Statute Details
- Title: Personal Data Protection (Statutory Bodies) Notification 2013
- Act Code: PDPA2012-S149-2013
- Type: Subsidiary Legislation (SL)
- Authorising Act: Personal Data Protection Act 2012 (Act 26 of 2012)
- Enacting Authority: Minister for Communications and Information
- Commencement: 20 March 2013
- Key Provisions (from extract):
- Section 1: Citation and commencement
- Section 2: Designates statutory bodies in the Schedule as “public agencies” for purposes of the PDPA
- Schedule: Lists the statutory bodies that are treated as “public agencies” under the PDPA
- Current Version Note: Current version as at 27 Mar 2026 (with amendments listed in the legislation timeline)
What Is This Legislation About?
The Personal Data Protection (Statutory Bodies) Notification 2013 is a Singapore subsidiary instrument made under the Personal Data Protection Act 2012 (“PDPA”). Its core function is administrative and definitional: it identifies which “statutory bodies” are to be treated as “public agencies” for the purposes of the PDPA.
In practical terms, the PDPA regulates how organisations collect, use, and disclose personal data, and it imposes obligations and compliance requirements that vary depending on the type of organisation. The PDPA distinguishes between different categories of entities, including “public agencies”. This Notification ensures that certain statutory bodies fall within that “public agency” category, thereby aligning their PDPA treatment with the legal framework applicable to public sector bodies.
The Notification does not itself create a full set of data protection rules. Instead, it operates as a gateway instrument: by designating specific statutory bodies as “public agencies”, it determines which statutory bodies benefit from (or are subject to) the PDPA regime applicable to public agencies, including how exemptions and obligations are applied under the PDPA.
What Are the Key Provisions?
Section 1 (Citation and commencement) provides the formal identification of the instrument and states when it comes into operation. The Notification may be cited as the Personal Data Protection (Statutory Bodies) Notification 2013 and it commenced on 20 March 2013. For practitioners, commencement matters because it affects when the designation took effect and therefore when the PDPA’s “public agency” treatment became applicable to the statutory bodies listed in the Schedule.
Section 2 (Statutory bodies specified to be public agencies) is the substantive provision. It states that “the statutory bodies specified in the Schedule shall be public agencies for the purposes of the Act.” This is the legal mechanism by which the PDPA’s category-based approach is implemented. The Schedule is therefore central: it is the authoritative list of which statutory bodies are captured by the Notification.
Although the extract provided does not reproduce the Schedule contents, the legal effect is clear. Once a statutory body appears in the Schedule, it is treated as a “public agency” under the PDPA. This designation can influence how the PDPA applies to that body in several ways, including the availability of certain exemptions and the operational compliance expectations that flow from the PDPA’s public agency framework.
The Schedule (designation list) is the practical compliance reference point. For lawyers advising statutory bodies, the Schedule determines whether the entity is within the “public agency” category. Because the Notification has been amended multiple times over the years (as reflected in the timeline, including amendments in 2015, 2016, 2018, 2019, and 2025), the Schedule may be updated to add or remove entities, or to reflect structural changes in the public sector. Practitioners should therefore verify the current Schedule contents as at the relevant date for any compliance assessment.
Amendment history and version control are particularly important. The legislation timeline indicates that the Notification has been amended by various subsidiary instruments (for example, S 256/2016, S 464/2016, S 188/2018, S 402/2019, S 739/2019, and S 217/2025). While the extract does not specify the exact changes, amendments typically adjust the Schedule list. For legal work—such as due diligence, regulatory mapping, or drafting internal policies—using the correct version is essential to avoid misclassification.
How Is This Legislation Structured?
The Notification is structured in a compact, two-section format supported by a Schedule.
Section 1 deals with citation and commencement. Section 2 provides the operative designation rule. The Schedule then enumerates the statutory bodies that are treated as “public agencies” for PDPA purposes.
From a practitioner’s perspective, the structure is straightforward but the legal consequences are significant. The Schedule is effectively the “substantive list” and should be treated as such in compliance checklists and legal opinions. The Notification’s amendments over time further mean that the Schedule is not static; it must be monitored and cross-checked against the entity’s current status.
Who Does This Legislation Apply To?
This Notification applies to statutory bodies that are specified in its Schedule. It is not directed at private organisations. Instead, it determines how certain public sector entities are categorised under the PDPA.
For lawyers advising a particular statutory body, the key question is whether that body is listed in the Schedule in the current version. If it is, then the statutory body is a “public agency” for PDPA purposes. If it is not, the entity may fall under a different PDPA category (for example, as an “organisation” not treated as a public agency), which can change the compliance obligations and the way exemptions are applied.
Because the Notification is made under section 2(2) of the PDPA, it should be read together with the PDPA’s definitions and the PDPA’s overall compliance framework. The Notification does not replace the PDPA; it supplements it by specifying which entities are to be treated as public agencies.
Why Is This Legislation Important?
Although the Notification is brief, it is legally important because it affects the classification of public sector entities under the PDPA. Classification is often the first step in determining the correct regulatory pathway: what obligations apply, what exemptions may be available, and what compliance processes are required.
For practitioners, the Notification is a critical tool in regulatory mapping. Data protection compliance is rarely “one size fits all”. The PDPA’s regime can vary depending on whether an entity is a public agency. Misclassification can lead to incorrect policy design, flawed contractual clauses, or inadequate internal controls—issues that can become material in audits, investigations, or litigation.
In addition, the Notification’s amendment history underscores that the legal landscape for public agencies can evolve. Structural changes in government, creation or reorganisation of statutory bodies, and policy updates may result in amendments to the Schedule. Lawyers should therefore treat the Notification as a living compliance reference, not a one-time check.
From an enforcement and risk perspective, the designation affects how a statutory body should interpret its PDPA obligations. Even where the PDPA’s core principles (such as accountability and appropriate handling of personal data) apply broadly, the operational details—especially those tied to public agency status—can differ. Accordingly, this Notification is a foundational document for any legal advice on PDPA compliance for statutory bodies.
Related Legislation
- Personal Data Protection Act 2012 (Act 26 of 2012) — the authorising Act and the primary statute governing personal data protection in Singapore.
- Personal Data Protection (Statutory Bodies) Notification 2013 — as amended by subsequent subsidiary instruments listed in the legislation timeline (e.g., S 256/2016, S 464/2016, S 188/2018, S 402/2019, S 739/2019, S 217/2025).
Source Documents
This article provides an overview of the Personal Data Protection (Statutory Bodies) Notification 2013 for legal research and educational purposes. It does not constitute legal advice. Readers should consult the official text for authoritative provisions.