Safety and Privacy of Data on Third-party Booking Apps

71 Mr Ang Hin Kee asked the Minister for Transport (a) whether the LTA has regulatory enforcement powers to ensure that third-party booking apps, such as Grab and Uber, are required to share timely information, such as safety and condition of their vehicles fleet; (b) how personal particulars of commuters and drivers are protected; and (c) what preventive measures are in place to ensure that the safety and data of both commuters and drivers are not compromised.

Mr Khaw Boon Wan: We currently do not require private hire car (PHC) booking service operators and third-party taxi booking apps to submit information on the safety and condition of their vehicles fleet. However, under the Road Traffic Act, these operators are required to despatch licensed and properly insured vehicles. If there are three or more violations of these regulations within a rolling period of 12 months, the Land Transport Authority may issue a general suspension order that bars all PHC drivers affiliated with a particular PHC booking service operator from driving for that operator.

To protect the data privacy of commuters and drivers, private hire car booking service operators operating in Singapore must comply with the Personal Data Protection Act, or PDPA. Under PDPA, organisations are required to put in place reasonable security arrangements to protect personal data in their possession or under their control in order to prevent unauthorised access, use or disclosure. Organisations which are found in breach of PDPA can be liable for a financial penalty of up to $1 million.