13 Feb 2018 Hong Kong Transparency Report 2018 launched
The Hong Kong Transparency Report 2018 was published on 9 February. The third since its launch in 2013, this year’s report focuses on the city’s surveillance law which was found outdated in protecting people’s privacy in cyberspace, compared to South Korea, Taiwan, Australia, the UK and the US.
Hong Kong enacted the Interception of Communications and Surveillance Ordinance (Cap.589) in 2006 to regulate telecommunications and postal interception, and other real-time surveillance.
Edward Snowden’s global surveillance disclosure of the massive US spy programme in 2013 has prompted many jurisdictions to change surveillance laws or introduce legislations. The government access to personal data and communications stored in cyberspace have been regulated as surveillance practices in many countries, according a survey conducted by the HKTR. In some jurisdictions, law enforcement agencies must obtain warrants before they make such access.
However, the Hong Kong government refused to expand the scope of surveillance ordinance in its 2015 amendment bill.
For access to user data in Hong Kong, there are neither a warrant requirement, nor detailed rules for law enforcement agencies to follow. Though some jurisdictions also do not require a warrant to access personal information, they make guidance and codes of practice publicly available.
The Report 2018 also finds a lack of transparency in electronic communications surveillance in Hong Kong. Many other jurisdictions make regular disclosure, including statistics and explanation of the surveillance mechanism in plain language.
However, Hong Kong neither specifies types of communication surveillance in its commissioner’s annual report, nor discloses statistics of government access to digitally stored communications and personal data on a routine basis.
The Report recommends the authorities to introduce legislation or amendments to the current surveillance law, issue guidance to law enforcement agencies, and improve routine disclosure of the matter.
The HKTR also compiled statistics of Hong Kong government’s user data and content removal requests to ICT companies:
User data requests
- From 2011 to 2017, the HK government had issued an annual average of 4,470 user data requests to ICT companies. The number has reached the highest in 2013 (5,351), and come down to the lowest in 2017 (3,541).
- Eight international ICT companies have released statistics of user data requests from HK. The corporate data comprised 42% of all such requests made by the HK government since 2013. Their number has decreased from 1,722 in 1H2013 to 572 in 1H2017. The average compliance rate by the companies was 60%.
- The largest government requester was the Police (88%), and the major reason was for crime prevention and detection (99%).
Content removal requests
- From 2011 to 2017, the HK government had issued an annual average of 355 requests to ICT companies. The number has reached the highest in 2013 (657), and come down ever since, except for a rebound from 2016 (194) to 2017 (336).
- The largest requester was the Department of Health (50%), and the major reason was to remove online content related to illegal sale of medicine (44%).