MCI Response to PQ on Platform Owners' Responsibility for Enabling Illegal Practices
Parliament Sitting on 6 July 2023
QUESTION FOR WRITTEN ANSWER
6. Ms Yeo Wan Ling: To ask the Minister for Communications and Information how will the Ministry work with enforcement agencies to ensure that instant messaging and e-commerce platform owners take responsibility for enabling illegal practices such as carpooling for profit and sale of food delivery rider accounts.
Mr Yip Hon Weng: To ask the Minister for Communications and Information in view of recent media reports on the online sale of food delivery rider accounts to unauthorised individuals (a) how is the personal data collected by food delivery companies regulated to protect customer privacy and prevent unauthorised access; (b) what measures are in place to ensure that customer data is not being sold or shared with unauthorised parties; and (c) what safeguards have the Government implemented to hold delivery companies accountable and prevent such incidents from occurring.
This response to Ms Yeo Wan Ling’s question will also address a related question filed by Mr Yip Hon Weng for a Sitting on or after 7 July 2023.
The Ministry of Communications and Information (MCI) works with the Ministry of Home Affairs (MHA) and other enforcement agencies to continually assess the adequacy of our measures to address illegal activity online as well as to protect users of online platforms. Where online activities lead to breaches of the law, for example, sale of food delivery rider accounts leading to illegal moonlighting by foreign workers, or the provision of illegal car-pooling services matched via online platforms, the relevant agencies will not hesitate to take enforcement action against the illegal act.
We are also taking steps to strengthen legislation and make clear the obligations of online platforms. For example, MHA has introduced the Online Criminal Harms Bill (“the Bill”). If passed, the Bill will empower law enforcement agencies to issue Directions to online services, other entities, or individuals, when there is online activity suspected to be in aid of criminal offences.
The collection, use, and disclosure of personal data in Singapore is governed by the Personal Data Protection Act (PDPA). It applies to all organisations including food delivery companies, and imposes security requirements to prevent unauthorised access, use and disclosure. Enforcement action can and have been taken against those who breach the requirements.
Food delivery riders, who are contractors of food delivery platforms, also have obligations on the collection, use and disclosure of data of the customers. Nonetheless, we expect food delivery companies to take steps to help prevent their contractors from selling customer data or sharing them with unauthorised parties. Such steps include (a) minimising the amount of customer data that appears in riders’ user accounts; (b) contractually prohibiting the sale or leasing of user accounts; and (c) educating their food delivery riders on the riders’ obligations under the PDPA with respect to customer data.
If an individual has queries or concerns about how a food delivery company has handled their personal data, they can approach the company’s data protection officer to seek clarification, and convey their expectations.