• Mon
  • Sep 22, 2014
  • Updated: 9:51am
NewsHong Kong

Privacy commissioner is Luddite, says activist after Do No Evil app shutdown

Corporate crusader says the Do No Evil app was only providing what is already public and 'Luddite' commissioner should be replaced

PUBLISHED : Thursday, 15 August, 2013, 12:00am
UPDATED : Thursday, 15 August, 2013, 9:02am

A prominent corporate governance activist has lashed out at the privacy watchdog for failing to acknowledge the need for easier access to information.

And David Webb says its commissioner, Allan Chiang Yam-wang, should be "replaced with someone who understands modern technology" better.

"Frankly, I think Mr Chiang is a technophobic Luddite and needs to be replaced by someone who won't keep attacking services that provide public access to data that is already public," said Webb.

He was responding to a move by the privacy watchdog to bar a company from supplying data on individuals - gleaned from publicly available litigation and bankruptcy records - via a smartphone application.

The Office of the Privacy Commissioner for Personal Data yesterday said it had ordered the operator of mobile app Do No Evil to cease supplying "sensitive" data after it was found to have invaded personal data privacy by allowing users to search for individuals by name.

Webb said the watchdog's report contained several inconsistencies. "[Chiang's] position is inconsistent. He says it is OK for corporate services to do it for other corporations, but it is not OK for a business to provide this service to a consumer … tenants and landlords may want to look up whether either have been sued in the past and small businesses may want to conduct due diligence," Webb said.

"But any information that has gone through the courts is in the public domain so I don't see why they're forcing people to go down the corporate route."

Webb criticised the report's premise that people with similar names could be mistaken during a search, saying unique identifiers such as partial identification numbers, which are also public, would help to avoid mix-ups.

"The commissioner should explain why a company can provide [background search] services through web platforms and not mobile apps," he said.

Webb was forced by the watchdog earlier this year to withdraw a short-lived database listing the identity card numbers of 1,100 company directors including tycoons Thomas Kwok Ping-kwong and Li Ka-shing.

In both cases, the watchdog argues that misuse of personal data from public registries that is not directly related to the original purpose could constitute a breach of the privacy law.

Webb's push for the free flow of information was echoed by Alex Kong, of IT company Sino Dynamic Solutions, which developed the Do No Evil app. "We call the app Do No Evil to convey this message: easy public access to criminal records would help deter crime," he said.

The company argues that the data, which is all obtained from public records provided by the government, is for employers to conduct background searches and due diligence on potential employees. Kong gave the example of schools being required to check whether teachers had committed sex crimes.

A team of nine people had worked on the app for 18 months, he said. "A company once offered to buy the rights to the app for HK$600,000, but we refused the offer due to the long-term potential of the app. Now everything has been in vain," Kong said.

The firm has also scrapped plans to develop apps facilitating company and land searches.

The right of individuals to privacy is not absolute, the privacy commissioner said on Tuesday. It must be balanced against other rights and the public interest, he said. Exemptions from the Personal Data (Privacy) Ordinance include the use of personal data to prevent or detect crime or dishonesty, and for reporting purposes where information published is in the public interest.

He said the Do No Evil app "seriously invaded" privacy and the exemptions did not apply.



For unlimited access to:

SCMP.com SCMP Tablet Edition SCMP Mobile Edition 10-year news archive



This article is now closed to comments

Private firms create apps for access to public data where Government or associated organisations fail to provide quality access services to public data themselves. How many departments still ask you to physically go to a secretariat to check out plans or records which are available in digital form? Give it to them Webb. Cars replaced horse carriages, planes replaced boats, ... what is wrong with these people?
Hear, hear! Well said pauluszimmerman!
sounds the time is right for a Judicial Review of the lopsided inconsistent decisions.
Let the judges decide what is freely available information
The Govt under orders from (persons hiding their assets from China ?) above tried to remove director details from company search data, and lost.
They need to lose this one too.
Or is it all about a loss of public data search income or just incompetence ?
Lai See got it right as well.
Why the secrecy surrounding Hong Kong's societies?
Wednesday, 07 August, 2013,
It's a ramshackle fiasco mishandled by seemingly incompetent people promoted under the Peter Principle who could not find a decent job in the business world or who might seek to feather their retirement nests by their current flawed decisions.
The laws are always playing catch up. It seems the real issue is that the PDPO is outdated and failed to foresee that individual public records would be used for novel, unexpected, and potentially abusive purposes if it were convenient to do so. The ease and low cost of access to information today presents new challenges to individual privacy that would have been unheard of thirty years ago. To be fair, convenient access to individual public records is not necessarily the issue, but rather the potential for abuse leading to a violation of personal privacy leading to personal harm. The provision of individual public records should be solely undertaken by the government instead of private/commercial parties to ensure stringent control on the data.
To these ends, it would seem appropriate to review the PDPO and related ordinances with respect to: a) a prohibition on the reproduction and dissemination of individual public records; b) an introduction of a time limit on the intention of individual public records; c) a review on the fee schedule for access to individual public records to ensure the fee to access is sufficiently high to deter/prevent abuse of information; d) an introduction of controls to the access of information based on the sensitivity of the information requested, the purpose for the information request, and the identity of the requesting party; e) a review on what individual records should be made public.
Unlike David Webb who are civilized, we are talking about Hong Kong, a 99% Chinese society. In Chinese DNA, they have a crave to pry into other people's past and spread gossip about it even if that is none of their business. The intention of providing easier access is good, but Chinese has a bad habit of using your past as a means of attacking people they simply disliked - and that person can just be a co-worker he/she disliked. The correct approach to prevent misuse is to license the usage to specific groups such as property agencies, registered businesses etc. not individuals.
Civilized or not, the potential for sensitive information to be misused is very high, as in the example above.
The "Do No Evil" apps was first reported in an ex-pat magezine. The issue here is not about need for easier access to information, it is how those information is being accessed by people with no need or legitimate jusitifcation. There are people who use the apps to simply find out all about an individual. For example a member of staff disliked a co-worker, he/she can use the application to dig out all kinds of pass history of the person and if the person happens to have a court incident or similar, the information will be used as character murder in a workplace. That was what I read about this app last year in that magezine. The employee was under so much pressure that he had to quit his job. The person who accessed the data had absolutely no legitimate reason to use it. Such sensitive information should not be available to an average men on the street - given that the HK is not really an educated society.
Chiang used to run the post office for chrissakes. For him, new technology is a self-adhesive stamp. Get rid of the ignorant choge and take away his pension.
Don't forget when his appointment as privacy commissioner was announced, the post office staff union came out marching against it. what kind of man do you have to be to have your ex-ex-staffers (he's had a few posts in between as well i think) come out and denounce you like that?
John Adams
I love your sense of humor :-)
And I do fully agree with you !
In fact the whole thing would be hilarious if it were not for the fact that it's true.




SCMP.com Account