• Mon
  • Apr 21, 2014
  • Updated: 2:33am
NewsHong Kong
PRIVACY

Watchdog pulls plug on Do No Evil app over 'serious invasion' of privacy

After complaints, personal data commissioner warns developer that its Do No Evil app poses a 'serious invasion' of personal privacy

PUBLISHED : Tuesday, 13 August, 2013, 5:40pm
UPDATED : Wednesday, 14 August, 2013, 11:15pm

The company behind a smartphone application that allows public access to a database of more than two million records of litigation and bankruptcy cases has received a warning after it was found to have "seriously invaded" personal data privacy.

The Privacy Commissioner for Personal Data (PCPD) found mobile app Do No Evil had supplied sensitive personal data - including names of litigants, partial identity card numbers, addresses, claims amounts and company directors' data - to users without voluntary consent.

More than 200,000 requests for data access had been made since the app went online last year, the privacy watchdog said.

The app, with 40,000 users, sources information from Glorious Destiny Investments (GDI), which collates information from the millions of pieces of information about litigation, bankruptcy and company directorships from sources such as the Judiciary, the Official Receiver's Office, and the Companies Registry Gazette. The PCPD said this act was a threat to personal privacy.

Privacy commissioner Allan Chiang Yam-wang said the case highlighted a common misconception that personal data collected from the public domain was open to unrestricted use.

"I must make clear that personal data obtained from the public domain is still subject to regulation of the [Personal Data (Privacy)] Ordinance, otherwise consequences will be dire," he said. Data Protection Principle 3 of the Ordinance restricts use of personal data for anything other than the original purpose unless voluntary consent of the subject of the data is obtained.

The app has been pulled from Apple's app store and a separate request has been sent to Google, following an enforcement notice to the company on July 31.

The PCPD said it had received 12 complaints and more than 60 inquiries regarding the app's intrusion of personal data privacy.

The app enables users to search an individual's litigation and bankruptcy data simply by inputting a name as a search criterion, which the PCPD said posed further risk of breaching personal data privacy. "The risk is that users would not know how the app developer handles private data access," said deputy commissioner Lavinia Chang Yu-ming. "Without the user even knowing, the app could be giving away a lot of sensitive data."

Chiang said that without oversight and regulation, GDI could not ensure security of the data collected ... And they could store this data in their system indefinitely. "It is obvious that GDI's activities are purely for commercial purposes and not in the public interest," he said.

Sino Dynamics Solutions, which developed Do No Evil, said it was "strange" how the app was the only one targeted by the PCPD. "Hong Kong is a free society. We are only providing information readily accessible to the public and we are accurate," spokesman Alex Kong said. He said plans to develop apps to facilitate company and land searches would now be scrapped.

GDI said it was disappointed in the commissioner's decision, but stopped supplying Sino Dynamics on August 7. It still runs D-Law, its own online data search service.

Lawmaker James To Kun-sun said as long as an app developer can prove its users are conducting searches for legitimate reasons, such an app should be legal. He advised developers to insert preconditions of use into the app.

 

Share

3

This article is now closed to comments

dienw
The Privacy Commissioner has overstepped the mark here (again - he also did so re David Webb's data base). These data are publicly available so how can this be a serious invasion of privacy? All the app is doing is making it easier for people to search the public data bases. The purpose of use of the data is not specified but if the data are publicly available then it must be the data subject's legitimate expectation that his data will be - publicly available.
The other comments made are quibbles which either don't stand up under the Personal Data (Privacy) Ordinance or can be addressed very easily by the relevant data user.
stoatmonster
Totally agree: the Privacy Commissioner and his cronies have again misinterpreted the letter and spirit of the PDPO.

Login

SCMP.com Account

or