Data Ethics Enforced by Design, Not Audit.
Singapore's PDPA mandates data retention limits, provenance accountability, and citizen data rights — but enforcement depends on internal audit cycles. Passbank closes the gap: data validity, provenance, and the right to erasure enforced cryptographically, at the moment of issuance.
Verifiable Credential
Data Ethics VC
73%
Less Data Shared Cross-Agency
0
Manual Retention Audits Needed
< 1s
Revocation Propagation
Three Gaps in Singapore's Data Ethics Framework
Singapore's PDPA sets the standard. But between the obligation and the technical enforcement lies a structural gap that internal audit cycles cannot reliably close.
No Enforceable Data Provenance
PDPA's Accountability Principle requires organisations to be responsible for data under their control — but there is no technical mandate for a chain-of-custody audit trail. Singapore's 2024 GenAI Governance guidance recommends provenance tracking for AI outputs, but the recommendation carries no enforcement mechanism.
Reference: PDPA Accountability Obligation · Singapore Government GenAI Governance Framework (2024)
Reactive Retention Enforcement
The PDPA Retention Limitation Obligation requires data to be destroyed or anonymised when no longer needed for its original purpose. But compliance is self-reported and enforcement is reactive — the PDPC investigates after a breach. No technical mechanism automatically expires data at the moment the retention window closes.
Reference: PDPA s.25 Retention Limitation Obligation · PDPC Advisory Guidelines
No Right to Erasure
Unlike GDPR Article 17, Singapore's PDPA does not enshrine an explicit right to erasure. Citizens may request access and correction of their data, but they cannot compel deletion. As data flows across multiple agencies for means-tested benefits, the absence of a technical erasure mechanism leaves citizens without meaningful control.
Reference: PDPA Part V (Access & Correction) · GDPR Article 17 (contrast)
Data Ethics Enforcement by Design
Passbank Verifiable Credentials close each gap in Singapore's data ethics framework — not through additional audit layers, but through cryptographic enforcement built into every credential at issuance.
Data Provenance by Chain of Custody
Every data point issued as a Verifiable Credential carries a cryptographic chain of custody — the issuing agency, the purpose of issuance, the timestamp, and the downstream recipient are all anchored to the credential's cryptographic proof. Any PDPC auditor can query the provenance trail without accessing the underlying personal data.
Technical Mechanism
W3C VC 2.0 `issuer`, `issuanceDate`, and `credentialSubject.purpose` fields form an immutable provenance record, anchored to a decentralised status registry.
Retention Policy Enforced by Expiry
The retention window is embedded directly into the credential's `expirationDate` field at the moment of issuance — not as a database field to be manually deleted, but as a cryptographic property. Any system attempting to rely on an expired credential receives a hard verification failure. Retention breaches become technically impossible.
Technical Mechanism
W3C VC 2.0 `expirationDate` property enforces the retention window cryptographically. Passbank's Status List propagates expiry in real time across all relying systems.
Erasure via Dual Revocation
Citizens can revoke their own data VCs at any time from the Passbank app — triggering real-time revocation propagation to all agencies that hold the credential. Issuing agencies can also initiate revocation when retention obligations trigger. Both paths produce the same outcome: the data is technically dead, unverifiable by any downstream system.
Technical Mechanism
W3C VC 2.0 `credentialStatus` with Passbank's Status List 2021. Revocation propagates to all verifiers within one second of the holder or issuer initiating the revocation event.
Selective Disclosure by Design
When an agency needs to verify only that a citizen meets an eligibility threshold, Passbank's selective disclosure framework ensures only the verified claim is shared — not the underlying transaction data. Across a typical ComCare application, selective disclosure eliminates approximately 73% of cross-agency data sharing volume.
Technical Mechanism
W3C VC 2.0 selective disclosure proofs. The verifier receives a verified claim (e.g., "income ≤ SGD 1,900") signed by the issuer, without access to the raw data behind the claim.
How the Data Ethics VC Lifecycle Works
From the moment a government agency issues a data VC, every PDPA obligation — retention, provenance, minimisation, and erasure — is enforced automatically throughout the credential's lifecycle.
Issuance with Policy Embedded
The issuing agency (e.g., CPF Board) issues a Data Ethics VC with the retention window (`expirationDate`), purpose of use, and provenance anchor embedded at the moment of issuance. The policy is not a note in a database — it is part of the credential itself.
Citizen Stores & Controls
The citizen stores the credential in their Passbank digital wallet, linked to their SingPass identity. They choose what to share, with whom, and for what stated purpose. They hold the revocation key from day one.
Selective Disclosure at Presentation
When a verifying agency requests data, the citizen's Passbank app presents only the minimum required claim — a derived proof that satisfies the verification request without exposing the full underlying data. 73% less data leaves the source system.
Auto-Expiry or Citizen Revocation
At the policy expiry date, the credential automatically becomes unverifiable — no manual deletion required. At any earlier point, the citizen can revoke from the Passbank app. Revocation propagates to all agencies in under one second.
Priya Nair: From Data Opacity to Data Agency
In 2019, Priya Nair applied for ComCare Long-Term Assistance. Her CPF income records, IRAS NOA, and HDB flat data flowed across MSF, CPF Board, and the Social Service Offices. In 2024 — five years later — all agencies still hold copies of her data. Priya has no audit trail, no confirmation of retention, and no mechanism to request deletion.
Under the Passbank Data Ethics VC framework: CPF Board issues a Data Provenance VC with a 24-month expirationDate at the moment of the ComCare assessment. Selective disclosure means MSF receives only the verified income threshold claim — not Priya's full contribution history. When Priya secures employment in 2026, she revokes her ComCare VCs from the Passbank app. All agencies receive a credentialStatus: revoked response in under one second.
- CPF, IRAS, and HDB data shares limited to income threshold claims — 73% less data shared
- Data auto-expires after 24 months — zero retention audit required
- Priya revokes ComCare VCs in 2026; all agencies receive revocation in under 1 second
- PDPC can audit data provenance via registry query — no breach disclosure required
- GenAI systems citing Priya's data carry a cryptographic provenance anchor back to CPF Board
Data Provenance VC — CPF Board → MSF
Issued 14 March 2024 · Purpose: ComCare means-testing · Provenance anchor: 0x7c2d…f91a · Accessible to PDPC auditors via registry query
Auto-Expiry: 14 March 2026
expirationDate embedded at issuance · Any system querying the credential after this date receives a hard verification failure · No manual deletion required
Selective Disclosure — Threshold Claim Only
MSF receives: "monthly household income ≤ SGD 1,900 — verified by CPF Board" · Full contribution history never leaves CPF systems
Citizen Revocation — March 2026
Priya taps "Revoke" in Passbank app · credentialStatus: revoked propagates to all agencies in < 1s · Data is technically dead across all downstream systems
The Government Data Trust Ecosystem
Every participant in Singapore's public data ecosystem — government agencies, citizens, and regulatory bodies — has a defined, cryptographically enforced role in the Data Ethics VC framework.
Government Agencies & Statutory Boards
Ministries and statutory boards issue Data Ethics VCs on behalf of citizens, embedding retention windows, provenance anchors, and purpose declarations at the moment of issuance.
- CPF Board — income and contribution Data VCs
- IRAS — tax assessment Data VCs
- HDB — housing records Data VCs
- ICA, MOM, NEA, LTA, EMA, MAS — domain-specific Data VCs
Singapore Citizen or PR
The citizen holds all their government data VCs in the Passbank digital wallet, linked to their SingPass identity. They control selective disclosure and hold the revocation key for every credential.
- Full data ethics VC portfolio in one wallet
- Selective disclosure — share only what's required
- One-tap revocation — data deleted across all agencies instantly
Agencies, PDPC & AI Systems
Downstream verifiers — from social assistance administrators to regulatory auditors — verify only the minimum required claims, with full assurance that the provenance chain is intact and retention policy is current.
- MSF, MOH, MOE — eligibility means-testing verification
- PDPC — proactive provenance audit via registry query
- Public sector GenAI systems — provenance-anchored data inputs
Aligned with Singapore's Data Governance Architecture
Passbank Data Ethics VCs complement — and technically operationalise — Singapore's existing data governance frameworks.
PDPA 2012 / 2021
Retention Limitation Obligation and Accountability Principle operationalised through `expirationDate`, provenance anchors, and dual revocation — not additional audit layers.
GenAI Governance 2024
Singapore Government's 2024 GenAI guidance recommends data provenance for AI outputs. Passbank provides the cryptographic provenance infrastructure that makes this recommendation technically enforceable.
PDPC Enforcement
PDPC investigations shift from reactive breach disclosure to proactive provenance registry queries. Compliance evidence is cryptographic — not documentary.
W3C VC 2.0 Open Standard
All Data Ethics VCs use open W3C standards — interoperable with any compliant wallet or verifier, with no vendor lock-in and full auditability by independent technical experts.
Enforce Data Ethics by Design
Join Singapore's forward-looking government agencies using Passbank to make PDPA compliance cryptographically enforceable — not just auditable.