Data privacy ambiguity may hamper Singapore's smart nation ambition

Data privacy ambiguity may hamper Singapore's smart nation ambition

Summary: Smart nation plan means massive amounts of data will be collected and analyzed, prompting questions about data privacy and security. With Singapore's public sector excluded from the country's data protection act, how will data management be properly governed?

SHARE:

It's been a big week for the Singapore government which unveiled its big plan to become "the world's first smart nation", tapping strongly on data sensors and analytics to enable intelligent urban living. However, unanswered questions about the management of such data, which cuts across government agencies and private entities, could prevent Singapore from realizing its smart nation dream.

The Singapore government introduced several initiatives this past week that include a smart nation operating system, Internet of Things scheme targeted at homes, and pilot trials at a designated residential-business estate that serves as an important testbed for a nationwide rollout of smart nation applications.

Announced at the Infocomm Media Business Exchange (imbX) conference and exhibition here, these cut across infrastructure, software, and services identified as necessary components to support a smart nation blueprint. Spearheaded by ICT regulator Infocomm Development Authority (IDA), a key piece of this puzzle is the collection and analysis of data that is touted to generate relevant insights and allow citizens to make more appropriate decisions, for instance, in transport and healthcare. It will also facilitate better policy planning and citizen-centric services and information gleaned from the data sensors will provide better insights to allow local organizations to improve their business operations.

Pilot trials at residential-business estate, Jurong Lake District, will serve as a crucial testbed for the country's smart nation technologies and services. These will see the rollout of more than 1,000 data sensors in the area, located in the western part of Singapore, which will capture information--including video images--to be used in applications around urban mobility, sustainability, and improving "sensing and situational awareness".

The trials will involve multiple government agencies including the Housing Development Board (HDB), Urban Redevelopment Authority, National Environment Agency, and Land Transport Authority, as well as more than 20 companies and startups. 

One trial, for instance, involves RF Net, Panasonic, and Elixir Technology, which will assess a smart queue monitoring system that taps advanced video sensing to determine in real-time the length and flow of a queue, for instance, at taxi stands. This information including potential waiting time can be fed to commuters who can then decide if they want to join the queue or take the bus. The data can also alert taxi companies on locations that require more cabs. 

Another pilot will see ST Electronics developing a common traffic simulation platform to simulate and evaluate different traffic control algorithms, with possible traffic signal control plans to improve road traffic management in the district. 

The plan calls for all data captured via the sensors to be collected, analyzed, and securely managed through a new Smart Nation Platform, which all government agencies can connect to. IDA says the government will own this platform but is open to having private sector entities operate and manage it. If that happens, these companies will have to abide by parameters and regulations mandated by the government in managing the platform. 

Government exclusion blurs data privacy management

With so much data involved, there will inevitably be concerns about data privacy and security. 

And according to Steve Leonard, IDA's executive deputy chairman, it is an area the ICT regulator takes seriously and has a team to oversee such issues in order to ensure data remains protected while it's being shared.

At a media briefing, I asked Leonard how this will be managed since the public sector is excluded from the country's Personal Data Protection Act, and there are private companies involved in the smart nation trials and rollouts.

He explained that the exclusion was to allow data to be easily shared between government ministries and agencies, and facilitate better e-government services for citizens. 

I understand, too, that the public sector is governed by its own set of data protection rules such as the Official Secrets Act, and individual agencies such as the Inland Revenue Authority of Singapore has its own guidelines. However, details about what these are exactly, the types of data they govern, and how the various different rules work remain unclear.

I've also heard about an internal data protection standards handbook that the public sector adheres to, but, again, details for this are scarce.

Leonard acknowledged there were questions that still needed to be answered and issues worked out regarding data privacy, noting that the country's smart nation plan had just rolled out and was still evolving. Policies and processes need to be evaluated, and reevaluated, and there will be ongoing dialogue and assessment of the best way to proceed, for example, with regard to striking the right balance involving data privacy, he said. 

"We're not pretending we have the answer to everything," he noted, but said these were "difficult questions" that still needed to be addressed so the benefits Singapore hoped to generate from its smart nation plan would be enjoyed by its citizens. 

And in my opinion, these questions should be resolved as soon as possible. The government's smart nation trials involve private organizations that must comply with the data protection act, but also deal with data deemed to belong to the public sector since government agencies are also part of these trials.

This mishmash of private and public creates many blurry lines in how sensor data should be managed. It'll also be incredibly tedious and complex to identify data that counts as "public", and therefore, is excluded from the data protection act, from data that is "private" and should then fall under the act.  

And should private companies be allowed to manage and operate the Smart Nation Platform, which set of data privacy laws will they need to adhere to? 

While much has been touted about the benefits, such as improving traffic conditions, enabling commuters to make more informed travel choices, and facilitate better deployment of resources, a couple of the smart nation trials could potentially be deemed intrusive. 

Take for example the trial of an automated system to detect people smoking in prohibited areas. Run by ST Electronics, the pilot taps the use of advanced video sensing technologies to identify these errant smokers, which can then be used to deploy public officers to monitor these areas. 

And there's also a pilot that uses such video sensing technologies to automatically detect illegal parking. The mobile system, tested by NCS, can detect cars parked illegally, for instance, at fire engine access points and double-yellow lines, and enable public officers to be deployed to these areas--presumably, to issue summons. 

Despite the benefits the other smart nation applications can offer citizens, those that look to detect rogue smokers or parkers offer a glimpse at how else these data analytics and sensors could be tapped in future--and not every Singaporean will welcome them. 

The easiest solution would be for the public sector to be included in the country's data protection act, and even then, concerns may be raised about how the act is seen to be business-friendly

Whatever the answer may be, it needs to come sooner than later if Singapore wants to fulfil its smart nation ambition. And the conversation needs to also include data security, especially after the breach earlier this month that put more than 1,500 SingPass accounts at risk. There are over 3.3 million SingPass users in the country who use their account to access over 340 e-government services ranging from the filing of income taxes and registering of businesses. 

Further security breaches like these will no bode well for Singapore's smart nation plans.

Topics: Privacy, Big Data, Security, Singapore

About

Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently a freelance blogger and content specialist based in Singapore, she has over 16 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Big data Privacy

    Smartness of a nation can be measured by the ability to harness big data to ensure the growth of the nation without compromising on the privacy of its individuals. Technology should be leveraged not for selfish motives but for the well being of an individual. Companies like Intel, IBM , Cloudera and Qburst should come up with innovative ideas such that there is no breach of privacy.
    Edward2525