Watchdog pulls plug on Do No Evil app over 'serious invasion' of privacy

The company behind a smartphone application that allows public access to a database of more than two million records of litigation and bankruptcy cases has received a warning after it was found to have "seriously invaded" personal data privacy.

The Privacy Commissioner for Personal Data (PCPD) found mobile app Do No Evil had supplied sensitive personal data - including names of litigants, partial identity card numbers, addresses, claims amounts and company directors' data - to users without voluntary consent.

More than 200,000 requests for data access had been made since the app went online last year, the privacy watchdog said.

The app, with 40,000 users, sources information from Glorious Destiny Investments (GDI), which collates information from the millions of pieces of information about litigation, bankruptcy and company directorships from sources such as the Judiciary, the Official Receiver's Office, and the Companies Registry Gazette. The PCPD said this act was a threat to personal privacy.

Privacy commissioner Allan Chiang Yam-wang said the case highlighted a common misconception that personal data collected from the public domain was open to unrestricted use.

"I must make clear that personal data obtained from the public domain is still subject to regulation of the [Personal Data (Privacy)] Ordinance, otherwise consequences will be dire," he said. Data Protection Principle 3 of the Ordinance restricts use of personal data for anything other than the original purpose unless voluntary consent of the subject of the data is obtained.

The app has been pulled from Apple's app store and a separate request has been sent to Google, following an enforcement notice to the company on July 31.