex) in fact enables customers to consolidate their financial data across multiple FIs and share it with FIs of their choice.
3. Notwithstanding, entities with large amounts of customer data could potentially exploit it to restrict competition. The Competition and Consumer Commission of Singapore and Infocomm Media Development Authority have regulations in place that prevent such abuse of dominance, and protect consumers from anti-competitive business practices.
4. There are measures in place, such as the Personal Data Protection Act (PDPA), to ensure that the confidentiality of personal financial data is safeguarded. Under the PDPA, FIs must obtain the consent of their customers and inform them of the purposes for which they are collecting, using, or disclosing personal data. The PDPA was recently amended to criminalise the knowing or reckless unauthorised use or disclosure of personal data.
5. In addition, FIs, including payment service providers, must adhere to cyber hygiene requirements and meet standards on technology risk management, in order to protect personal data from unauthorised access, use, or disclosure. These include encryption for sensitive or confidential customer information, strong user authentication, and data loss prevention controls.
6. Protection of our personal data is also a personal responsibility. We should exercise utmost care when we share personal data online.
7. Finally, Mr Supaat asked about Central Bank Digital Currencies, or CBDCs, and whether they will help consumers preserve privacy. Project Ubin, an industry effort led by the Monetary Authority of Singapore (MAS), has successfully experimented with blockchain technology for wholesale inter-bank payments and settlements, using a digital Singapore Dollar. DBS Bank, J.P. Morgan and Temasek will be jointly developing a multi-currency payments network, based on the findings from Project Ubin.
8. Some central banks are exploring the issuance of retail CBDCs, for use by consumers. However, a highly anonymous CBDC, essentially digital cash, raises the risk that it could be used for illicit purposes such as money laundering and terrorism financing. Further, a retail CBDC effectively enables customers to hold money directly with the central bank, and could have significant implications for the funding of banks and their lending activities.
9. The case for a retail CBDC is being assessed more carefully, beyond the consumer privacy concerns, before any large scale issuance.
10. As one of the pioneers in experimenting with CBDCs, MAS is closely monitoring developments in digital currencies, and learning from the experiences of other central banks.