Retail Computer Vision and PDPA in Singapore: What's Allowed
The "PDPA-compliant" label is not a yes-or-no answer
A Singapore retailer is told their new CCTV analytics system is "PDPA-compliant." The same camera, doing footfall counting, carries a far lower compliance burden. The same camera, doing facial recognition of returning customers, carries a much higher one. The difference is not in the camera. It is in what the analytics extract and how the data is handled.
This is the part most vendor pitch decks skip. Retailers end up with either a system they cannot legally use the way they were sold on, or a panic two months in when their DPO asks for the data-processing documentation. The fix is straightforward, but it has to be designed in from day one.
What does PDPA actually require for retail CCTV analytics?
Singapore's Personal Data Protection Act 2012 governs the collection, use, and disclosure of personal data by organisations. CCTV footage is personal data once it can identify an individual, which means any retail video system that captures customer faces or movements is in scope from the moment the camera is switched on. Source: Personal Data Protection Commission Singapore (retrieved 2026-06-22).
For retail CV, four PDPA obligations carry most of the weight:
- Notification. You must inform individuals about what you are collecting and why, in a clear and prominent way. For in-store CCTV, this is signage at the entrance and any zone covered.
- Consent (including deemed consent). Where a reasonable person would consent given the purpose, the act of entering a clearly signed space can constitute deemed consent for security and operational analytics. Identity-based features need stronger, often express consent.
- Purpose limitation. Data captured for one purpose (e.g. footfall counting) cannot be quietly repurposed for another (e.g. building a marketing profile) without fresh notification and consent.
- Reasonableness. The system, the data collected, and the retention period must all be what a reasonable person would consider appropriate for the stated purpose.
The PDPC publishes Advisory Guidelines (retrieved 2026-06-22) that cover specific sectors and use cases. If your deployment touches anything in the higher-risk column below, read the relevant advisory before the camera goes live.
Which retail CV use cases are usually safe under PDPA?
These work on aggregated, non-identifying signals. The footage either is not stored, or what is stored cannot be used to single out an individual. The PDPA obligations remain (notification, reasonableness), but the compliance burden is far lower than for identity-based use cases.
| Use case | Why it is usually safer |
|---|---|
| Footfall counting | Counts people crossing a line. No identity attached. |
| Aisle heatmaps | Aggregated foot-traffic density. No tracking of individuals across visits. |
| Queue analytics | Number of people in a zone over time. Operational metric, not personal data. |
| Dwell time at fixtures | Average time at a location. No link back to a specific person. |
| Shelf stock detection | Looks at shelves, not at people. Triggers staff alerts when stock drops. |
| Anonymous demographics (broad age band only) | A statistical signal, not a personal record, if no individual is singled out or stored. |
The common design principle: process the video on the edge or in real time, extract the metric, discard the frame. The store ends up with numbers, not a video archive of customers.
For more on what these use cases actually deliver in a Singapore store, see What Your Store's CCTV Hides.
Which retail CV use cases need a stricter compliance basis?
These collect or derive data that can identify a specific person. They are not banned. They require a much more deliberate consent, retention, and access posture, plus typically a Data Protection Impact Assessment.
| Use case | What makes it higher risk |
|---|---|
| Facial recognition (identification or 1:1 match) | Faces are biometric personal data. Express consent and a clear lawful basis are typically required. |
| Customer re-identification across visits | Linking a visit today to a visit last week, even without a name, can still identify an individual. |
| Demographic profiling tied to individuals | Aggregated demographics are fine. Tagging a specific shopper with attributes is not. |
| In-store tracking by appearance | Following one person from entry to exit creates a personal data trail. |
| Watchlists built from faces | Storing face vectors for shoplifter detection raises both PDPA and broader fairness concerns. |
If a system needs any of these to deliver value, the question is no longer "is it PDPA-compliant?" but "have we documented the purpose, the consent basis, the retention period, the access controls, and the DPO sign-off?" Most retailers find that the first three use cases in the previous table cover the operational value they actually wanted, without crossing into this column.
What does PDPA-aligned deployment actually look like in practice?
A working PDPA-aligned retail CV deployment, end to end, looks like this:
- Signage at every covered entrance and zone. State that video analytics are in operation and the purpose (security, queue management, store operations). Keep it readable from at least two metres away.
- Anonymisation by design. The system extracts counts, heatmaps, and dwell times, not faces or identities. No frame is retained longer than is needed to compute the metric.
- Retention limits. Set a clear maximum retention period for any video that is held (security footage, exception alerts) and enforce it automatically. Retention should be the shortest window that still serves the stated purpose, documented and applied consistently across stores.
- Access controls. Only named individuals can view the system, with logging of who accessed what and when. The DPO sees the access log.
- Vendor data-processing terms. If a third party operates the analytics, the data-processing agreement spells out roles (controller vs processor), the data flows, and the breach-notification timelines. PDPC's advisory guidelines (retrieved 2026-06-22) cover the typical terms.
- Internal accountability. A named DPO, a documented purpose for each metric, and a yearly review. This is the part regulators typically look at first if an issue arises.
None of this is heroic. It is mostly about deciding the answers up front and writing them down, instead of figuring them out on the day a customer asks.
How we deploy retail CV under PDPA for our clients
The jinq Retail Vision SaaS deployment is anonymised by design. It runs on existing CCTV, extracts the operational metrics (footfall, heatmaps, queues, dwell time, conversion), and does not retain identifying footage. No facial recognition, no customer re-identification, no watchlists.
In a two-week pilot we set up signage, calibrate the counting and heatmap zones for your floor layout, agree the retention policy with your DPO, and hand over a web dashboard with weekly automated reports. You see what the data does for one store before deciding whether to roll it out.
Pilot programme
If you want to see what compliant retail CV looks like on your actual floor, we run a two-week pilot for one store at no commitment. You walk out with the data, the signage, and the documentation. If the pilot shows nothing actionable, you owe us nothing.