• About Us
    • Fact Checking Policy
    • Ownership & funding information
    • Volunteer
  • Subscribe
  • Letter submission
    • Submissions Policy
  • Contact Us
The Online Citizen Asia
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
The Online Citizen Asia
No Result
View All Result

Everything you need to know about privacy and data compliance on ASEAN contact-tracing apps

by The Online Citizen
26/05/2020
in ASEAN, Tech
Reading Time: 6 mins read
2

This research on the ASEAN region’s newly launched contact tracing apps – with regards to privacy and data compliance – was carried out by Straits Interactive CEO Kevin Shepherdson and legal consultant Lyn Boxall.

Introduction

As governments in ASEAN relax lockdown restrictions, COVID-19 contact-tracing smartphone apps are being introduced to help limit the spread of the coronavirus.

What they basically do is to allow users of these apps to ‘proactively help’ in contact tracing and to participate in the contact tracing process. Specifically, GPS/Bluetooth technology is used to track the locations of all individuals with whom the user of the app may have been in contact.

The users’ mobile phone exchanges ID-related information of their mobile phones via short-distance Bluetooth signals with other mobile phones with the same app.  If a user has been exposed to an infected person who has also downloaded the app, the contact history is then shared with the relevant government agency.

Many people are reluctant to download such apps for fear of constant government surveillance and they worry if such apps will spy on them by extracting all kinds of personal related information from their mobile phones. Since users will be running such apps in the background on their Android phones, can these smart apps be trusted?

Straits Interactive assembled a local team of IAPP (International Association of Privacy Professionals) certified privacy managers from the region to do a detailed privacy sweep of contact tracing smart apps from the governments of five ASEAN countries.

At the point of publication, the Philippines has yet to release a contact tracing mobile application.

Methodology of the privacy sweep

Straits Interactive decided to benchmark the contact tracing apps against the survey parameters used by the Global Privacy Enforcement Network (GPEN), which conducted a global privacy sweep of mobile apps back in 2014.
That sweep involved the participation of 25 privacy enforcement authorities around the world. It assessed the following:

  1. The types of permissions sought by a surveyed app.

  2. Whether those permissions exceeded what would be expected based on the app’s functionality.

  3. Most importantly, how the app explained to consumers why it wanted the personal data and what it planned to do with it.

To understand this, it is better to first take a look at ‘app permissions’ in general.

Understanding app permissions

A ‘permission’ in an app protects the privacy of the user of the app. Every app must include ‘app manifest’ that, among other things, lists the permissions that the app uses.
Every mobile phone has an operating system, most commonly the Android operating system (Google) or the iOS (Apple) operating system. The vast majority of mobile phones are ‘Android phones’ and they have two ‘permissions’ categories:

  1. Normal permissions: These permissions do not directly risk the user’s privacy, for example, permission to set the time zone is a normal permission. If an app lists a normal permission in its manifest, the system grants the permission automatically.
  2. Dangerous permissions: These permissions give the app access to the user’s personal data in their mobile phone, such as contacts and SMS messages, as well as certain system features, such as the camera. If a dangerous permission is requested, privacy laws do not allow the relevant personal data to be collected, used or disclosed unless the user gives explicit consent by ‘accepting’ the request for permission to do so. In addition, privacy laws generally restrict ‘dangerous permissions’ to personal data that the app may collect, use or disclose while the user is actually using it. They do not allow apps to collect, use or disclose personal data simply because the user downloaded the app.

By way of illustration, here is a list of dangerous permissions that might be sought by an app:

Users often blindly “agree” to or “allow” these permissions without first understanding their functions. Nor do they read the privacy policies of the respective applications.

The following table shows the various dangerous permissions being used in the five contact tracing smart apps that were reviewed:

Singapore’s TraceTogether and Vietnam’s Blue Zone use the least permissions to perform its contact tracing functions, while Thailand’s MorChana uses the most.

Straits Interactive looked at whether these dangerous permissions exceeded what would be expected based on the app’s functionality. It also looked at the explanation in the privacy statement about why these permissions are needed and what will be done with the relevant personal data.

Before considering those points, here is an explanation of various permissions and some comments about potential risks if they were to be abused:

The following tables summarise the findings of the research. The sweeper is the reviewer.

Singapore’s TraceTogether comes up tops in terms of privacy communications and overall marks.

The privacy statement and accompanying documents explain clearly and in simple English what the TraceTogether app does, what type of personal data is collected and how it may be used or disclosed. The review shows that the permissions the app seeks do not exceed its functionality and declared purposes.

While the TraceTogether app does not comply with all of the nine obligations under Singapore Personal Data Protection Act (PDPA) or all of the six processing principles under the GDPR, it is generally consistent with those obligations and principles.

The few areas where it falls short tend to reflect the nature of an app such as the TraceTogether app rather than an inadvertent or careless departure from an obligation or principle.

A research review of Singapore’s TraceTogether App can be found here.

For just US$7.50 a month, sign up as a subscriber on The Online Citizen Asia (and enjoy ads-free experience on our site) to support our mission to transform TOC into an alternative mainstream press.

Related Posts

AFP

India’s Modi hits back at opposition after Adani furore

08/02/2023
Pritam Singh’s speech on HDB affordability and accessibility
Politics

Pritam Singh’s speech on HDB affordability and accessibility

08/02/2023
Taiwan 34th Lantern Festival celebration signifies return to pre-pandemic normalcy
Arts & Culture

Taiwan 34th Lantern Festival celebration signifies return to pre-pandemic normalcy

08/02/2023
Six dead and eight injured in accident at Genting Highlands
Malaysia

Six dead and eight injured in accident at Genting Highlands

08/02/2023
Labour

Close to 70% of working Singaporeans above age of 65 earns less than S$2,500 a month

08/02/2023
Minister K Shanmugam appears to lack understanding of case where judge found bodycam footage debunked police officers’ sworn affidavits
Politics

Police investigations into conduct of WP’s Pritam Singh and Faisal Manap still ongoing: K Shanmugam

08/02/2023
Subscribe
Connect withD
Login
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
Connect withD
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Latest posts

India’s Modi hits back at opposition after Adani furore

08/02/2023
Pritam Singh’s speech on HDB affordability and accessibility

Pritam Singh’s speech on HDB affordability and accessibility

08/02/2023
Taiwan 34th Lantern Festival celebration signifies return to pre-pandemic normalcy

Taiwan 34th Lantern Festival celebration signifies return to pre-pandemic normalcy

08/02/2023
Six dead and eight injured in accident at Genting Highlands

Six dead and eight injured in accident at Genting Highlands

08/02/2023

Close to 70% of working Singaporeans above age of 65 earns less than S$2,500 a month

08/02/2023
Minister K Shanmugam appears to lack understanding of case where judge found bodycam footage debunked police officers’ sworn affidavits

Police investigations into conduct of WP’s Pritam Singh and Faisal Manap still ongoing: K Shanmugam

08/02/2023
Malaysia’s seven-time Asean Para Games champion seen selling tissues at Bukit Bintang

Malaysia’s seven-time Asean Para Games champion seen selling tissues at Bukit Bintang

08/02/2023
53-year-old Singaporean worker dies after glass doors topple on him, fourth workplace fatality in 2023

53-year-old Singaporean worker dies after glass doors topple on him, fourth workplace fatality in 2023

08/02/2023

Trending posts

Cognizant India transfers staff to work in Singapore as recently as this year

Local IT grads can’t find jobs while engineers constantly transferred from India to work in SG under CECA

by Correspondent
05/02/2023
113

...

No response from Josephine Teo on whether Mediacorp has been instructed to stop coverage of SMT circulation scandal

No response from Josephine Teo over alleged blackout of coverage by Mediacorp over SMT circulation scandal

by Terry Xu
06/02/2023
13

...

Adani’s brother runs SG company and registers as director with local ID

Adani’s brother runs SG company and registers as director with local ID

by Correspondent
03/02/2023
26

...

Japanese-Canadian junior high school girl breaks national record with 3km in 9:02 mins

“I want my normal life back,” Sherry Drury withdraws from National Junior High School Tournament due to overheated public attention

by Yee Loon
06/02/2023
4

...

They have done a fine job of confusing us about the jobs situation

They have done a fine job of confusing us about the jobs situation

by Augustine Low
01/02/2023
48

...

19-year-old delivery rider in China covers 5km in 22 minutes to deliver antivenom to woman who had bitten by snake

19-year-old delivery rider in China covers 5km in 22 minutes to deliver antivenom to woman who had bitten by snake

by Yee Loon
06/02/2023
5

...

May 2020
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Apr   Jun »

The Online Citizen is a regional online publication based in Taiwan and formerly Singapore’s longest-running independent online media platform.

Navigation

  • Editorial
  • Commentaries
  • Opinion
  • Politics
  • Community

Support

  • Contact Us
  • Letter submission
  • Membership subscription

Follow Us

  • Facebook
  • Twitter
  • YouTube
  • Instagram
  • Fact Checking Policy
  • Privacy Policy

© 2022 - 2023 The Online Citizen Asia

No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Comments
  • Current Affairs
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Civil Society
    • Arts & Culture
    • Consumer Watch
    • NGO
  • Politics
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
  • Lifestyle
    • Travel
  • Subscribers login

© 2022 - 2023 The Online Citizen Asia

wpDiscuz