Hong Kong defends privacy laws amid big tech backlash

Hong Kong has defended bringing in changes to its privacy laws, which a technology industry body has raised a number of concerns about.

The new laws target “doxxing”, which is a malicious act where people’s personal information is published online. This is a tactic used during the pro-democracy protests in Hong Kong during 2019 where government supporters sought to identify masked protestors, while protestors themselves reportedly shared private information about police officers and their families, as reported by the Guardian.

Hong Kong’s Privacy Commissioner for Personal Data (PCPD) reaffirmed that the laws will only concern “unlawful” doxxing acts and the PCPD’s related enforcement powers.

“The scope of the doxxing offence will be clearly set out in the Amendments. The PCPD strongly rebuts any suggestion that the Amendments may in any way affect foreign investment in Hong Kong,” it said in a statement.

The proposed legislation has been met with some resistance from the Asia Internet Coalition (AIC), an industry association of leading internet and tech companies in the Asia Pacific region with an objective to promote the understanding and resolution of Internet and ICT policy issues. Based in Singapore, AIC counts on Big Tech companies among its members, such as Apple, Facebook, Google, Amazon and SAP.

In a letter sent to the PCPD on June 25, and made public this week, AIC established a number of proposed amendments to the law, stating that the proposed legislation was too broad.

AIC said that as online services are provided by offshore global or regional headquarter companies, local staff of overseas platforms “are not responsible for the operations of the platforms; neither do they (or the local subsidiary by which they are employed) have access right or control to administer the online platform contents”.

It said that any rectification notice “may only be legitimately issued against the real operating entity of the online services platform outside of Hong Kong, and it would be a fallacy to issue the same against their local subsidiaries or entities, or to hold them or their employees legally liable for the same.”

AIC went on to underline that the only way for tech companies to avoid these sanctions would be to refrain from investing and offering their services in Hong Kong, which could deprive businesses and consumers and create new barriers to trade.

“Thus, the possibility of prosecuting subsidiary employees will create uncertainties for businesses and affect Hong Kong’s development as an innovation and technology hub. If it remains the PCPD or the Administration’s intention to hold the employees of the local subsidiaries or entities liable for doxxing content, we seek clarification on the legal basis of doing so.”

The PCPD has stated it is welcoming views from stakeholders and will meet with representatives of the AIC to “better understand their views”.