Their faces appeared on profiles they never created, in advertisements they never approved, and on social media accounts selling products they have never used. Across Singapore, a growing number of residents are discovering that their personal photographs — lifted from Instagram, LinkedIn, and HDB-era community Facebook groups — have been duplicated and repurposed without their knowledge.
The issue has sharpened in recent months as artificial intelligence tools make it faster and cheaper to scrape, replicate, and manipulate images at scale. For communities already navigating cost-of-living pressures and a rapid digital transition, the sense of violation runs deep.
Community manager forums at Heartland Enterprise Centre Singapore, which supports hawker and small-business operators, have fielded similar concerns from members worried that their stall photographs and personal images are being harvested to create fake vendor profiles. The Personal Data Protection Commission — Singapore's statutory regulator under the Personal Data Protection Act 2012 — does cover certain forms of unauthorised image use, but residents say the complaints process is slow and the outcomes opaque.
The National Library Board's digital literacy programmes, run from branches including the Library@Chinatown and the Jurong Regional Library, have begun incorporating modules on image rights and reverse-image searching. Still, awareness among older residents in particular remains limited.
The Gap Between Law and Lived Reality
Singapore's PDPA was last substantively amended in 2020, and while those amendments expanded individual rights — including the right to data portability and correction — they were drafted before generative AI made mass image duplication trivially easy. Legal practitioners who advise on technology matters note that the threshold for proving harm under the Act can be demanding for ordinary complainants acting without legal support.
The numbers give shape to the anxiety. The PDPC received 672 data breach notifications in 2023 alone, according to its published annual report for that year. While image duplication does not always constitute a notifiable breach under the current framework, advocates argue the volume signals how poorly Singapore's enforcement architecture scales against decentralised, cross-border misuse.
Residents in older estates — Toa Payoh, Queenstown, Ang Mo Kio — describe a particular vulnerability. Many uploaded photographs to now-dormant community portals and grassroots organisation websites years ago, long before privacy norms tightened. Those images remain indexed and accessible.
A mother in Queenstown described checking a reverse-image search tool for the first time after a neighbour warned her. She found her daughter's school event photograph, taken at the former Queenstown Secondary School field day, appearing on a stock image aggregator with no attribution. She said she did not know where to begin making a complaint.
For now, practitioners recommend three concrete steps: running personal images through Google Reverse Image Search or TinEye at regular intervals; filing a report with the PDPC via its online complaints portal if misuse involves a Singapore-registered entity; and requesting takedowns directly from platform operators using formal intellectual property or terms-of-service channels, which tend to move faster than regulatory routes. The Consumers Association of Singapore also accepts complaints where commercial deception is involved.
The broader question — whether Singapore's legislative calendar will move quickly enough to address AI-accelerated image duplication before it becomes routine — sits unanswered inside the Ministry of Digital Development and Information's ongoing review of the PDPA's scope. Residents in Tampines and Toa Payoh are not waiting for that review to conclude. They are already doing their own searches.