Bill that limits use of contact tracing data passed

Safeguards in place to assure public that such info will be protected

A Bill restricting the use of personal contact tracing data in criminal investigations to only serious crimes, such as murder and terrorism, was passed in Parliament yesterday, with assurances of safeguards to protect people's data.

This comes after a public outcry when it was revealed last month that the police could use TraceTogether data for criminal investigations as well as for contact tracing.

The safeguards in place include deleting TraceTogether and SafeEntry data for Covid-19 contact tracing from government servers when the pandemic is over, as well as encrypting any extracted data used for investigations by the police into only seven categories of serious crimes.

Speaking at the start of a debate on the Bill yesterday, Foreign Minister Vivian Balakrishnan assured Parliament that the Government's intention in introducing it urgently was to remove any doubt among Singaporeans and assure them that the data will be properly safeguarded and used appropriately.

This is so that "we may continue to focus our attention towards battling... the Covid-19 global pandemic", said Dr Balakrishnan, who is in charge of the Smart Nation drive.

"This is crucial because the virus is a clear, present and... growing threat. And it will remain so for some time. We cannot afford to be distracted from our fight against Covid-19," he said.

The Covid-19 (Temporary Measures) (Amendment) Bill was tabled in Parliament on Monday by Dr Balakrishnan on behalf of Law Minister K. Shanmugam on a Certificate of Urgency. This means the proposed law was put through all three readings in one parliamentary sitting, instead of separate sessions.

Dr Balakrishnan added that limiting the use of contact tracing data with the proposed law is "a result of a delicate balance between the right to public health, the right to public security, and respecting the sensitivity of personal data during this extraordinary time".

Safeguards to protect people's contact tracing data include deleting the data in the TraceTogether app or token, as well as SafeEntry servers, after 25 days, so the police cannot request for the data after it has been purged, he said.

Also, no other written law can override the protections offered by the Bill, which Dr Balakrishnan said was an added assurance that public agencies may not use contact tracing data for anything else.

Dr Balakrishnan clarified that SafeEntry data has been used by the police for investigations into offences before.

Minister of State for Home Affairs Desmond Tan later revealed that the police sought - and got - access to TraceTogether data in a murder investigation last May. It is believed the murder referred to was the Punggol Fields murder.

However, investigators were not able to obtain any useful data as the app was not installed on the suspect's phone, Mr Tan said.


Singapore Politics