Citizens are wary of giving up personal data during Covid-19. It’s a good thing

When Razer head honcho Tan Min-Liang said last week that his gaming gear company was giving away five million free masks to Singapore residents, you’d have expected a universally positive response.

After all, the Singapore government only gave out four masks to each household before handing out reusable ones during the past few months of this ongoing pandemic.

Here was Tan, a Singaporean, doing Singapore a favour, by dispensing these locally made masks at designated vending machines.

In Taiwan, when businesses sprung up to build their own mask-making machines, they were widely praised. So, why have Singaporeans reacted to Razer with some suspicion? Well, it has to do with data.

Why, for example, should people have to register with Razer and download a Razer e-wallet app to get the masks?

Could it not have simply donated the masks like some other technology companies did, without asking users to send in their details?

So, I asked the Razer folks why they had to collect the information. Company spokesperson, Vanessa Li, told me the app was for a “know-your-customer” or KYC process aimed at preventing fraud.

What information is given to Razer? She said a user has to provide his name, IC number, address and mobile phone number. That’s quite a bit, though you don’t need to key in your credit card details unless you want to use the e-wallet.

The Razer spokesperson also clarified that the data would not be used for future marketing purposes and users can opt out of communications from Razer. Plus, they can delete the account after collecting the masks.

Sounds reasonable? Possibly. Sounds trustworthy? To be sure, Razer isn’t a fly-by-night company or one tainted with misuse of user data.

There’s also the option of not collecting the Razer masks, of course. If you don’t think the masks are worth giving up your data, then you can buy your own masks or use the ones given by the government.

More importantly, what people should be asking is what types of data will be collected and how it will be handled and used, so that they can evaluate their choices.

This, after all, is a scenario they will be facing more often in future. As the pandemic has forced governments around the world to contact-trace potential coronavirus patients, so have worries risen of the potential misuse of the data collected.

This is a delicate balancing act that governments and businesses have to perform in the months ahead. It is not an easy task.

Consider GovTech’s contact tracing app in Singapore. When TraceTogether was first out in March, it was lauded as a smart use of technology to fight the virus.

Since then, there have been complaints about it taking up battery life on phones. Takeup has been spotty – just one million people or 20 per cent of the population – have the app installed.

Either for fear of giving information to the government or due to a lack of awareness, citizens haven’t appreciated the app as much as they have followed instructions to stay at home. There are not enough volunteers using it to make it effective.

Elsewhere, from Australia to South Korea, there have also been mixed reactions to such contact-tracing apps.

Despite the importance of giving up some liberties to get a semblance of normal life back earlier, it is understandable that many people are ill at ease with the idea of giving up intimate data of themselves.

In the past few years, numerous reports of not just data breaches but mishandling of personal data from companies that many had trusted – such as Facebook – have made people wary of privacy issues.

Ironically, the spotlight shone on these Internet behemoths has led to more transparency on how your data is being used and handled.

Facebook, for example, now lets you stop some companies from tracking you and sending you ads. You can also stop Facebook from tracking the sites you surf to.

Google, another company that millions of users have entrusted their e-mails and contact information to, also has comprehensive privacy settings.

Start by turning off your YouTube or location history, for example. Or download a copy of your data that you’ve created with your account.

See exactly what Google has on you – I’m male, 45 to 54 years old, likes adventure games and sports news, according to the dozens of “preferences” that Google has gleaned from my online habits. You can turn off some of these tags.

The idea here is user control. Yes, today, this is still complicated, with many layers of settings to go through, but just like laws can be complex sounding to the layman, they ultimately aim to build trust.

As the pandemic runs its course, different countries may favour different systems. In China, if you don’t have a “green” health status tied to your ID, you may be rejected by taxi drivers.

It’s almost like an extension of the country’s dreaded “social credit” score, which is right out of an Orwellian sci-fi horror movie.

Singapore has nowhere near the same type of surveillance, despite the increasing numbers of checkpoints where you are asked to sign in, either through scanning a QR code or by scanning your ID card. This is on top of the contact tracing app that has been rolled out.

What nobody has asked is how this massive amount of data will be handled when the pandemic eventually goes away. Rightly, there are more urgent things to worry about now.

However, that doesn’t diminish the great opportunity before the Singapore government. It can win the trust of citizens by giving them more control over their data.

They should be able to see which government agency has accessed their personal data of late, just like how you can ask the credit bureau which banks have asked for your creditworthiness.

You should be able to allow some agencies to view the data, but not others. After all, convenience is something that you should be able to choose.

You should be able to delete the data collected, say, during this coronavirus when the pandemic is over eventually. Well, at least have that data anonymised if it is needed in future to study how diseases spread.

This calls for a huge effort on the government’s part, but eventually, with control in their hands, citizens will be more likely to buy into initiatives to share their personal data more readily.

This pandemic has caused many businesses to rethink how they do things, to transform their operations. The approach to data privacy should be no different.

Sure, the government could just mandate that everyone download a contact-tracing app but it knows that it would soon have new problems on hand.

How would people who don’t have smartphones use the app? Who would teach them?

Lest we forget, being a smart nation means not leaving behind those who are not tech-savvy, many of whom are seniors also particularly vulnerable to the coronavirus.

Far more effective, instead, to let the community come together voluntarily and get a ground-up effort going. Have youngsters help their parents or grandparents, for example.

To get there, the government has to acknowledge that it’s not enough to just say “trust us”. Winning that trust is just as important.