Consumers need updated regulation to protect their personal data
Gilly Wong says that with the convenience of online products and services comes risks, including of companies that access too much of consumers’ personal information, and the government needs to adapt legislation to this reality
In the digital age, the economy is part of a world of big data. One example is the government’s smart city blueprint, its five-year development plan for Hong Kong’s future, which includes the introduction of faster payment systems and an electronic ID for all residents.
The internet is all pervasive in modern life. But while consumers take delight in convenience, they must safeguard personal information to keep it out of the hands of merchants and third parties who will use them for market analysis and sales promotion.
The theme for this year’s World Consumer Rights Day on March 15 is “Making Digital Marketplaces Fairer”, as part of a global campaign for a secure internet, better consumer protection online and action against fraud.
Envision for a moment the electronic bangle you wear on your wrist telling you your body’s condition and reminding you of how much water and exercise you need today. No more worries of forgetting to stock up on food, as milk, vegetables and fruits have been ordered via a smart system. Sit back and relax in a driverless car, speak your name on the mobile handset and, in an instant, you start rolling out commands for fund deposits, investments and so on.
This is not fantasy. Already, in recent years, there has been a growing consumer acceptance of the “smart home” concept and emergence of smart appliances for the home. For instance, “smart refrigerators” are no longer merely for cold storage; they can also monitor what food will soon expire.
In addition, technological advances in the field of voice biometrics, fingerprints, iris scans and facial recognition systems replace and supplement conventional inputting of online account names and passwords. Already, this technology has been broadly applied to mobile handsets for on/off switch recognition, and banks and business sectors increasingly adopt similar technology. Double authentication security measures can prevent hackers from pinching your PIN and attacking your online investments, but also keep you from forgetting passwords.
As the world’s major enterprises jump on the digital technology bandwagon, the major challenge facing the world is whether we have the necessary legislation to safeguard consumers’ personal information and privacy. To address the issue of e-commerce, the United Nations Conference on Trade and Development has put together an expert team, with cross-government participation, to collect and disseminate information and devise legislation to protect consumer rights.
Earlier this year, the European Union launched the General Data Protection Regulation, which seeks to enlarge the definition of “personal data” to cover website browsers’ cookies, IP addresses, identifiable characteristics in DNA, biometric data, and so on, and require businesses to secure consumers’ clear consent before their use. Offenders face fines of between 2 per cent and 4 per cent of business sales. The regulation also affords consumers the power to pursue enterprises over the illegal use of their personal information.
In Hong Kong, we have witnessed a steady stream of consumer issues arising from the digital marketplaces. Last year, the Consumer Council received almost 4,000 cases of consumer complaints, an increase of some 23 per cent, mostly involving online sales tactics, suspected spurious goods and alteration/termination of contracts.
Further, many mobile apps are suspected of extracting excessive amounts of personal data and information. A case in point concerns the council’s recent scrutiny of seven pre-booking taxi apps. Many apps were caught collecting customer information irrelevant to the operation of the service, such as storing or changing the content of memory cards; storing the user’s photo, contact information and records of communication; and even downloading the customer’s file without notification.
Recently, quite a few mobile handsets have been equipped with mobile payment services that ask for precise details of users’ personal data, and contactless communication also comes in the form of QR codes and near-field communication capabilities.
Personal information more at risk than ever in age of big data, Hong Kong privacy watchdog head says
No doubt the massive application of digital technology is inevitable. Business enterprises, however, should not seek to collect and use personal information not directly related to transactions; they should clearly list the information they need.
The Consumer Council looks to the government to keep pace with the changing times, review existing legislation and devise a new set of regulations, including protection of digital intellectual property and personal privacy.
Gilly Wong is chief executive of the Consumer Council