Consumer protection in Hong Kong

Hong Kong must do more on data protection

Thanks to membership and reward programmes, customers divulge their personal information too easily nowadays and privacy concerns are growing

PUBLISHED : Thursday, 21 December, 2017, 1:53am
UPDATED : Thursday, 21 December, 2017, 1:53am

Our personal data is too easily given away nowadays. Signing up for consumer loyalty and reward schemes is a case in point. More often than not, people willingly divulge their personal information in return for gifts, shopping vouchers or discounts. This is not helped when many companies only have nominal data protection policies.

Privacy watchdog warns on consumer loyalty programmes

The problems are put into perspective in a study of 30 popular membership and reward programmes in the local retail, hotel, catering, airline, cinema and petrol industries. According to the privacy commissioner for personal data, many schemes lack transparency and collect information that is more than necessary.

The policy statements of companies are obviously made for commercial convenience rather than the protection of customer interests. For instance, most companies indicate they will share customers’ details with “business partners”, “parent companies” or “any of our subsidiaries”. They also ask for “bundled consent” to the multi-purpose use of data, leaving customers with no genuine freedom to refuse the forwarding of their information.

Adding to the concern is the growing trend for companies to use such details for data analytics, profiling and automated decision making. The watchdog warned that such actions would amplify the risk of privacy breaches, such as the excessive collection of personal data and disclosure of intimate details.

Do-not-call register best option to deter cold-callers

On a brighter note, the separate inspection of a property agent has yielded better results. The watchdog said the unspecified agent had made reasonably good progress in data protection, in particular with efforts by top management to designate a senior officer for compliance. Access to its database is also on a basis of need, thereby minimising the risk of leaks. The privacy commissioner is right in urging organisations to embrace data protection as part of corporate governance rather than just legal compliance. Regrettably, few companies have lifted privacy protection up to the boardroom level as in the case of the property agent. Even though the law concerned has been in place for two decades, there is still much work to be done.