Restrictions on use of TraceTogether data are good but government needs to rebuild trust

As expected, the Singapore government’s use of TraceTogether data meant for contact tracing is now more tightly restricted with the passing of a Bill in Parliament yesterday.

With the change in the law, the police can now only use it to investigate seven categories of serious crimes. These include murder, terrorism and rape.

Coming after a public outcry in recent weeks, the development is a good sign that the government has decided to take citizens’ concerns seriously and spell out the usage of the data in clear terms.

Minister-in-charge of the Smart Nation programme, Dr Vivian Balakrishnan, who had earlier said the data would only be used for public health purposes, said he deeply regretted the consternation and anxiety caused by his mistake.

Speaking in Parliament yesterday, he said he took “full responsibility” for the government’s error in not stating that the TraceTogether data could be used for criminal investigations, reported The Straits Times.

But while he is rightly admitting his error, what does the episode show about the government’s general attitudes towards the protection of citizens’ data?

It is rather worrying that the police had asked for the contact tracing data of a murder victim back in May, and did not deem it necessary to notify Dr Balakrishnan, who said yesterday that he only found a potential issue in October.

Certainly, the police was within its rights to ask for the data, given the broad leeway that the Criminal Procedure Code (CPC) gave them before yesterday’s changes to the law, but you wonder if there could have been better coordination.

Or if they cared that the good minister would go on in June to tell people the data would only be used to fight the pandemic. It certainly looks bad that it had to take a parliamentary question, months later, for all this to be revealed.

Public trust is what’s needed in this fight against the coronavirus. And this delay in informing citizens of how their data is being used is a sure way to lose that trust.

Yesterday, Leader of the Opposition, Pritam Singh, recounted instances of some users switching on the TraceTogether app to check-in to a place, then switching it off after they enter. That can’t be good.

The government has to find a way to urgently regain the trust needed to bolster defences against the coronavirus, then later, to ensure this smart nation endeavour gets the full participation of citizens.

It’s true that everyone’s perception of privacy is different. In Parliament yesterday, MPs had different takes on how TraceTogether data should be used by the police.

The opposition Workers Party said it supported the Bill because the changes restricted the use of the contact tracing data to investigations of serious offences, but it preferred that the data not be used at all for police investigations.

Another opposition party, Progress Singapore Party, opposed the Bill, pointing to the already broad powers that the CPC already gives the police to access documents, computers and decryption data for investigations.

Others wanted the data to be used in more types of investigations. People’s Action Party MP, Sharael Taha, asked if crimes or offences against children under the age 14 or vulnerable persons could be included as serious crimes, reported CNA.

Considering the differences, the best way forward is to regularly recalibrate data protection policies to meet citizens’ expectations. The hours-long debate in Parliament yesterday is one example of how things can and must change with the times.

One good suggestion yesterday came from Nadia Ahmad Samdin, a PAP MP, who asked for a disclosure report on how personal contact data has been used. That brings much-needed transparency.

The government can do more, of course. It can help set up an independent ombudsman’s office to regularly look into data protection in the public sector.

This office will represent citizens by recommending better practices and suggesting legislative amendments to better safeguard private data. It will be proactive as well, pointing out errors like this TraceTogether issue early.

As Dr Balakrishnan revealed yesterday, it was a member of the public who first asked him about a potential issue back in October last year. Citizens have to play a bigger role in their own data protection.