Love.Law.Robots. is moving!

You're browsing the original version of the Love.Law.Robots. Check out the new site. It's prettier and packs loads of new features!

Chasing the data protection practices of public agencies down rabbit holes

Featured Image `

Not surprisingly, following a very unsatisfactory response from the CPF, government agencies are in the news again for disclosing the personal information of a CPF member. Not surprisingly again, another public agency has to release a statement regarding the government’s privacy practices. This time, it is the Smart Nation and Digital Government Office. Attempting to balance the desire to defend themselves in public and whatever data protection is, is their latest attempt helpful? My hot take — this will hardly be the last word in this unsatisfactory state of affairs.

The law permits [disclosure to “provide the full picture to the public”], including the identity of the individual, in the public interest. Public agencies have a duty to preserve the public trust reposed in them and to ensure that citizens are not misled.

Insofar as public agencies are concerned, we are going to have to take their word for it. After all, the PDPA does not apply to them. The other laws commonly cited, the Public Sector (Governance) Act and the Government Instruction Manuals, do not provide such detail. Neither does the cookie-cutter Privacy Statement provided by the Smart Nation and Digital Government Office.

I have complained about the transparency of public agencies previously, and this hardly addresses it. For example, what considerations did the CPF board and other government agency to decide that releasing the name of the complainant was reasonable, or whether there were other alternatives to releasing the name considered.

Similarly, the Personal Data Protection Commission permits companies to disclose relevant personal information about an individual in a public forum, in order to counter false or misleading allegations from that individual in the same forum. This gives the companies an opportunity to clear the air for themselves, and convey the facts of the case to the public.

Now this claim is more dubious. If I left a review on a restaurant on its Facebook page, does it give the restaurant the right to inform the public what I ate, who I was with, and maybe even snap a picture of me happily eating the food? I don’t remember ever giving anyone the consent to bitch about me, not that any sane business has ever asked. The reputation of a business is important, but that does not mean it has to be right all the time.

Needless to say, I was flabbergasted when I read this. It’s a lousy justification for a problematic response. Since the government seems intent on doing this to respond to online articles, this would not be the last time we will be seeing this.

Update: In the midst of writing this post, the Straits Times published an article with a fairly sympathetic slant to the government. Notice how the article refrains from technically naming the victim…