The Singapore government should protect the population’s right to privacy by “immediately firewalling” data collected from its COVID-19 contact tracing system TraceTogether “away from the police, prosecutors and other law enforcement personnel”, said Human Rights Watch.
Phil Robertson, the deputy Asia director of the human rights organisation, said in a statement on Tuesday (5 January) that the Singapore government also “owes its people an apology for making false assurances” regarding data privacy in relation to TraceTogether.
“Singapore’s betrayal of its solemn promises to limit use of TraceTogether information to public health matters exposes how the government has been covertly exploiting the pandemic to deepen its surveillance and control over the population, and undermine the right to privacy,” said Mr Robertson.
Simply adding a sentence long disclaimer on the TraceTogether website and claiming to be ‘transparent’, he added, “is far from sufficient to mitigate the loss of trust that many Singaporeans surely feel today”.
Mr Robertson’s statement came after it was revealed in Parliament on Monday that the Singapore police are empowered to obtain any data under the CPC, including data from TraceTogether.
Minister of State for Home Affairs Desmond Tan told Parliament yesterday in response to Holland-Bukit Timah GRC Member of Parliament (MP) Christopher de Souza’s question on whether data from TraceTogether will be used for criminal investigations and what legal provisions and safeguards are present in using such data.
Mr Tan noted that authorised police officers are allowed to access TraceTogether data for authorised purposes.
“The Government is the custodian of the TT [TraceTogether] data submitted by the individuals and stringent measures are put in place to safeguard this personal data,” said the Minister.
“Examples of these measures include only allowing authorised officers to access the data, using such data only for authorised purposes and storing the data on a secured data platform,” he added.
According to Mr Tan, public officers who disclose such data without authorisation or misuse the data may be fined up to S$5,000 or jailed up to two years or both.
Aljunied GRC MP Gerald Giam asked if the use of such data would violate the TraceTogether privacy statement, raising concern that this may reduce voluntary adoption of the TraceTogether token or app.
Mr Tan answered: “We do not preclude the use of TraceTogether data in circumstances where citizens’ safety and security is or has been affected, and this applies to all other data as well.”
“Authorised police officers may invoke then the Criminal Procedure Code … Powers to obtain this data for the purpose of a criminal investigation, and for the purpose of the safety and security of our citizens.
“Otherwise, TraceTogether data is indeed to be used only for contact tracing and for the purpose of fighting the COVID situation,” he added.
Law and Home Affairs Minister K Shanmugam in Parliament today said that while data from TraceTogether will be deleted at the end of police investigations if it is not of any particular use, such data “will have to be produced in court” when necessary.
He added that such data may also be used for trial purposes even if it is not produced in court.