Frequently asked questions
sgID exists as a module in the Singpass mobile app. sgID login uses a different protocol from the usual Singpass login. The sgID protocol is end-to-end encrypted which means that the government cannot see which businesses or government agencies you're communicating with, and what data you're sending to them.
Yes. The PDPA requires businesses to be compliant with clauses by 1 September 2019, surrounding consent obligation, purpose limitation obligation, and notification obligation, all of which are built into sgID.
The user data that sgID clients receive are encrypted with a block key, which is in turn encrypted with the public key associated with that client.
To access the data in plaintext, clients will need to:
- 1.Decrypt the encrypted block key with their own private key to receive the block key
- 2.Use the block key to decrypt the encrypted user data