Statute Details
- Title: Personal Data Protection (Prescribed Law Enforcement Agency) Notification 2020
- Act Code: PDPA2012-S272-2020
- Legislation Type: Subsidiary legislation (SL)
- Authorising Act: Personal Data Protection Act 2012 (PDPA 2012)
- Citation: S 272/2020
- Commencement: 15 April 2020
- Current Version Status: Current version as at 27 Mar 2026
- Key Provision(s): Section 2 (Prescribed law enforcement agency)
- Prescribed Body: Corrupt Practices Investigation Bureau (CPIB)
- Amendment: Amended by S 83/2021 with effect from 05/02/2021
What Is This Legislation About?
The Personal Data Protection (Prescribed Law Enforcement Agency) Notification 2020 is a short Singapore subsidiary instrument made under the Personal Data Protection Act 2012 (“PDPA”). Its practical purpose is to designate a specific government body as a “prescribed law enforcement agency” for certain PDPA provisions.
In plain terms, the PDPA generally regulates how organisations collect, use, and disclose personal data, and it sets out safeguards and conditions for disclosure. However, the PDPA also recognises that law enforcement agencies may need access to personal data in connection with investigations and enforcement. To calibrate this balance, the PDPA uses the concept of a “prescribed law enforcement agency” and then attaches special legal consequences to that designation.
This Notification therefore matters less as a standalone compliance instrument and more as a “triggering” document: it determines whether a particular agency (here, the CPIB) can rely on PDPA pathways that are available only to prescribed law enforcement agencies under specified sections and the Second Schedule of the PDPA.
What Are the Key Provisions?
1. Citation and commencement (Section 1)
Section 1 provides the formal citation and commencement date. The Notification is cited as the “Personal Data Protection (Prescribed Law Enforcement Agency) Notification 2020” and comes into operation on 15 April 2020. For practitioners, this is important when assessing whether a disclosure or request made on or after the commencement date can properly rely on the prescribed status conferred by the Notification.
2. Prescribed law enforcement agency designation (Section 2)
Section 2 is the substantive provision. It states that, for the purposes of sections 21(4) and 26D(6) of the PDPA, and the Second Schedule to the Act, the Corrupt Practices Investigation Bureau is a prescribed law enforcement agency.
This designation is not merely symbolic. The PDPA’s structure uses “prescribed law enforcement agency” status to determine when certain PDPA requirements may be satisfied (or modified) in the context of disclosure to law enforcement. Although the Notification itself does not reproduce the underlying PDPA text, the cross-references are legally significant: they mean that the CPIB can invoke the PDPA mechanisms that are reserved for prescribed agencies under those specific provisions and schedule.
3. Cross-referenced PDPA provisions: why the references matter
The Notification expressly limits its effect to the PDPA provisions named in Section 2. In practice, this means that the CPIB’s prescribed status is relevant only for the PDPA contexts covered by section 21(4), section 26D(6), and the Second Schedule. For counsel advising organisations, the key question becomes: Which PDPA compliance obligations or exceptions are engaged by those provisions? The Notification answers that question by identifying the CPIB as the relevant prescribed agency for those specific PDPA pathways.
4. Amendment history (S 83/2021)
The Notification indicates that it was amended by S 83/2021 with effect from 05/02/2021. While the extract provided does not show the exact textual change, the presence of an amendment underscores an important practitioner point: the legal effect of the Notification should be assessed using the current version (as at 27 Mar 2026) and the relevant effective date for any conduct. Where disclosures or requests occurred between 15 April 2020 and 05 February 2021, counsel should verify whether the amendment altered the scope, wording, or cross-references in a way that affects reliance on the prescribed status.
How Is This Legislation Structured?
This Notification is extremely concise and is structured around a two-part format:
(a) Section 1 (Citation and commencement): sets out the name of the instrument and the date it came into operation.
(b) Section 2 (Prescribed law enforcement agency): designates the Corrupt Practices Investigation Bureau as the prescribed law enforcement agency for the specified PDPA provisions and the Second Schedule.
There are no additional parts, schedules, or operational procedures within the Notification itself. Instead, it functions as a legal “designation” instrument that plugs into the PDPA’s broader compliance framework.
Who Does This Legislation Apply To?
The Notification applies to the extent that it affects how the PDPA operates in relation to the CPIB. While the Notification is formally addressed to the legal system (i.e., it is made by the Prime Minister under the PDPA’s enabling definition), its practical impact is felt by:
(1) Organisations that hold personal data and may receive requests from the CPIB; and (2) the CPIB, which may rely on the PDPA’s prescribed-agency pathways when seeking access to personal data for law enforcement purposes.
For organisations, the key compliance implication is that the CPIB’s prescribed status may affect how certain PDPA obligations are satisfied in the context of disclosure. However, it does not automatically mean that all PDPA requirements are waived. Rather, it means that the PDPA provisions that are specifically triggered by “prescribed law enforcement agency” status can be engaged. Accordingly, organisations should still assess the specific PDPA provision relied upon, the nature of the request, and whether the request falls within the scope of the PDPA mechanisms referenced in Section 2.
Why Is This Legislation Important?
Although the Notification is brief, it is legally important because it determines whether the CPIB can be treated as a “prescribed law enforcement agency” under the PDPA. That designation can materially affect the compliance analysis for disclosures of personal data to law enforcement bodies.
From a practitioner’s perspective, the Notification is best understood as part of a compliance “ecosystem.” The PDPA is designed to protect personal data while still enabling legitimate investigations. By prescribing specific agencies, the PDPA creates a controlled framework for when personal data may be disclosed to law enforcement without the same level of consent-based processing that would otherwise be required. This reduces uncertainty for both regulators and organisations, while still anchoring disclosures to defined statutory pathways.
In day-to-day practice, counsel advising an organisation should treat this Notification as a reference point when:
- responding to CPIB requests for personal data;
- reviewing internal policies on law enforcement disclosure and data access;
- assessing whether a disclosure can be justified under the PDPA provisions cross-referenced in the Notification;
- training staff on escalation and documentation requirements when law enforcement requests are received; and
- conducting post-incident reviews or audits of disclosures made to government agencies.
Finally, the amendment effective date (05/02/2021) reinforces that practitioners should always check the version history and effective dates. PDPA compliance is often judged against the legal position at the time of the relevant disclosure or request. Using the current version is necessary for ongoing compliance, but historical conduct may require a time-specific analysis.
Related Legislation
- Personal Data Protection Act 2012 (PDPA 2012) — in particular, sections 21(4), section 26D(6), and the Second Schedule (as referenced by this Notification)
- Personal Data Protection (Prescribed Law Enforcement Agency) Notification 2020 — amended by S 83/2021 (effective 05/02/2021)
Source Documents
This article provides an overview of the Personal Data Protection (Prescribed Law Enforcement Agency) Notification 2020 for legal research and educational purposes. It does not constitute legal advice. Readers should consult the official text for authoritative provisions.