INFO · Search
· Chinese version · Subscribe


Plug the Personal Data Leak

A protracted delay in implementing a key clause of the city's data protection legislation has raised alarm amid heightened risk of private information leakage.

Lawmakers and information technology experts have stepped up calls for stringent government regulation of the use and transfer of personal data, as the public is increasingly vulnerable to unauthorised access to and exchange of private information.

Under section 33 of the Personal Data (Privacy) Ordinance, organisations are prohibited from transferring users' personal data to places outside Hong Kong, unless the receiving destination has in place legislation that provides the same privacy protection as that guaranteed by the Ordinance.

The section was enacted in 1995 but has never been enforced.

Legislative Councillor Mr Charles Mok Nai-kwong, who represents the information technology sector, said it was the government's job to ensure the full enforcement of the Ordinance.

"There is no reason for having delayed the enforcement of section 33 for more than 10 years," said Mr Mok.

In Singapore, the government is due to introduce legislation in July this year outlawing the transfer of personal data to places outside the country by organisations unless they can prove that the data will be accorded the same protection as that guaranteed by the Act.

Mr Mok said that Hong Kong government should address the lack of enforcement immediately to avoid falling behind other countries.

In October 2010, a group of information and communication technology experts from various non-profit organisations, including Internet Society Hong Kong, joined forces and submitted a paper to the SAR government calling for the enforcement of section 33 of the Personal Data (Privacy) Ordinance.

But the government has yet to provide a timetable for the discussion.

Information technology professionals have also expressed concern about the inadequate government oversight of the use of residents' personal data by app developers and corporations in the city.

The Office of the Privacy Commissioner for Personal Data (PCPD) received about 2000 complaints in 2013, up 48 per cent from the previous year. They were related to the use of personal data, data security and data access requests.

Ms Fiona Shek Hoi-wai, the corporate communication manager of PCPD, said that the increase in the number of complaints could be attributed to the new provisions on the use of personal data, which require organisations to seek users' consent before using their data for direct marketing.

Currently, the PCPD promotes the adoption of transparent privacy practices to the city's app developers by issuing guidelines on data protection.

For example, app developers are required to state clearly whether an app would extract users' personal data from their smartphones, and what types of information it would have access to.

But lawmakers such as Mr Mok have pointed out that the guidelines are only applicable to Hong Kong app developers, as those based outside the city's jurisdiction are not bound by the rules.

In January 2014, Hong Kong Computer Emergency Response Team Coordination Centre reported that, in the 167 scanned applications from the Google Play App Store, six of them were found to pose a high security risk to smartphone operating systems and users' interests.

Dr Joe Yau Cho-ki, a lecturer in the Department of Computer Science at Hong Kong Baptist University, said different app developers might collaborate with each other to collect users' personal information for marketing purposes.

A study conducted by Appthority, a San Francisco-based mobile risk management firm, in February 2013 found that free mobile apps on Apple's iOS platform extracted greater amount of personal data from users' smartphones than those on Google's Android platform.

Dr Yau said that users should be aware of the data to which an app has access before installing it, and that they should not download apps from unreliable sources.

"Although users are not able to deal with the technical problems, they should be educated about ways of protecting their privacy," he added.


Reported by Tiffany Lee 

Edited by Brian Yap

《The Young Reporter》

The Young Reporter (TYR) started as a newspaper in 1969. Today, it is published across multiple media platforms and updated constantly to bring the latest news and analyses to its readers.


Rabbit refuge struggles to re-home surrendered bunnies

China market shut to international e-cigarette companies