We have been alerted to this post on Facebook group Concerned Citizens Band Together for a better Singapore:
In the post, the author shares that after visiting a showflat “without using [his] phone during the whole process other than [checking in using] SafeEntry”, he was served property-related advertisements on Facebook “immediately after” the visit.
He then poses the question: “Is the data collected from SafeEntry being sold to businesses?”
For context, SafeEntry is a national digital check-in system that logs the NRIC/FINs and mobile numbers of individuals visiting hotspots, workplaces of permitted enterprises, as well as selected public venues to prevent and control the transmission of COVID-19 through activities such as contact tracing and identification of COVID-19 clusters.
Not SafeEntry but…
Commenters on the post have come forward to offer their take on the situation, with many of them suggesting that apps like Facebook or Google could have been tracking his location in the background instead.
Doing a quick check on Facebook’s help page on location settings, we see that the Location History setting allows Facebook to “build a history of precise locations received through Location Services on your devices”. It adds: “When Location History is on, Facebook will add your current precise location to your Location History either While Using the app or Always depending on which Location Services setting you choose.” The latters means that even if a user isn’t actively using the Facebook app, the Location Services setting is still working in the background.
Facebook highlighted that even when Location Services and Location History are turned off, they “may still understand your location using things like check-ins, events and information about your internet connection”.
With regard to Google, its Location History setting “saves where you go with every mobile device where: 1. You’re signed in to your Google Account; 2. You have turned on Location History, and 3. The device has Location Reporting turned on”. However, Google states that “Location History is turned off by default for your Google Account and can only be turned on if you opt in”.
It is uncertain the location tracking/history settings that the author of the Facebook post has for Facebook, Google, or even other apps that could have been working quietly in the background.
When we contacted the Smart Nation and Digital Government Group (SNDGG), they clarified that businesses do not have access to the location data of individuals collected from SafeEntry.
“The data collected via SafeEntry is encrypted and stored in the Government server, which will only be accessed by the authorities when needed for the purpose of preventing or controlling the transmission of COVID-19.
The Government is the custodian of the data submitted by individuals, and there are stringent measures in place to safeguard the personal data. Only authorised public officers will have access to the data.”
Therefore, the suggestion that the data collected from SafeEntry is being sold to businesses is false.
SNDGG added: “The advertisements that the user received might have occurred due to his Facebook activity. To find out more, users can download a copy of their Facebook activity by following these steps.”