简体中文
The Office of Privacy Commissioner for Personal Data (PCPD) convened a press conference on August 13, pointing out that a smartphone application known as "Do No Evil" invaded privacy by providing users with access to personal data on public platforms, such as judicial organs and the Companies Registry. The PCPD had issued an Enforcement Notice directing the database operator to suspend the process.
The database for "Do No Evil" is created by Glorious Destiny Investment Limited (GDI), who had collected a huge amount of personal or company data from different sources, including the Judiciary, the Official Receiver's Office, and the Companies Registry, and provided these information for users of "Do No Evil".
The App was launched last June, with a claim of 2 million records of civil and criminal litigation as well as bankruptcy cases. By using the App, users can obtain information concerning the target person's name, partial identity card numbers, address, court type, action number, company directors' data, nature of the case and even the person's signature.
Allan Chiang, Privacy Commissioner for Personal Data, indicated that users of the App mainly intend to recruit employees, tutors and servants, to handle their properties, and to assess attendance or due diligence. According to Personal Data (Privacy) Ordinance, mere possession of these data is legal. The PCPD has also set restrictions on the disclosure and consultation of the data concerning public litigation, bankruptcy and company directors.
However, he pointed out that the targeted individuals' names, addresses, debts accrued, crimes and judgment are sensitive data. Though profiling and re-use of personal data in the public domain could generate economic efficiency and societal benefits, such activities could invade privacy. DPP3 requires that personal data should only be used for the purposes for which it was collected or a directly related purpose. As for GDI who went totally the opposite way, they had obviously violated the regulation.
Moreover, people with ulterior motives may use ID numbers, addresses and signatures for surveillance or fraud. With the reference to the above information, companies may also infer the person's habits and preferences to promote sales, against the will of consumers.
The technical bug of "Do No Evil" are likely to bring about chaos too: those involved in court hearings may be found innocent, or people who went bankrupt but discharged, may encounter accidental misfortune, as the App does not update the status of the targeted persons.
In addition,under theRehabilitation of Offenders Act, after a defined rehabilitation period, certain criminal convictions become ‘spent’. This means that the ex-offender in question is not required to disclose the conviction. The BankruptcyOrdinance also makes it clear the bankruptcy can be discharged 4-8 years after it takes effect.
The App, however, does not update accordingly. The victim can only clarify through one particular function in the App, which has caused a great deal of trouble.
The PCPD had issued an Enforcement Notice directing the database operator to cease supplying litigation and bankruptcy information to the App.
On the other hand, Chiang told the press that the PCPD has already proposed to amend the Corporation Law and other relevant regulations, in order to further limit the exposure of data on company directors and other individuals. The proposal, however, was shelved temporarily. Further discussions will be made next year.
