Hong Kong must do more on data protection

Our personal data is too easily given away nowadays. Signing up for consumer loyalty and reward schemes is a case in point. More often than not, people willingly divulge their personal information in return for gifts, shopping vouchers or discounts. This is not helped when many companies only have nominal data protection policies.

The problems are put into perspective in a study of 30 popular membership and reward programmes in the local retail, hotel, catering, airline, cinema and petrol industries. According to the privacy commissioner for personal data, many schemes lack transparency and collect information that is more than necessary.

The policy statements of companies are obviously made for commercial convenience rather than the protection of customer interests. For instance, most companies indicate they will share customers’ details with “business partners”, “parent companies” or “any of our subsidiaries”. They also ask for “bundled consent” to the multi-purpose use of data, leaving customers with no genuine freedom to refuse the forwarding of their information.

Adding to the concern is the growing trend for companies to use such details for data analytics, profiling and automated decision making. The watchdog warned that such actions would amplify the risk of privacy breaches, such as the excessive collection of personal data and disclosure of intimate details.