Hong Kong’s personal data privacy watchdog has has told HKFP that they maintain no data on whether any doxxing complaints it received were connected to the use of public registers.
The government announced on Monday that public access to personal information of company directors listed in Hong Kong’s Companies’ Registry are to be restricted over doxxing concerns. Residential addresses of directors and company secretaries and their full identification numbers will be masked from public inspection, except for a handful of authorised persons, liquidators, or public officers.
On Wednesday, HKFP asked the Office of the Privacy Commissioner for Personal Data (PCPD) for the number of privacy violation complaints it received over the past two years in connection with the use of company and land records.
In response, the watchdog said it received a total of 750 complaints about doxxing in 2019 and 134 last year that involved addresses or Hong Kong identification numbers. However, it said it had “no further breakdown” indicating whether complaints were linked to the use of data in the public registries. It was also unable to state whether any complaints received involved the disclosure of information taken from the registries.
“Public registers might be the possible sources from which the doxxers obtained the information,” the statement read, without indicating how this conclusion was drawn.
In July 2015, the watchdog published a report that surveyed how public registers containing personal data are maintained by the government.
The Companies Registry told the PCPD for the purpose of the survey report that the Personal Data Privacy Ordinance “offers sufficient protection” and there was “no plan to introduce legislative provisions imposing sanctions against improper use of personal data.”
However, the Registry concluded it “needs to further examine stakeholders’ views on limiting the class or persons making search[es] and requiring requestors to make [a] declaration on intended use.”
The PCPD survey also said the Companies’ Registry practised several of its recommendations to safeguard personal data. These included specifying the purpose of the register in its establishing legislation, and providing a clear Personal Information Collection Statement to data owners.
Chief Executive Carrie Lam said on Monday that there needed to be a balance struck between personal privacy and the need for personal data in public registers. The government was responding to the public’s hopes that it would put in place legislation to “prevent doxxing, prevent personal data from being weaponized, and to stop people publishing fake news or hate speech on the media or online,” Lam said. “Public registers are one of the aspects.”
However, activist investor David Webb, who runs a free database of publicly available information of companies in Hong Kong and the United Kingdom, questioned the government’s decision, and said that the proposed changes “will facilitate corruption, fraud and other crimes.”