Get us in your inbox


Private eyes: Personal privacy in a mobile world

Written by
Time Out Hong Kong

In the past few weeks, you might have been lucky enough to be selected as one of the 10 percent of households in Hong Kong to take part in the 2016 Population By-census, which concluded on August 2. The census is a collection of demographic data conducted by the Census and Statistics Department (CSD) that aims to ‘obtain up-to-date information on the socio-economic characteristics of the population and on its geographical distribution’, according to the official website. The information collected is used by the government for planning and policy formulation, to formulate business strategies by the private sector, and by researchers to conduct social and economic studies.

Taking place every five years, these censuses are usually significant events. But do they matter much many more? Living in the information age of Google Analytics, does a humble government census really reveal that much about society? “Many banks and e-commerce companies know more about us based on our purchase behaviour than other governmental collection processes,” says Caitlin Riordan, Hong Kong country manager at Experian Marketing Services, Greater China. She continues: “With the proliferation of technology and the mobile-first consumer, consumers are purchasing more online and it makes it easier than ever for the big retailers out there to profile our behaviour and know exactly when to target us and what content would interest us the most.” 

For corporations, collecting the behavioural data of individuals is merely a means to an end, rather than an end in itself. The aim is to process the vast swathes of data now available in order to identify new opportunities and to optimise operations. Institutions and organisations are willing to invest huge amounts of manpower and underwrite significant costs in order to collect and enumerate data. Even the CSD allocated an amount of $256.59 million for the preparatory work for this census and recruits some 6,410 temporary field workers to ensure the validity and reliability of the data collected. Online data collection is expected to see exponential growth in the business area. “Data is becoming the air that companies breathe,” opines Riordan. They live and die by the insights in the data they collect and the way they respond to it. We are seeing a rise in the role of the chief data officer. I think this in itself shows a trend shift for industry.”  

The internet has become a popular medium to gather data due to its massive usage. Keywords typed into search engines, location tracking via social media and in-house customer databases are being brought together to create a single customer view. Riordan explains what data marketing services are about: “We are data addicts. We power opportunities through big data for our clients.” The buzzwords ‘big data’ refer to the wealth of information collected by companies regarding their customers. “We help our clients to make decisions around their data. Of particular interest to me is how we help marketers find opportunities to communicate more effectively and drive revenue through data.” In other words, data collected can be analysed and turned into actionable insights that can be used for marketing purposes.

Businesses can sometimes be devious when it comes to collecting users’ personal information. From Amazon’s ‘You May Also Like’ filtering function to the recent Pokémon Go craze, there have been prophetic voices anxious about the creeping breach of our personal privacy on an everyday basis. “Businesses know that customers tend to quickly click ‘agree’ when presented with a privacy policy,” says professor Stuart Hargreaves, an assistant professor of law at Chinese University Hong Kong. “It’s not ‘tricking’ the customer per se, but it is a way that some businesses can get individuals to agree to share more personal information than perhaps they really are aware,” he adds. Another common method companies use to collect data is through loyalty programmes. The strategy came to public attention in Hong Kong following the infamous ‘Octopus Incident’ in 2010, when Octopus Rewards Limited, the largest shareholder of the Octopus card system, made a profit of $44 million dollars by sharing with third parties the personal information of nearly two million registered cardholders who were participating in the Octopus Rewards Program.

However, the biggest threat to personal privacy is not businesses’ data mining strategies. It is ourselves. We say we value our privacy but our actions indicate otherwise. A study conducted by the Privacy Commissioner for Personal Data (PCPD) finds that many Hong Kong smartphone users lack privacy awareness. Only 23.8 percent of smartphone users actually consider the privacy policy of an app before installing it and an alarming 46 percent of Hong Kong smartphone users have experienced misuse of their personal data, but only 11 percent of them are concerned enough to make a complaint. What’s worse, only six percent of the public are willing to pay for privacy protection regarding online activities.

If you think the government can protect you from privacy intrusions, then you might be disappointed. Present privacy laws are not sufficient to safeguard one’s online privacy. The main law that protects personal privacy in Hong Kong is the Personal Data (Privacy) Ordinance (PDPO), which is overseen by the Office of the Privacy Commissioner for Personal Data (PCPD). The PDPO regulates the collection and usage of personal data of both the private and public sector. A general right to privacy, including intrusions by the government, is also guaranteed by the Basic Law Article 28-30. However, with technology advancing so quickly, privacy laws today are already behind the reality of the digital age. “The PDPO was written prior to the widespread adoption of the internet by almost all members of society, and so is not always well suited to some modern privacy issues,” explains professor Hargreaves. Under the circumstances, we are significantly at risk from internet fraud when we put our personal information online. “People can pretend to be someone in the online world with some basic data,” explains Dr Jojo Mo, an assistant professor of law at City University of Hong Kong. According to the Hong Kong Police Force, the latest trends in technology crime include social media deception, e-banking fraud and email scams.

“Privacy helps protect our dignity and autonomy. Our freedom can be compromised if we are being monitored, whether willingly or unwillingly,” insists Dr Mo. Privacy is precious and not something we should take for granted. Both the public and government should take steps towards improving the protection of personal data. The PCPD has recently announced it will undertake a comprehensive review of the PDPO in the coming years in order to make sure online privacy is well protected in the SAR. As for the public, the solution is simple – to think before handing out personal information. “Individuals need to be conscious about the information they are revealing, especially online, in exchange for seemingly ‘free’ services,” says professor Hargreaves. “It is a well known axiom that if the service is free, then it is the user and their information that is really the product being sold.” Giving out personal information is not necessarily a bad thing. Businesses can cater to preferences of modern-day consumers and the government can help its citizens to plan for the future. What’s important now is to educate and equip ourselves for the data-driven future. 

To learn more about personal privacy, visit the Privacy Commissioner for Personal Data website at

Christy Au-Yeung

Latest news