Computing · JC 2

Active learning ideas

Data Privacy and the PDPA

Active learning helps students grasp the practical implications of data privacy laws by making abstract principles concrete. When students analyze real-world scenarios, draft policies, or role-play audits, they see how PDPA and GDPR shape decisions in apps, healthcare, and education. This approach builds critical analysis and problem-solving skills they will use beyond the classroom.

MOE Syllabus OutcomesMOE H2 Computing (Syllabus 9569), Integrated Topics - Data Privacy and ProtectionMOE H2 Computing (Syllabus 9569), Integrated Topics - Personal Data Protection Act (PDPA) Context
35–50 minPairs → Whole Class4 activities

Activity 01

Stations Rotation35 min · Small Groups

Comparison Chart: PDPA vs GDPR

Provide excerpts from PDPA and GDPR. In small groups, students create a table highlighting similarities and differences in principles like consent and data minimization. Groups present one key difference to the class, discussing implications for Singapore firms.

What are the core obligations of organisations under the PDPA?

Facilitation TipFor the Comparison Chart, provide a blank template with only the key principles listed, forcing students to identify differences and similarities without pre-filled answers.

What to look forPresent students with a scenario: 'A social media app collects user location data to offer local event suggestions.' Ask them to identify which PDPA/GDPR principles are most relevant and what explicit consent mechanisms should be in place. Collect responses for review.

RememberUnderstandApplyAnalyzeSelf-ManagementRelationship Skills
Generate Complete Lesson

Activity 02

Stations Rotation45 min · Small Groups

Data Breach Role-Play

Assign roles: data controller, user, regulator. Groups simulate a breach scenario under PDPA rules, deciding on notification steps and remedies. Debrief as a class on responsibilities met or missed.

How does big data analytics threaten individual privacy?

Facilitation TipDuring the Data Breach Role-Play, assign roles like auditor, startup owner, and data protection officer to ensure all students engage with the scenario’s complexities.

What to look forFacilitate a class debate: 'Should organizations be held liable for data breaches caused by employee negligence, even if security systems are robust?' Prompt students to reference specific articles from PDPA or GDPR in their arguments.

RememberUnderstandApplyAnalyzeSelf-ManagementRelationship Skills
Generate Complete Lesson

Activity 03

Stations Rotation50 min · Pairs

Privacy Policy Draft

Students work in pairs to design a privacy policy for a fictional social app. Include sections on data collection, user rights, and breach response, aligned with PDPA principles. Pairs peer-review drafts before finalizing.

What constitutes informed consent in digital data collection?

Facilitation TipFor the Privacy Policy Draft, give students a checklist of required sections so they focus on compliance, not formatting, and provide sample policies for reference.

What to look forStudents draft a section of a privacy policy for a new app (e.g., 'Data Collection and Usage'). They then exchange drafts with a partner and provide feedback based on a checklist derived from PDPA/GDPR requirements, focusing on clarity and compliance.

RememberUnderstandApplyAnalyzeSelf-ManagementRelationship Skills
Generate Complete Lesson

Activity 04

Stations Rotation40 min · Whole Class

Compliance Debate

Divide class into teams to debate: 'PDPA is sufficient for Singapore, or should we adopt GDPR fully?' Teams prepare arguments with evidence from both laws, then vote and reflect.

What are the core obligations of organisations under the PDPA?

Facilitation TipIn the Compliance Debate, assign students to argue specific PDPA or GDPR articles to push them beyond general opinions and into legal reasoning.

What to look forPresent students with a scenario: 'A social media app collects user location data to offer local event suggestions.' Ask them to identify which PDPA/GDPR principles are most relevant and what explicit consent mechanisms should be in place. Collect responses for review.

RememberUnderstandApplyAnalyzeSelf-ManagementRelationship Skills
Generate Complete Lesson

A few notes on teaching this unit

Experienced teachers know that students grasp legal frameworks best when they connect them to their own experiences with apps and services. Avoid lecturing on abstract articles—instead, use case studies and simulations to make the material relevant. Research suggests that collaborative problem-solving, like drafting policies or debating liability, deepens understanding because students must justify their reasoning with evidence from the laws.

Successful learning looks like students confidently comparing PDPA and GDPR principles, identifying compliance gaps in case studies, and articulating why privacy protections matter in everyday technology use. They should be able to explain consent requirements, data minimization, and accountability in clear, actionable terms.

Watch Out for These Misconceptions

  • During the Data Breach Role-Play, watch for students assuming that only large companies face audits under PDPA.

    Use the role-play to highlight that small businesses must also comply, providing examples of local SMEs audited for non-compliance. Ask students to justify their roles’ responsibilities based on PDPA’s scope.

  • During the Privacy Policy Draft activity, watch for students believing consent alone guarantees compliance.

    Have students cross-check their drafts against PDPA/GDPR checklists, focusing on data minimization and security. Point out gaps where consent is present but other principles are missing.

  • During the Data Breach Role-Play, watch for students assuming anonymized data needs no protection.

    Use the role-play to introduce re-identification risks by having students simulate de-anonymization with sample datasets. Debrief by asking how their findings change their views on data handling.

Methods used in this brief

More in Impact of Computing and Emerging Technologies

Ethics and Professional Conduct in IT

Evaluating ethical dilemmas in computing using established frameworks. Students will discuss intellectual property rights and software piracy.

8 methodologies

Artificial Intelligence and Society

Assessing the socio-economic impacts of Artificial Intelligence and automation. Students will debate the future of work and algorithmic bias.

8 methodologies