Doxxing cases, most involving police officers and their supporters, fell 76 per cent last year in Hong Kong, the city’s privacy watchdog has said. But Privacy Commissioner for Personal Data Ada Chung Lai-ling on Thursday said there was still an urgent need for a review of the Personal Data (Privacy) Ordinance to empower the watchdog to investigate and prosecute cases directly, as well as require internet service providers to remove unlawful content from social media. The commission also launched a hotline for complaints and inquiries about doxxing, which was widespread during anti-government protests in 2019, with the body alerted to 4,370 cases between June and December that year. The figure dropped to 1,036 in 2020, down 76 per cent. The watchdog did not record complaints about doxxing between January and May 2019, before the social unrest broke out. Out of more than 5,400 cases in the past two years, 38 per cent involved police officers and their family members, while another 30 per cent were tied to residents supporting the government or the force. Chung said about 10 per cent of the 5,400 cases involved residents making comments against the government or police. “I don’t think we should tolerate any doxxing cases … I don’t think we should ignore that we still had around 1,000 doxxing cases [last year],” Chung said. “If amending the law is an effective way out, why not?” Car database search alerts response to ‘weaponising’ of information, Lam says The anti-government movement sparked by the now-withdrawn extradition bill in June 2019 opened a widening rift in the city that led to many officials, police officers, journalists and protesters being doxxed. Victims’ personal information, such as their names, identification card numbers and family members’ contacts, were circulated on social media. The watchdog said in the past two years, it had written 253 times to at least 18 online platforms, and referred more than 1,400 cases to police, 57 of which were sent to the Department of Justice. The body was also discussing with officials on amending the privacy law. Under the proposal, the watchdog would be empowered to conduct criminal investigations and launch prosecutions over unauthorised sharing of personal information, without referring the cases to police. They are also seeking powers to require the removal of content from social media, lest the webmaster be found guilty of committing a criminal offence. Hong Kong police broke privacy law with public display of ID card: inquiry But Chung admitted no timetable for the amendment was established. The watchdog must go through additional discussions with the government and collect views from lawmakers and the public before moving forward. For years, the privacy watchdog has been described by critics as a “toothless tiger” for its lack of power to conduct criminal investigations and having to refer complaints to police. RTHK contributor Bao Choy Yuk-ling was prosecuted in November over suspicion of using an official database to search for vehicle information for a television programme, sparking widespread condemnation among media groups, scholars and opposition politicians, who accused police of using the law to suppress the media. Asked about the use of personal data in public registries, Chung agreed that government departments should improve transparency of limits on the use of the information for media searches for news reporting. “The overall principle, which I advocate, is transparency. You should let people know the purpose of the register in question,” the commissioner said. “You should let people know the available options, so that the person searching will not commit an offence unintentionally.” Chung added that while personal data in the public domain should be subject to privacy laws, authorities should strike a balance between protecting the information contained in the registries and the media’s rights to report. The privacy chief, however, stopped short of going into detail over whether departments had done anything wrong. She added she did not think the authorities had limited the methods available to the media to conduct searches. Earlier this month, the Transport Department launched a new alert service, whereby car owners are notified via email if their personal details have been accessed through a government database. The free service provides information about the searcher, including their name and the purpose, time and date of the search. If registered car owners suspect their personal data has been misused by the applicant, they can contact the Office of the Privacy Commissioner for Personal Data or police.