COVID-19 (Temporary Measures) (Amendment) Bill
(5 min) Mr Louis Ng Kok Kwang (Nee Soon): Madam, the use of TraceTogether data has generated much public debate. One month after this issue first arose in Parliament, we are now debating a piece of legislation introduced on a Certificate of Urgency to put in safeguards on the use of data.
In the past few months, the Bills, which have been fast-tracked all relate to COVID-19 measures.
I thank the Minister for acting just as quickly to address the public’s privacy concerns and data protection concerns. But this is not simply an issue of privacy and data protection, it is also a public health concern.
Restoring the public’s trust in our national contact tracing infrastructure is important especially in these times. We read in the papers news of second and third waves in other countries. We need to be ready on all fronts to suppress any outbreaks as quickly as humanly possible. We cannot now handicap ourselves by weakening the public’s trust in our contract tracing system.
I should also say that I understand the public safety and security needs to access TraceTogether data for certain serious crimes. As a parent, if my daughters’ safety was at risk because of a kidnapping for example, I know I would want access to all data possible to keep them safe.
The question is not whether the data should be used, but what safeguards should be in place. I have two points to raise.
First, can Minister explain what operational protocols are in place to ensure TraceTogether data used for serious crimes do not become used for investigations of less serious crimes? For example, the SPF may access TraceTogether data for a suspect involved in a murder investigation. In the course of investigations, the TraceTogether data links the suspect to a separate petty theft committed. Given that police investigations are fluid, how does the SPF ensure that use of the TraceTogether data is strictly confined to the seven categories of serious crimes?
Second, the debate over the past month may have impacted actual use of the TraceTogether app. We already know from newspaper reports that some people are now choosing to turn off their TraceTogether app when meeting friends or when going out; we must measure the precise effect of such changes. Can the Minister share what specific data points does the TraceTogether team use to measure the impact of the Government's announcement on TraceTogether app’s actual usage?
Let me take an example. If we look at daily active users or weekly active users, we might well notice no change in usage.
But we might find, for example, that more people are actually turning on the TraceTogether application only once a day and turning it off for the rest of the day. We may also find that mobile devices with TraceTogether apps are, on average, pinging with fewer devices than before, suggesting that the app or Bluetooth functionality may have been turned off. Even if we mandate that the app is flashed at point of entry to a location, a user can subsequently turn off the app.
As I have said, I agree with the Government that TraceTogether data should be used for very serious crimes. But we have to deal with the reality that some people may find ways around use of the TraceTogether app, compromising our public health efforts.
For public health reasons, can the Minister share what specific data analysis is used to trace whether actual compliance rate with TraceTogether app requirements does not go down? Madam, notwithstanding my clarifications I stand in support of the Bill.
The Minister of State for Home Affairs (Mr Desmond Tan): Mdm Deputy Speaker, I will take the opportunity to address some of the questions that were raised by Members of the House pertaining to contact tracing data used by Police investigations.
First, Ms Nadia Ahmad Samdin and Mr Louis Ng asked about using contact tracing data for cases where the initial charge for a serious offence is subsequently reduced or amended to a less or non-serious offence, or if the serious offence reveals a separate non-serious offence. The Police and Prosecution will not be able to use the contact tracing data for prosecution of a non-serious offence. This is what we are trying to say in this Bill. There could be a situation where the suspect is investigated for both serious and non-serious offences committed at the same time. In criminal proceedings for such cases, which may be dealt with in a joint trial conference covering both the serious and non-serious offences, it would not be feasible to separate the data used for investigations of these offences. But should the offences be dealt with separately in separate trials, then the prosecution will not be able to use the data in prosecution for the related non-serious offence.
Mr Pritam Singh asked about Police’s use of TraceTogether data and Mr Leong Mun Wai also asked when Police first accessed the TT data. The Police have only requested for TT data once, for a murder that occurred in May 2020, in line with their powers under the CPC. As the TT app was not installed in the suspect’s phone, there was no useful data obtained.
Mr Pritam Singh and Ms Nadia Ahmad Samdin also asked about the usefulness of the contact tracing data for criminal investigations. It is understandable that in any investigation, every piece of information is potentially useful and helpful. Our current framework under the CPC has enabled the Police to do their job efficiently and effectively, and Singapore has thus been kept safe and secure.
Let me give a hypothetical example, where we assume a terrorist attack has occurred and Police are trying to prevent more attacks. In such a situation, contact tracing data could be critical information that we could use to identify any other persons involved in the planned attacks and uncover any terrorist ring as quickly as possible. As you can see, when it comes to investigations, time is of the essence. If Police had intelligence and access to contact tracing data that could help stop attacks from taking place, I believe Members in this House would not say no.
Ms Sylvia Lim asked if we can give more than one example that Minister Vivian Balakrishnan had given in his opening speech. With your permission, Mdm Deputy Speaker, may I ask the Clerks to distribute an Annex that I have prepared, containing examples for each of the seven categories of serious offences. Members can go through these scenarios and examples, and ask ourselves: would we really say that the information should not be used by the Police in such situations?
Mdm Deputy Speaker: Yes, please proceed.
Mr Desmond Tan: I will let Members of the House read at your own time.
Ms Tin Pei Ling asked about the safeguards in Police’s access to the data. First, while the Criminal Procedure Code, or CPC, specifies that production orders can only be made by officers with the rank of sergeant and above, we, in fact, intend to require the rank of requesting officer for contact tracing data to be higher. All requests for contact tracing data will have to be made by an officer of Inspector rank and above. This is the same level of approving authority for bank data that we request from financial institutions.
Second, within the Police, all requests for contact tracing data must be approved by the Criminal Investigation Department of the Singapore Police Force (SPF), which is the staff authority for all investigation-related matters within the SPF.
Third, the receiving party will only be required to comply with the order to disclose the data to the Police, if it is in relation to a serious offence. Any public sector officer, including Police, who uses or discloses the data for a non-serious offence would have committed an offence.
Lastly, all extracted data will be encrypted and kept in strict confidence. Only authorised officers will have access to the encrypted data. Mechanisms will be put in place to ensure restricted access and to maintain logs on the officers who have accessed the data. And, of course, if the data is used in Court, it will be seen whether the offence does or does not fall within the seven specified categories.
Ms Jessica Tan cited a situation where an individual’s lost token was used to commit a serious crime. As part of an investigation, Police will holistically assess the leads and evidence, including TT data, in cases where this may be obtained. If a person assisting in investigation claims that he had lost his TT token, this will also be looked into by the Police. My advice is that upon the discovery of the loss of the TT token, one should quickly get a replacement at any Community Club, so as not to compromise contact tracing efforts.
My Sylvia Lim asked about my statement in Parliament last month about accessing suspect’s and witness’ contact tracing data. Under the CPC, Police are entitled to access data from anyone. What was meant was that, operationally, in order not to compromise investigations, Police are more likely to approach witnesses first for data, in order not to tip off suspects. In this Bill, Police are empowered to access data from all persons for investigating the serious crimes that are set out in the Bill.
Ms Sylvia Lim also asked why the exact list of offences is not specified. Describing the categories of scheduled offences, rather than the specified offences themselves, is an approach that we have employed in other Acts. For example, the Extradition Act takes a similar approach. The seven categories of offences relating to serious offences that will be obvious prima facie.
On Ms Sylvia Lim's question regarding what is included under the category of serious sexual crimes, only rape and sexual assault with penetration will be covered. It will not cover other sexual assault involving mentally challenged victims. The Police cannot use contact tracing data that fall outside of the seven categories. Should a Police officer make a request, the Smart Nation and Digital Government Office (SNDGO) and MOH would not be permitted to provide the data.
Various Members asked to expand the Police's use of contact tracing data to other offences that are not covered or not included in the seven categories, such as outrage of modesty or offences against vulnerable persons. Indeed, the data would be useful and would assist the Police to solve these crimes. However, we had to make a judgement call on the balance between the two imperatives of public health and public safety that Minister Vivian Balakrishnan talked about.
Outrage of modesty and offences against vulnerable persons are of grave concern to the Police and public but rank below the seven categories in seriousness. This was a very tough balancing act for MHA. Nonetheless, I would like to assure Members that the Police will continue to investigate all offences even though they are not in the seven categories of serious offences.
Ms Sylvia Lim and others spoke about Australia's model. Every country is different. Singapore had to decide what model and what we value. We score exceptionally well on safety and security because of the approach that we have taken and that we have decided on.
I have a graphic here and I will distribute to Members via email at the end of today to illustrate this point – that we are here today, our security situation and safety is a result of the model and decision we have taken in terms of our law enforcement policy.
I am heartened that many Members expressed their support and trust in the Police. This trust and support is very precious to us, which we will guard zealously. I would like to assure Members that the Police will continue to do whatever they can to ensure public safety and to pursue all leads in our investigations.
Dr Vivian Balakrishnan: Mdm Deputy Speaker, Members of this House, let me first express my appreciation for, first, our points of agreement. I believe all of us are agreed – I am looking at the Leader of the Opposition – that we are facing a global life-and-death crisis which requires extraordinary measures. I believe all of us are agreed that contact tracing – effective, rapid contact tracing – is essential as part of our response to dealing with COVID-19.
I also venture that all of us in this Parliament are agreed that TraceTogether and SafeEntry, representing our digital contact tracing tools, have made a real difference to the effectiveness of our COVID-19 response. In particular, I would reiterate that it has enabled us to shorten the period from four days to one and a half days.
Members will know that I am by training and instinct a doctor. I am not a lawyer. I am a doctor. Perhaps one of the defects of being a doctor is that we focus very, very much on the individual – on the health and on the outcomes of the individual. I want to say that so that you understand in context because what I want to do now is to share my personal timeline, through this journey. Let me begin.
We first stated that the Government would use TraceTogether data only for contact tracing simply because this was how and why we designed TraceTogether. I can tell you all categorically, again, as a doctor and perhaps a techno-optimist, that the potential use of the data by the Police did not cross my mind or the mind of my engineers at all. I state that categorically.
In fact, if you think about the features that we built in – encrypted, decentralised data, auto-purging after 25 days, encrypted identities, no GPS, no cellular connectivity – I think any fair-minded person with some appreciation of technology will know that what we had in mind was digital contact tracing. We were not at all trying to create a surveillance tool. I say this so that you understand my state of mind when I said what I said in June.
But what I said in June was wrong because in a sense, my own enthusiasm for the technology blindsided me and I did not read section 20 of the CPC. Because the law of the land, is that the CPC – specifically section 20 – does authorise the Police to access many databases, including contact tracing data.
The next point is – when did I become aware that what I said was wrong? Basically, what happened was at the end of October, I was asked: are you sure that the CPC does not apply, even for a murder case? A member of the public asked me.
When I received that query, I asked my staff – please go and double check. I am not a lawyer but please go and double check what the legal provisions are. At that point, I was informed that the CPC applied and that in fact, the Police had requested TraceTogether data on one previous occasion.
Your next question should be: well, what did you do after that? I will tell you very frankly. In fact, I have shared that in the last month, I had many sleepless nights and I engaged in several rounds of discussion with some of my senior Cabinet colleagues on whether we should carve out and, if we did, how should we carve out the contact tracing data from the application of the CPC.
You will know that my own strongly held view at that point in time was that even if the CPC applied and even if we were going to make data available, we should exercise this with utmost restraint.
I was also aware that I had first made this assurance in this Chamber. I think it was in June in this Chamber. I told my staff regardless of the outcome of this internal review, we will come back here and we will clarify. We did that last month.
Mr Christopher de Souza filed a question. I believe it was in early December – about a month after I commenced this process of internal discussion.
I am sharing this with you so that you understand that there is nothing to hide. The CPC is written law. But I should have been aware and I should have made it clear right from the onset. I have reflected that if in June, I had added four words – subject to prevailing legislation – perhaps we would not be here this afternoon. Nevertheless, it has occurred.
I want to, in the rest of this wrap-up speech, address the different queries, comments and suggestions under three categories: first, trust and participation in digital contact tracing; second, the technical features and safeguards of TraceTogether and SafeEntry; and third, to deal with the specific clarifications of clauses within the Bill.
First, trust and participation. In an ideal world, no mistake would have been made. No question would have arisen. But I am now in a scenario where a mistake has been made and the real question then is how do we maintain trust when a mistake has been made?
I will come back to my instinct as a doctor. The patient-doctor relationship is built on trust. Both the patient and the doctor hope that we will never make a mistake. But mistakes do occur sometimes, usually rarely. The most important ingredient in that trust relationship between a doctor and a patient is complete transparency – that if anything goes wrong, I will tell you and if anything needs to be fixed, I will do so, and I will go all out to remedy the problem if I can humanly do so.
My answer to this question today – how do you maintain trust when a mistake has been made – is actually quite straightforward. Acknowledge the error. Take full responsibility.
It is no different from a complication in surgery. Acknowledge the error. Take full responsibility. And I have done so.
Next, do the right thing rather than choosing the politically expedient option. You know I believe in transparency even if transparency is awkward and politically costly. But it is better to be transparent than to double down on a mistake. You see my point here? Better to be transparent, fix the error rather than to double down on your mistake.
One further principle from my medical practice is beware of false dichotomies. The false dichotomy I have heard today is that you have to choose between saving the life of a child and you have to choose between participation in digital contact tracing.
I believe by being completely open, transparent, answering every question, explaining and letting people see the purpose behind what we are doing and why we are doing it, I believe we can avoid this dichotomy. I believe it is possible for us to continue to have perhaps the world's most successful contact tracing programme; and at the same time, deal with people's expectations that Singapore will remain safe and secure. And that the Police are our guardians, our protectors. And that the Police have acted at all times strictly within the ambit of the law in order to fulfill their higher mission to protect us.
Today, I come before this House, moving legislation on a Certificate of Urgency to give legal force to the statements that the Minister for Home Affairs and I made in Parliament last month.
This Bill ensures that personal digital contact tracing data can only be used for contact tracing, with a narrow exception for investigations and criminal proceedings in respect of seven categories of serious offences.
I know there can be some debate. In fact, there has been some debate how specific are our definitions. Should we enlarge it? Should we constrict it? I think that is legitimate debate. But I believe that this Bill reflects the right balance between restricting the use of personal digital contact tracing data and, at the same time, enabling our Police to fulfil their duty to keep us safe – avoid false dichotomies.
I will just reiterate a few scenarios which you would have, in fact, in the annex in front of you. If the next of kin of a murder victim asks the Police, "Please decrypt the TraceTogether data on his phone", would any of you refuse? If the parents of a kidnapped child found the token and desperately asked the Police to unlock it, which one of you would refuse? If a terrorist act is imminent, would you tie the hands of our Police and security forces? I believe I know the answer to these questions, and, certainly, the majority of Singaporeans outside this House.
Singaporeans understand the need for Police to lawfully access information and I believe that public trust in our Police Force remains high, very high. And as Foreign Minister who has had to travel to many parts of the world, this confidence and trust is a huge competitive advantage that Singapore has.
On the question of public trust and public participation, let me, in a rather limited way, share some numbers with you. You know that for TraceTogether, we give people the option of writing in to say, "Please delete my data". In the last one month, we have had 350 individuals who have asked us to delete their data – 350. Every one of that 350 who has requested us to delete is a source of regret for me. At least 350 have, for a variety of reasons, decided to forgo the protection that TraceTogether offers them and their loved ones. But on the other hand, in this same period, in this same one month, over 390,000 have come onboard the TraceTogether programme.
I do not want to belabour this but my simple conclusion or inference is that Singaporeans know that I misspoke but they also trust the TraceTogether system is safe, it does what it is supposed to do, it protects public health, and they also trust the Police to always behave lawfully.
Members also had questions on the features and safeguards of TraceTogether and SafeEntry. Let me quickly try to run through as many of these clarifications as possible. Mr Louis Ng, and I think Mr Pritam Singh as well, asked whether it has affected our adoption. I have just given you some figures on people who have signed on in the last one month.
But I will also accept the point that Mr Louis Ng made, and I think Mr Gerald Giam made as well, that there may be individuals who are gaming the programme. You switch it on in order to do your SafeEntry and then you promptly switch it off. I think Mr Louis Ng also asked whether we have more granular data into how people are using the tokens and using the TraceTogether app.
Today, more than 80% of Singapore residents are onboard the programme. Based on broad proxies, and I say proxies, and I will explain why it is only a proxy, but based on broad proxies, we estimate about 58% of users use the app at least once a day. This proportion has remained the same before and after the parliamentary clarification in January.
Mr Ng also asked if we could provide more granular usage statistics, such as whether the mobile devices with the applications were on average pinging fewer devices than before. And, Mr Ng, I have to tell you, actually, the privacy-respecting nature of the system means we actually cannot collect that level of granular data to track active usage. The data is stored locally on your own device. The TraceTogether app only connects to the server periodically, only to download information. Some Members would be familiar – occasionally, when you have checked into the same place as someone else who has turned out to be COVID-19-positive, that message may light up to warn you that there may be a potential overlap in time and space between you and the COVID-19-positive patient.
The point I am making is that, again, it reveals the privacy by design that we focused on in rolling out this programme. I want to remind everyone that TraceTogether is meant to protect us and our loved ones. The effectiveness of TraceTogether depends heavily on the rate of user participation. For those who switch off your Bluetooth or your app or engage in other forms of technical wizardry, I would just ask you why deprive yourself and your loved ones of the protection?
Again, as Foreign Minister, I have looked round the world and one of the reasons why we are better off is that we have not politicised our response to COVID-19. I am grateful to Mr Singh and the Workers' Party that, unlike in other countries where wearing a mask or not wearing a mask is a badge of political identity, we have avoided that kind of political dichotomy.
So, for people who are angry or disappointed at my mistake, you are entitled to do that but do not deprive yourself and your loved ones of the protection from this system.
Ms Nadia Samdin asked a few suggestions regarding OpenTrace, and she asked if we would continue to make OpenTrace open-source such as by introducing open-source licences and regularly updating the GitHub repository. Actually, my engineers will know that I have been leaning on them repeatedly to keep updating the GitHub repository. But, again, those of you who are actual programmers will know it is a very big slog to tidy up your code and prepare it for public open-source perusal. But we believe in open-sourcing OpenTrace, it has served us well, it has been helpful, it has allowed experts to look at both OpenTrace and TraceTogether, and for them to conclude that the app does and continues to do what it is supposed to do, and to do so in a privacy protecting manner.
Other governments have looked at our code base including Australia, Alberta, Poland. We have had discussions at the technical level. They have modified it, used it, changed it; we are completely open about that.
To be clear to Ms Nadia Samdin, there is already an open-source licence. The OpenTrace repository is published under – sorry, to get technical here – a GNU General Public Licence Version 3.0. Those of you in the know will know that this is an open-source licence. The Standard General Public Licence 3.0 terms are also within the repository itself in a licence and markdown file, as is the standard practice, and maybe Ms Nadia Samdin can check on that after this. But I will convey your suggestions to the GovTech team and discuss what our next steps are for open-sourcing.
Ms Nadia Samdin also asked if we would commit that TraceTogether data will always be stored on the user's device and shared with MOH only when the user uploads the data, and to delete the data at the request of the user. By design, TraceTogether data will be stored in the user's device before it is shared with the authorities. Again, for those of you who have ever been in the circumstance where you need to share it, you know that your participation is needed. We send you a PIN, you have to enter the PIN before the data is uploaded.
This Bill limits the Government's use of TraceTogether data to the purposes of contact tracing with the exception, as I said earlier, for investigations and criminal proceedings in respect of serious offences, and it applies regardless of how the data is accessed or shared. The same applies for the suggestion on deleting the data upon request. Users can do so and we have done so, as I shared just now; we have deleted data for 350 persons in the last one month.
But in certain cases, for instance, where the data has already been uploaded because there was a positive COVID-19 case, then MOH will have to retain that data as long as that cluster is active and they need it in order to break the chains of transmission. I am sure Members of this House will understand the need for that.
Mr Gerald Giam asked about the Police's use of SafeEntry data. I believe the Member did ask just now. I am not privy to the operational details but I do understand that SafeEntry data has been used for investigations into offences in a number of instances. I must state for the record that my previous assurances were on TraceTogether in this House and not on SafeEntry. Nevertheless, we have decided in this Bill to envelope SafeEntry and BluePass insofar as it interoperates with TraceTogether within the same protective cocoon that this Bill provides.
It is also worth reminding Members of the House that, actually, SafeEntry is a digital visitor log. It is no different today. If it was not there, the Police would go to the security guard, say, of your condominium and say who has come in at what time, which car numbers were in here, look at your video surveillance. SafeEntry actually, in that sense, is not novel compared to TraceTogether. But it is different in the sense that it is a centralised database. Therefore, we decided we better take pre-emptive action to put the same cocoon of legislative protection around it.
Let me now move on to clarifications on the legislative amendments themselves, and I hope Members will bear with me if some of this is a bit technical.
Ms Nadia Samdin asked if an individual would be able to access their own personal contact tracing data including if one is being charged for a serious offence. The answer is yes. Members of the public can request for their own data for legitimate purposes as is the current practice today. The lawyers looking at the text of the Bill will realise we have been very careful not to circumscribe the rights of the individual to his data.
I believe Ms Sylvia Lim asked if suspects and the Defence Counsel could access the personal contact tracing data for their Court cases and whether the time period of 25 days is sufficient to retain the data for such users. The Bill circumscribes the use of personal contact tracing data by public sector agencies, but I will reiterate, does not prohibit individuals from using or requesting for their own personal contact tracing data provided they have a right to access such data. For serious offences, the individual can share his or her own data with anyone including the Police, the prosecution, the Defence Counsel and offer his or her data to the Court as evidence.
If the Prosecution is in possession of contact tracing data which strengthens the Defence's case or weakens the Prosecution's case, the Prosecution has to disclose such data to the Defence to comply with its common law disclosure obligations laid down by the Court of Appeal. I believe this is known as the "Kadar disclosure obligations". Again, the criminal lawyers here will understand what I am talking about. This is in the Bill – specifically, section 82(7) allows for individuals to continue to have access to personal contact tracing data if they have such a right of access under any "rule of law or otherwise". Mr Singh, you can confirm that clause.
The right of access under "any rule of law" here includes the Kadar disclosure obligations.
Ms Tin Pei Ling asked if TraceTogether data could be used in missing persons cases. A next of kin – father, mother, husband, wife – a next of kin may request the data of a missing person to the extent permissible today. This includes requesting for personal contact tracing data of the next of kin, if they have a right to do so.
Mr Gerald Giam also asked if personal contact tracing data uploaded to MOH servers would be covered by this Bill specifically by section 82. The answer is yes. The Bill restricts the Government's use of personal contact tracing data collected from digital contact tracing systems specified in the Sixth Schedule.
Mr Zhulkarnian Abdul Rahim suggested having a dedicated channel independent of the Police to investigate any complaints of TraceTogether data access breaches made by any party.
If you peruse the Bill in front of you, you will realise that disclosure or misuse of contact tracing data on contravention of the COVID-19 (Temporary Measures) Act will be investigated by authorised persons from the Government Data Office appointed under this Act. These authorised persons would be appointed by Senior Minister Teo Chee Hean as the Minister overseeing this part of the Act. So, there is a clear separation of roles and duties.
The Government Data Office will oversee the public sector data governance policy and requirements, similar to what the PDPC does for the private sector. And I can give this assurance that Police officers will not be appointed for this purpose.
There were also other questions pertaining to data governance for personal contact tracing data. It was Mr Yip who asked whether Police would still be able to request the data beyond the 25-day mark, and if the data will be stored for more than 25 days, should it be required by Police for investigations and proceedings into serious offences. I think it was also Mr Giam who asked if Police will be able to access the data when the pandemic has been declared over.
In general, the Police will not be able to obtain data if the request comes in after the 25th day mark and this is because the data would have been auto deleted, either deleted on your personal token or app or deleted from the main server. There are some exceptional scenarios. Nowadays, I am very careful with all my caveats. There are some exceptional scenarios where the data may be stored for more than 25 days.
One, when the data relates to a COVID-19 patient or an individual who is closely associated with the patient, and the data is used for active contact tracing purposes. And I think that, people will accept this is a legitimate use of data beyond the 25th day.
Two, when the data has been used for investigations or criminal proceedings in respect of serious offences; the data may be retained until the investigation or criminal proceedings are over, including Court proceedings, I must add, and will be deleted when the data is no longer needed.
The same applies to when the pandemic is being declared over. And then we can happily stand down our digital contact tracing programmes.
As I mentioned in my opening speech, subsection 82(8) provides for the Minister to specify a date after which digital contact tracing system is no longer required to prevent or to control the spread of COVID-19. The data administrator must then delete any personal contact tracing data which is no longer required.
Police will not be able to use any personal contact tracing data unless the data had previously been retained and used for investigations of criminal proceedings in respect of serious offences.
Ms Nadia Ahmad Samdin asked if the Government would consider publishing disclosure reports to help the public understand how the data is being used. We will accept Ms Nadia’s suggestion to have a report disclosing the use of the data beyond contact tracing. My team will work out the details on how often and the contents of these reports, but it should broadly encompass the types of data, how the data was used, as well as the number of occasions that the data has been used for purposes other than contact tracing from the day that this Act comes into force.
Ms Nadia Ahmad Samdin and Mr Gerald Giam asked if it was possible for us to specify the conditions for the life cycle of the TraceTogether programme, such as the conditions to decide when it should be deactivated.
Actually, this is a much wider question – what determines the changing points in the pandemic and what determines the end of the pandemic? Our approach has to be guided by science and public health. We will monitor the overall situation closely, consider all relevant factors before adjusting our measures, as we have indeed in the last one year with our three phases of re-opening since the circuit breaker.
In other words, there is no rule book. There is no standard play book that we can rely on. We will have to respond to the situation as it evolves.
And this approach has served us well, and we should continue to abide by this considered approach in determining the end of the pandemic. Even now, we know that the pandemic has been very unpredictable. Many places that previously contained their initial infections, are now dealing with second, third, fourth waves. New variants have emerged, some more transmissible, some even more lethal. Whether and when we can revert to normal will really depend on the global situation, not just the situation within Singapore and this is the nature of infectious disease epidemics.
Lastly, Members expressed a wide variety of views on the types of offences which Police ought to use personal contact tracing data for investigations or criminal proceedings. Some of you suggested expanding the list, some to include additional offences. Mr Vikram Nair, I believe, said that he preferred not to have any carve-outs. He said that this would be tantamount to saying that the Police should not look at all available information in pursuit of their investigations. Mr Sharael Taha, Ms Tin Pei Ling, Mr Alex Yam and Mr Christopher de Souza expressed concerns that the passage of this Bill may set a precedent for how the Government may use data collected by digital solutions in the future, and hamper the Government’s ability to function effectively. Mr Pritam Singh, in his considered speech, also referred to the future and what impact these decisions may have.
I want to say that our decision today to only include serious offences, to tightly scope the use of personal contact tracing data is a result of a delicate balance between the right to public health, the right to public security and respecting the sensitivity of personal data during this extraordinary time.
Mdm Deputy Speaker, this Bill is being tabled and read on a Certificate of Urgency in exceptional circumstances. It is intended to deal with the specific issue of the Government’s use of personal data collected via digital contact tracing systems in the midst of an emergency.
We have taken this exceptional step because we need to focus on encouraging public participation and maintaining confidence in our public health measures. This Bill is about ensuring maximum support from the public in our fight against COVID-19.
I want to stress this Bill is not a precedent. It is not in the public interest to deny the Police access to the data necessary to ensure public safety and the proper conduct of justice.
The nature of the legislation which this House is called upon to consider today is sui generis. It is a piece of legislation introduced during a public health crisis, being moved under a Certificate of Urgency, because of the situation that we are in. We are not trying to set a precedent here today.
Privacy and data governance, especially, in the face of accelerating technological revolution, these are broad and complex issues, which I think Mr Singh also recognises, that need careful contemplation, consultation and open debate. This should not be settled on a Certificate of Urgency in one day. There will be proper occasions in the future to do this.
Mdm Deputy Speaker, our response to COVID-19 has not been perfect, but it has been effective. This current state of affairs did not happen by chance. It is due to our concerted efforts on multiple fronts – our excellent healthcare system, our heroic frontline officers, our extensive testing capacity, our effective contact tracing regime that has enabled us to quickly identify, isolate close contacts, truncate transmission.
Most of all, it is because of our social capital, the sacrosanct trust of our citizens and the collective responsibility that we have for one another. Madam, I beg to move.
Source: Hansard
