Privacy best served by clear rules on reuse of public data
Kai-Lung Hui says action against an app fails to clarify what is permissible, to protect privacy
The recent action against the mobile app Do No Evil highlights the limitations of the Personal Data (Privacy) Ordinance. The privacy commissioner's office advocated the privacy risk of compiling bankruptcy and litigation records.
But what about other practices? For example, many property brokers upload residential transaction records, including the sales amount, obtained from the Land Registry, for public viewing. This data does not contain personal identification. However, does this service affect the owners' privacy? They may say yes.
Then there is the reuse of press reports, which often include people's names. Does such reuse satisfy the original purpose of making the personal data publicly available?
These examples highlight some issues: privacy concerns can arise without personal identification data; the guidelines are insufficient; and, we need to clarify who should make the judgment, and how.
The response depends on how privacy is treated. There is no universal standard. Some countries treat privacy as a human right and adopt an omnibus approach to protecting all personal data. In others, privacy is governed by contract law except for selected industries such as finance and health care.
There can also be a cost to protecting privacy. One striking study shows that privacy regulations restricting the exchange of electronic medical records could lead to higher mortality rates of newborns.
