Government officials have revealed that data collected from TraceTogether can be accessed by the Singapore Police Force (SPF) under the Criminal Procedure Code (CPC), in spite of initial claims that the data collected would only be used for contact tracing purposes to prevent the spread of COVID-19.
Minister of State for Home Affairs Desmond Tan told parliament on 4 January that the data collected can be used “for the purpose of criminal investigation”, but added that “otherwise, TraceTogether data is to be used only for contact tracing and for the purpose of fighting the COVID situation”.
Around 80% of Singapore’s residents are currently using the TraceTogether programme, which was a prerequisite for the government to ease restrictions and allow the country to enter Phase 3. The voluntary take up increased after it was announced it would soon be needed to access anything from the supermarket to one’s workplace.
In response to the public’s outcry, Minister for Foreign Affairs, Vivian Balakrishnan clarified that it was not just just TraceTogether data that was used in cases of serious criminal investigations. In such cases, “other sensitive forms of data like phone and or banking records” would also be accessed by the police.
He also stressed that “once the pandemic is over and there will no longer be a need for contact tracing, [the Government] will happily stand down the TraceTogether programme.”
“Government should rule out use of TraceTogether data for criminal investigations in the interest of fighting pandemic” – MP Gerald Giam
In response to this information, WP’s Gerald Giam wrote on his Facebook page: “”I think it is ill-advised that the Government has not specifically ruled out the use of TraceTogether data for criminal investigations, as other countries like Australia have done. I hope they change their position, for sake of our national battle against COVID-19.”
In addressing Mr Tan, Mr Giam questioned if the potential compromising of users’ data would affect the adoption rate of the programme, as well as the violation of the TraceTogether privacy statement.
“If people suspect that their TraceTogether data is being used for anything other than contact tracing, won’t this lead to a lower-than-expected adoption rate? … So my question is, now that the government has said that they might actually use the TraceTogether data for police investigations, does this not violate the TraceTogether privacy statement, that says that any data shared with MOH, will only be used for contact tracing of persons possibly exposed to COVID-19,” he said.
What can users do?
Concerned users can actually request for their identification data to be deleted from the servers.
TraceTogether app users will have to email [email protected] with the mobile number that was used to register in the app and uninstall or delete the app.
Token users, on the other hand, will have to return the physical token. Instructions on how to return the token will be given after the user emails their last four characters of their NRIC/FIN/Passport number to the following email address: [email protected]. Afterwhich, the user’s contact number, identification details, and user ID will be removed from the server.
Here’s one thing to note, though, these two methods will only work if a user’s data has not already been uploaded to the Government server as a confirmed COVID-19 case.