Singapore Eyes Mandatory AI Data Training Notifications
- tech360.tv

- 3 days ago
- 4 min read
Singapore's Personal Data Protection Commission (PDPC) has proposed new guidelines requiring organisations to notify users when their personal data is used to train generative artificial intelligence models. This initiative aims to replace broad privacy notices with more specific communication regarding AI data usage. The proposed rules come amid growing concerns about how consumer information is being processed by increasingly sophisticated AI systems.

Organisations that employ personal data for the training of generative AI models will be obligated to provide clear notifications to affected individuals. The PDPC stated this measure is a necessary safeguard against the potential misuse of consumer data. The organisation is particularly concerned about the training of AI models for unforeseen services, such as financial profiling, where sensitive personal data could be exploited.
The proposed advisory guidelines suggest that companies should issue AI-specific notifications. These would be more detailed than existing broad privacy notices that might only state that personal data could be used for "new product development." The aim is to inform individuals directly about how their data is being employed in the AI development process.
Businesses, spanning sectors such as finance, insurance, retail, and social media, are increasingly incorporating their own generative AI models. These tools are deployed to refine services and enhance product offerings. The PDPC noted that individuals may have valid concerns about their personal data, especially sensitive information, being exposed, reconstructed, or disclosed to third parties via these AI models. A public consultation on these proposed guidelines concluded on July 1.
Personal data in this context can encompass a range of information, including names, e-mail addresses, voice and video recordings, transaction histories, and location data. A clear, AI-specific notification could take the form of an in-product pop-up message or a dedicated webpage. These notifications are expected to detail the functions of the generative AI model and the specific types of personal data it processes.
If a business is developing a text-to-speech feature, for example, it would need to inform users that their voice recordings will be utilised to train the AI model. The notification should also explain how these recordings help the model recognise speech patterns.
The AI-specific notifications must also provide clear instructions for users to opt out of, or withdraw their consent for, the use of their personal data in AI training. For instance, a social media platform developing an AI model that generates text and images could update its privacy policy. Such an update might read: "When you interact with our AI-enabled features, the text, images, and audio that you submit may be used for product improvement purposes, including the training and running of our AI models. This will enable our AI-enabled features to generate more realistic images and speech patterns." The platform might also offer further details on a dedicated webpage, through an in-platform privacy update requiring user acknowledgment, or via an email containing an opt-out link.
The PDPC has not yet clarified whether users must explicitly consent to AI training or if an opt-out mechanism will suffice. Additionally, it remains unclear if mandatory AI-specific notifications will apply when personal data is anonymised before being used for AI training. The guidelines also do not specify whether organisations, including banks, insurers, and social media companies, will be permitted to deny services to consumers who choose not to have their data used for AI training.
These proposed guidelines represent a significant priority for Denise Wong, who assumed the role of the PDPC's fifth commissioner in April 2026. The commission was established in January 2013 to oversee Singapore's data protection legislation, investigate complaints and data breaches, and educate organisations and individuals on their respective rights and obligations.
In a recent interview with The Straits Times, Wong highlighted the necessity of adapting Singapore's data protection framework to the era of generative AI. This is particularly relevant given the increasing use of AI-enabled devices that collect biometric data. Examples include smart glasses, smartwatches, and payment systems that utilise palm-scanning technology. These devices can gather facial features, fingerprints, voice recordings, and palm vein patterns, introducing new privacy risks for users.
AI-enabled smart glasses, such as those manufactured by Ray-Ban Meta and Oakley Meta, have raised public concerns. Individuals may be unaware if they are being recorded. Reports have emerged of women being secretly filmed using such glasses, with the footage later posted online with personal details, leading to harassment. The technology also raises fears of high-tech cheating in educational settings, as students could potentially record exams discreetly. In South Korea, two individuals were apprehended using AI-powered smart glasses to cheat in English language proficiency tests in May 2026, prompting a ban on these devices in examination halls.
The PDPC is currently assessing whether to provide specific advice on what constitutes meaningful consent for the use of these AI-enabled devices. Wong indicated that the commission is considering whether to offer more explicit guidance on acceptable and unacceptable situations for using such devices.
Organisations in Singapore must now notify users if their personal data is used to train generative AI models.
The PDPC proposes AI-specific notifications, moving away from broad privacy notices.
These notifications should detail the AI model's purpose, data usage, and provide opt-out options.
Concerns have also been raised regarding privacy risks associated with AI-enabled devices.
Source: The Straits Times


