These examples highlight some issues: privacy concerns can arise without personal identification data; the guidelines are insufficient; and, we need to clarify who should make the judgment, and how.

The response depends on how privacy is treated. There is no universal standard. Some countries treat privacy as a human right and adopt an omnibus approach to protecting all personal data. In others, privacy is governed by contract law except for selected industries such as finance and health care.

There can also be a cost to protecting privacy. One striking study shows that privacy regulations restricting the exchange of electronic medical records could lead to higher mortality rates of newborns.

Limiting the reuse of public data increases the costs of exploiting it. If the aggregation of bankruptcy and litigation data is forbidden, for example, people need to look into multiple government databases for the same information.

More important, the recent enforcement creates ambiguity. When can a business add value to public data? Surely, some restrictions may be needed, and any violation must be properly sanctioned. But what if the reuse is not excluded?

An ambiguous interpretation of the ordinance may stifle innovation as businesses may stop investing in data services because of the worry about privacy infringement.

Above all, we must fix the role of privacy in our society. The ordinance and its strict interpretation seem more consistent with the human rights perspective. Lawmakers should decide whether that is best for Hong Kong.

If a strict interpretation of the ordinance is warranted, then we should review whether the data should be made public in the first place. The issue of reuse will be moot. If it is not, then we need a clear guideline about what is allowed and what is not.