Hong Kong’s privacy watchdog takes down 90 per cent of social media posts deemed to constitute doxxing under new law
- Privacy watchdog issued 774 cessation notices between October 2021 and May this year, involving 14 social media platforms and about 3,900 messages
- Six people were arrested and some channels shut down completely, according to Ada Chung, privacy commissioner for personal data
Hong Kong’s privacy watchdog has taken down about 90 per cent of social media posts it deemed constituted doxxing after legal amendments were passed last year to criminalise such behaviour.
Ada Chung Lai-ling, the privacy commissioner for personal data, on Monday said her office issued a total of 774 cessation notices between October 2021 and May this year, involving 14 social media platforms and about 3,900 messages. Six people were arrested, she added.
“No social platform should be used by rogue elements to post doxxing messages,” she said. “The Office of the Privacy Commissioner for Personal Data has the right to request the relevant platform to remove the messages, and even restrict or prevent individuals from browsing related channels or even the entire platform.”
Some channels were shut down altogether, which Chung said was a “desirable phenomenon” that showed a correct approach to handling doxxing. But she added she was “not in the position” to disclose details of individual law enforcement actions.
Chung also refused to confirm how many cessation notices were directed at the instant messaging app Telegram, which authorities and pro-Beijing lawmakers have accused of being a hotbed for netizens to leak personal information of police officers, government officials and pro-establishment figures.
Use of the texting app gained traction during the anti-government protests in 2019, where demonstrators created channels to disseminate information to others.
Telegram is famous for its “secret chat” function that enables messages to self-destruct across all devices by setting up a timer.
When asked why some doxxing platforms targeting journalists and opposition figures could persist, Chung noted that her office would handle all the complaints “diligently and fairly, irrespective of the political views or the background of the victims involved”.
Last year, the Legislative Council passed bills to amend the Personal Data (Privacy) Ordinance to criminalise doxxing and grant the watchdog the power to issue notices to remove materials it regarded as intrusive to personal data privacy.
In response to queries from the Post, the watchdog acknowledged that, as of Monday, seven social media channels had been blocked, but declined to say how many of them were removed as a direct result of its instruction or whether the messaging boards originated from Telegram.
Chung’s remarks came as the privacy watchdog on Monday issued a new edition of a guideline on personal data privacy protection for the city’s property management sector following four complaints filed against four firms for the improper collection of personal information.
The guideline covered “the most common issues” relating to the handling of personal data, Chung said, including the collection, storage and display of personal data, use of closed-circuit television camera systems and the recording of Hong Kong identity card numbers.
“Property management bodies should adopt good practices in accordance with relevant laws and guidelines to properly safeguard the personal data privacy of residents and visitors, which is an indispensable part of the provision of high-quality and professional services,” she said.
All four property management companies were found to have contravened the relevant requirements of the data protection principles under the Personal Data (Privacy) Ordinance.
In a separate investigation, the watchdog found that a medical and dental services chain had accidentally disposed of the medical records of 294 patients, including their names, identity numbers and addresses, as ordinary waste in March last year.
The watchdog determined that Town Health Medical & Dental Services had “serious deficiencies” in ensuring the security of personal data and ordered the firm to adopt remedial and preventive measures within two months.
The privacy commissioner also reminded organisations to notify the watchdog as soon as possible if they suspected data breaches so that the office could provide assistance and advice to minimise the damage.