Hong Kong’s privacy watchdog says it has issued more than 770 “cessation notices” to 14 social media platforms demanding they remove around 3,900 unlawful doxxing messages sent over the past eight months.
Privacy Commissioner for Personal Data Ada Chung revealed the latest figures at a press briefing on Monday, saying her office has been taking law enforcement action since a new anti-doxxing law was passed last October. The commissioner was empowered to request local or overseas internet service providers to remove private or identifying data, as well as to restrict access of any persons to the content in question by partially or entirely blocking the platform.
Chung said her office is “trying [their] best to stamp out doxxing” but said social media companies also need to do their part.
“I would also urge the operators of social media platforms to discharge their own responsibility to monitor any unlawful content with regards [to], for example, doxxing messages on their platforms. And they should also take action to remove the unlawful doxxing messages right away if those messages appear on their platform,” said Chung.
When asked how many of the cessation notices were for Telegram, a popular messaging app used by anti-extradition law protesters in 2019, Chung refused to disclose the breakdown. In November last year, a telecom worker was jailed for two years for sharing the personal data of police officers and pro-government figures on a Telegram channel.
Local media earlier reported that Hong Kong was looking to ban Telegram as authorities found it hard to take down all doxxing content on the messaging app. Chung sidestepped reporters’ questions about the possibility of such a ban, saying she was “not in a position” to disclose the details of enforcement actions in any particular case.
Telegram was also mentioned in several protest-related court cases, in which channel owners or admins have been jailed for publishing messages that could incite violence.
The commissioner also rejected criticism that law enforcement agencies only punished doxxing behaviour targeting pro-Beijing or establishment figures, ignoring those against pro-democracy activists.
“In our enforcement action, our target is unlawful doxxing messages. And that is why, irrespective of the nature or the background of the person being doxxed, we will take action. Irrespective, in particular, of the political background of the person being doxxed, we would take action. And it is applied fairly,” Chung said.
At the time of writing, a website targeting democrats and journalists remains online a full year after HKFP alerted the authorities with media enquires. Since 2019, the “HK Leaks” website has openly maintained an online database of personal data belonging to over 2,000 Hong Kong democrats, protesters and journalists.
Mishandling of personal data
At the press briefing, Chung also announced the completion of two investigation reports relating to firms mishandling clients’ personal information.
In one case, the Happy Valley branch of medical chain Town Health Medical & Dental Services Limited was found to have breached the Privacy Ordinance as it has accidentally threw away a carton that contained the personal information of 294 patients.
Another investigation targeted property management companies. One firm was accused of putting up the personal data of property owners, including their name and full address, on a public notice board in a bid to claw back unpaid fees.
Another failed to promptly dispose of the personal data of residents it collected during a mask-distribution activity.
The privacy watchdog updated its edition of guidance note for the property management sector, adding it is important for companies to provide guidelines and proper training for their staff on the handling of personal information to better protect the privacy of their clients.