Hong Kong elite school told to review data policy after alleged student privacy breach
- Education Bureau and privacy watchdog follow up with St Paul’s Co-educational College over social media post accusing it of monitoring pupils’ after-class activities
- School says it recently conducted sample checks to understand student usage of tablet computers and ensure devices were being used appropriately
Hong Kong’s education authorities have called on an elite school to review its data handling policies after it was accused of collecting information from students’ personal computers and allegedly installing devices to monitor their activities.
The Office of the Privacy Commissioner for Personal Data also said on Thursday evening it would look into a complaint posted online about St Paul’s Co-educational College’s collection and handling of students’ personal information.
The anonymous complaint surfaced on Instagram and alleged the Mid-Levels school had recently started demanding students turn over their personal computers to IT staff for inspection after discovering the devices were often used to play video games.
The complainant further alleged that, based on the first batch of pupils who had their computers scrutinised, the school staff had backed up the pupils’ data onto USB drives and installed suspected monitoring devices to check their activities after school hours.
In Hong Kong, personal data can only be collected for a lawful purpose directly related to a function or activity of the user. The data collected should be necessary and adequate but not excessive for such purposes.
According to the social media post, there were also suggestions the school checks included scrutinising private account information, personal files, photos and chat records on the devices, prompting concerns on campus.