The Scope Of Singapore Privacy: How We Use It In A Right Way

The Scope Of Singapore Privacy: How We Use It In A Right Way

This stakeholder report is a submission by Privacy International (PI). PI is a human rights organisation that works to advance and promote Singapore privacy and fight surveillance around the world. PI wishes to bring concerns about the protection and promotion of the Singapore privacy in Singapore before the Human Rights Council for consideration in Singapore’s upcoming review.

Singapore privacy right

Singapore privacy is a fundamental human right, enshrined in numerous international human rights instruments. It is central to the protection of human dignity and forms the basis of any democratic society. Activities that restrict the Singapore privacy, such as surveillance and censorship, can only be justified when they are prescribed by law, necessary to achieve a legitimate aim, and proportionate to the aim pursued

Domestic laws related to Singapore privacy

The Constitution of the Republic of Singapore does not include a Singapore privacy. Some laws regulate the processing of personal data,including in the public sector, such as the Computer Misuse and Cybersecurity Act which criminalises unauthorised access to data, but does not regulate or address lawful collection of data. Other safeguards for privacy and personal data are included in the Official Secrets Act, the Statistics Act, the Statutory Bodies and Government Companies (Protection of Secrecy) Act and the Electronic Transactions Act.

Other laws regulate data held by private sector entities including the Personal Data Protection Act, Banking Act, and the Telecommunications Act; whilst other relevant legislation include the law of confidence, which addresses misuse and publication of confidential information.

International obligations

Singapore has has not ratified the International Covenant on Civil and
Political Rights (‘ICCPR’) which under Article 17 of the ICCPR, provides that
“no one shall be subjected to arbitrary or unlawful interference with his
privacy, family, home or correspondence, nor to unlawful attacks on his
honour and reputation”.

Areas of concern

I. Failure to ratify the ICCPR

Singapore has still not signed nor ratified many of the major international
treaties, including the ICCPR, which upholds the right to privacy under Article 17.

Article 17 of the ICCPR provides that “no one shall be subjected to arbitrary
or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation”.

The ICCPR has been ratified by 168 states, including many in Asia. It is
urgent that Singapore ratifies and implements the ICCPR including by
recognizing the right to privacy as a Constitutional right.

Also read: 12 brief explanation about the benefits of data protection for business success

II. Communications surveillance

Despite some evidence from security researchers, details of the capacity of
the Singaporean government to conduct surveillance and the scope of its
surveillance infrastructure remains unknown. Yet, it is widely acknowledged that Singapore has a well-established, centrally controlled technological surveillance system designed to maintain social order and protect national interest and national security.

The surveillance structure in Singapore spreads wide from CCTV, drones,
internet monitoring, access to communications data, mandatory SIM card registration, identification required for registration to certain website, to use of big data analytics for governance initiatives including traffic monitoring.

This raises significant concerns in light of the fact that the legal framework
regulating interception of communication falls short of applicable international human rights standards, and judicial authorisation is sidelined and democratic overnight inexistent.

III. Data protection

In 2012, Singapore’s Parliament approved a data protection law which took effect on 2 January 2013. The Personal Data Protection Act 2012 (PDPA)
establishes a regulatory framework which governs the collection, use,
disclosure and care of personal data.37 The PDPA mandated the
establishment of a Data Protection Commission under Section 5.

The PDPA is a welcomed step in ensuring the right of individuals to protect
their personal data but the scope, some of the principles, and numerous
exemptions raise concerns. The PDPA does not apply to the police as well as any public agency or organisation. These exemptions are concerning when considering initiatives such as the one announced in January 2015 by the Neighbourhood Police Centre (NPC) raise serious concerns as to what privacy safeguards will be applied. The NPC announced it would begin trials of body-word cameras for police forces. The cameras will be kept on record mode during the entirety of an officer’s shift, with the possibly of being turned off when judged necessary by the officer.

Other exemptions provisions of concern include the exemption of ‘business
contact information’, a broad list of uses for an ‘evaluative purpose’ which will exempt personal data linked to employment, education, etc,. Furthermore, unless expressly provided in the Act, provisions of other ‘written laws’ will supersede the PDAC if these provisions are inconsistent with any parts of the Act under Section III to VI, news organisations collecting for news activities (both undefined) do no require consents, data intermediaries are exempt but controllers are liable.

Also read: How Being Data Protection Trained Can Help With Job Retention