S'pore Parliament to pass legislation to limit usage of data from digital contact tracing solutions in February

The Singapore Parliament is set to pass legislation next month to limit the usage of personal data obtained from digital contact tracing solutions TraceTogether and SafeEntry.This development followed Law and Home Affairs Minister K. Shanmugam and Minister-in-charge for Smart Nation Vivian Balakrishnan's assurances on Tuesday that data from TraceTogether will be used only in police investigations involving serious offences.Their remarks came a day after Minister of State for Home Affairs Desmond Tan revealed in Parliament -- in response to Holland-Bukit Timah MP Christopher de Souza's question -- that police are empowered by the Criminal Procedure Code (CPC) to access data from TraceTogether for criminal investigations.The upcoming introduction of the proposed law, according to the Smart Nation and Digital Government Office (SNDGO) in a statement on Friday evening (8 January), aims to "formalise" the said assurances and to specify that data in the digital contact tracing solutions "can only be used for the specific purpose of contact tracing".It is not, however, "in the public interest to completely deny the Police access to such data, when the safety of the public or the proper conduct of justice is at stake", said the Office.Thus, if a serious criminal offence has been committed, the police "must be able to use this data to bring the perpetrators to justice, seek redress for the victims, and protect society at large", said SNDGO on why an exception is made for criminal investigation of serious offences.There are seven categories of serious offences that will be covered under the proposed legislation, namely:

• Offences involving the use or possession of corrosive substances, offensive/ dangerous weapons, such as possession of firearms and armed robbery with the use offirearms;
• Terrorism-related offences under the Terrorism (Suppression of Bombings) Act, Terrorism (Suppression of Financing) Act, and Terrorism (Suppression of Misuse of Radioactive Material);
• Crimes against persons where the victim is seriously hurt or killed such as murder, culpable homicide not amounting to murder, voluntarily causing grievous hurt (where the victim’s injury is of a life-threatening nature);
• Drug trafficking offences that attract the death penalty;
• Escape from legal custody where there is reasonable belief that the subject will cause imminent harm to others;
• Kidnapping; and
• Sexual offences deemed to be serious or severe such as rape and sexual assault by penetration.

"The data cannot be used in the investigations, inquiries or court proceedings of any other offence besides these seven categories," SNDGO stressed.SNDGO said that the proposed law will be introduced in the next Parliament sitting in February on a Certificate of Urgency.The Office noted that Mr Shanmugam and Dr Balakrishnan held a public consultation on Friday with members of the press, the legal fraternity, technology experts, and academia on Friday to hear their views on the matter."The views gathered will inform the debate on the upcoming legislation,” said SNDGO.SNDGO's statement on the upcoming proposed law came after public outcry against the disclosure regarding how TraceTogether data could be used in police investigations and -- as stated by Mr Shanmugam in Parliament -- may even be produced in court or used at trial when relevant, contrary to previous assurances that the data will not be utilised beyond COVID-19 contact tracing.Dr Balakrishnan, alongside Education Minister Lawrence Wong who co-chairs the multi-ministry task force on COVID-19, said at a press conference on 8 June last year that data from both the TraceTogether app and token will not be used for anything other than for contact tracing.On 5 June, Dr Balakrishnan gave the same response to MP Murali Pillai in Parliament when the latter questioned the confidentiality of the data collected.The Minister reiterated — following a written response — that TraceTogether data is “stored only on your own phone in the first instance, and accessed by MOH only if the individual tests positive for COVID-19”.The data, said Dr Balakrishnan, “is only used for contact tracing”, adding that safeguards “including encryption” are present to protect the data “from malicious hackers”.Should close contact data be required for contact tracing, he said, “only a small group of authorised officers in MOH will have access to it” and “all the public sector data protection rules will also apply”.