More transparency urged in how agencies use data

Irene Tham
Tech Editor
Updated
Nov 11, 2018, 02:18 PM
Published
Nov 11, 2018, 05:00 AM

As the Government looks to extend the use of facial scanning, privacy advocates are calling for greater transparency in how public agencies will be held accountable for the use and protection of citizens' data.

The call comes amid plans to create a central facial biometric identification service that will allow private-sector organisations to verify consumers' identities against the national biometric database.

GovTech, the agency behind public sector tech transformation, recently called for a tender for such a system. Under the system, individuals' facial details can be captured on mobile devices or public kiosks, and the data will be matched against the national biometric database to accurately identify them.

Privacy advocate and engineer Ngiam Shih Tung, 51, said consumers must be able to opt out of having their biometric data used by businesses - a tenet of data protection.

The Personal Data Protection Act (PDPA) prohibits the indiscriminate collection, use and disclosure of people's personal data, including NRIC numbers, names and images, without their consent.

But the Act does not apply to the Government, which relies on an undisclosed set of internal rules.

Noting that greater transparency is needed, Mr Ngiam said: "The least that the Government could do is to publish the internal rules on data protection so that they can be held accountable for how well the rules are followed."

Experts said the benefits of a facial biometric identification service must far outweigh the risks.

"Greater harm will be inflicted when there is a data breach by organisations - public and private," said tech and data privacy lawyer Koh Chia Ling of OC Queen Street.

Earlier this year, the Public Sector Governance Act kicked in to regulate data sharing between public sector agencies. The Act imposes criminal penalties on public sector officers who share the personal data of Singaporeans or re-identify anonymised data without authorisation. They can be fined up to $5,000, jailed for up to two years, or both.

But experts said the PDPA puts a lot more obligations on the private sector. For example, there is a limit on how long personal data can be kept, and individuals have the right to know what is collected and to correct the information.

Mr Aloysius Cheang, Asia-Pacific executive vice-president of the Centre for Strategic Cyberspace + Security Science, a London-based think-tank, said: "Now that the lines separating public and private sector use of people's personal data have blurred, the PDPA must be updated to include government bodies."

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Sunday Times on November 11, 2018, with the headline More transparency urged in how agencies use data. Subscribe

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top