Introducing AI interviews raises real questions about data obligations. What data does the platform collect? What are your responsibilities as an employer? How does this interact with PDPA? Here's a clear-headed look at the issues.
Yes. Under Singapore's Personal Data Protection Act 2012, personal data is broadly defined as "data, whether true or not, about an individual who can be identified from that data." A job candidate's name, contact details, CV content, voice recording, and video recording all qualify as personal data.
As an employer collecting candidate data during the hiring process, you have PDPA obligations — even if a third-party platform is conducting the data collection on your behalf. This makes your choice of interview platform a compliance decision, not just a procurement one.
The key question to ask any AI interview vendor: what data do you collect, where is it stored, how long is it retained, and who can access it?
You must obtain consent from candidates before collecting and using their personal data. This consent must be informed — candidates should know what data is collected, why, and how it's used.
Data collected for hiring purposes should only be used for hiring purposes. Using interview responses for other purposes without additional consent is a PDPA concern.
You must protect personal data from unauthorised access, disclosure, and loss. Platforms storing candidate video data must have appropriate security controls.
Personal data should not be retained longer than necessary. Video recordings of rejected candidates should be deleted within a reasonable timeframe.
Candidates have the right to request access to their personal data and to correct inaccuracies. You should be able to respond to such requests.
Most video interview platforms store recordings on their servers. These recordings are personal data. Each stored recording creates an ongoing obligation: protect it, retain it only as long as necessary, delete it when no longer needed, and be able to respond to access requests.
For a team running 50 interviews per month, that's 50 new personal data assets per month — requiring governance, access control, and eventual deletion.
The simplest compliance position: don't store videos in the first place.
HireCredible stores zero videos — PDPA-compliant by architecture, not by policy.
Try Free — No Credit CardWhen a candidate interviews on AI interview software Singapore employers use, HireCredible processes the video stream entirely within the candidate's browser. Native browser APIs handle the audio and video capture. The stream is analysed in real time and immediately discarded — it never travels to HireCredible's servers.
What is retained: the text transcript of the candidate's responses, and the scores generated from those responses. No video. No biometric data. No facial imagery.
This architecture means HireCredible has no video data to protect, lose, or misuse. It also means your PDPA obligations are significantly narrower than with platforms that store full recordings.
Before any interview begins, candidates see a clear explanation of what the interview involves, what data is processed, and how scores are used. They must actively confirm consent before proceeding. If they choose not to consent, they can exit — and you'll receive a notification that the candidate did not complete the interview.
This consent flow is built into the platform — you don't need to add a separate step or send a separate consent form. The consent record is maintained as part of the interview session.
Candidates are also informed that the interview is conducted on desktop or laptop — this requirement is part of the pre-interview communication, not a surprise at the start of the session.
Does PDPA apply to job candidate data?
Yes. Under Singapore's Personal Data Protection Act, candidate personal data — including interview recordings and responses — is subject to PDPA obligations including purpose limitation, consent, and data protection.
Is video interview data considered personal data under PDPA?
Yes. A video of a candidate is personal data. If your interview platform stores video recordings, you are responsible for protecting, limiting access to, and eventually deleting that data in line with PDPA requirements.
How does HireCredible handle PDPA compliance?
HireCredible's architecture stores zero videos. The video stream is processed in the candidate's browser — it never reaches HireCredible's servers. Only the text transcript and scores are retained, significantly reducing your PDPA data footprint.
Do candidates need to consent before an AI interview?
Yes, and HireCredible collects this consent automatically. Before the interview begins, candidates are shown what the interview involves, what data is processed, and how it's used. They must confirm consent before proceeding.
What are the PDPA obligations if I use a different video interview platform?
If your platform stores video recordings, you must have a data retention policy, restrict access appropriately, handle deletion requests from candidates, and ensure the platform has adequate data protection measures.
Zero video storage. Automatic consent collection. Try HireCredible free.
Start Free →