Hot Topics: How far governments will go to regulate tech giants

The Singapore-based Asia Internet Coalition said the proposed legislation was too vague and broad, and the changes were a “completely disproportionate and unnecessary response to doxxing”. It stressed that it was also unfair to hold local staff responsible if their overseas-based companies did not remove content from their platforms as authorities required. 

The coalition said it appreciated the importance of privacy, but any anti-doxxing legislation, which it feared could have the effect of curtailing free expression, must be built on principles of necessity and proportionality.

In a letter dated June 25 to Ada Chung Lai-ling, Hong Kong’s privacy commissioner, the coalition said the proposed definition of doxxing created “problematic ambiguity”. It stressed that there was no universally accepted definition for doxxing.

Hot Topics: Cryptocurrency activity raises eyebrows

The alliance also asked that the privacy commissioner’s  office either clarify how psychological harm – a factor in determining convictions – was to be interpreted, or remove it from the proposal altogether.

The coalition said in the letter: “Introducing severe sanctions and especially personal liability in relation to assessing requests for taking down content has the consequence of encouraging online platforms to conduct little to no review of requests and over-block content, which will likely result in grave impact on due process and risks for freedom of expression and communication.

“The only way to avoid these sanctions for technology companies would be to refrain from investing and offering their services in Hong Kong, thereby depriving Hong Kong businesses and consumers, whilst also creating new barriers to trade.”

In response, a spokesman for Chung’s office said the proposed bill would not have any bearing on free speech.

“The [commissioner] reiterates that the amendments only concern unlawful doxxing acts and the [commissioner’s] related enforcement powers. The [commissioner] strongly rebuts any suggestion that the amendments may in any way affect foreign investment in Hong Kong,” it said.

Written by staff writer

• How might doxxing affect a person’s mental health, physical health, and professional life? Give an example for each aspect.
• Some have argued there should be a universally accepted definition for doxxing, so governments can come up with better laws to regulate such crimes. In your opinion, what actions qualify as doxxing, and why?

Doxxing involves revealing a person's private information, such as their medical history or financials.

Anyone engaged in doxxing with the intent to cause psychological harm, threaten, intimidate or harass could face up to five years behind bars and a fine of as much as HK$1 million under a series of legal amendments proposed by the Hong Kong government in May.

In a paper submitted to the Legislative Council, the Constitutional and Mainland Affairs Bureau recommended that the Office of the Privacy Commissioner be allowed to compel people to assist in inquiries and request the removal of offending content.

Failure to comply would be a criminal offence.

Under the government’s latest proposal, disclosing another individual’s personal data without their consent “with an intent to threaten, intimidate or harass” them or their immediate family – or “being reckless” in a way that produces the same effect – will constitute an offence. Releasing others’ data “with the intent to cause psychological harm” will also be included under the new proposed crime.

The bureau also proposed empowering the city’s privacy watchdog to request relevant information from individuals, and require them to submit to questioning when the watchdog had reasonable grounds to believe a doxxing offence had been committed.

Anyone who refused to comply without a reasonable excuse, or who deliberately provided false or misleading details, would also be guilty of an offence.

The government also suggested allowing the privacy office to apply for search warrants and bring prosecutions in its own name.

To that end, the privacy watchdog should be given the power to order any person in Hong Kong to “rectify” doxxing content online, the bureau said. That person would be allowed to appeal against the watchdog’s request, but he or she would have to comply with the notice while awaiting the outcome of the challenge.

According to the bureau, it aimed to finish drafting the amendments and submit a bill to Legco within this legislative year.

Written by staff writer

• What is the illustration’s tone, and what does it suggest about Hong Kong’s proposed  anti-doxxing law?
• Refer to the Quote Box. To what extent would Lokman Tsui and the Constitutional and Mainland Affairs Bureau challenge this illustration? Explain your answer using News, Context, and your own knowledge. 

“The scope of the doxxing offence is clear, focused and target-specific, and has achieved the right balance between protecting privacy and freedom of speech ... Conferring the [Privacy] Commissioner with additional criminal investigation power can effectively expedite the processing of doxxing cases, [as] doxxing content can be spread and reposted in a click, causing harm to the data subjects or their immediate family members. It is therefore necessary to remove the information unlawfully disclosed in an expeditious manner.”
– statement from the Constitutional and Mainland Affairs Bureau

“ … care must be taken that only the actual perpetrators are ultimately subject to the greatest sanctions. The employee of a platform holder in Hong Kong may have  no responsibility for – or power or authority to – remove content deemed to be doxxing. It is therefore unfair for such staff to face criminal liability for something they have no power or control over.”
– Paul Haswell, a partner with Pinsent Masons, a global law firm

“[The tech giants’ concerns are valid, as the government had given the impression that it would use any law to crush dissent in Hong Kong.] The problem is, we don’t know where the line should be drawn. Now that even journalists and educators are arrested and harassed, the tech firms are naturally afraid they might be the next target.”
– Lokman Tsui, assistant professor  of Chinese University of Hong Kong’s school of journalism and communication

Hong Kong’s leader has moved to allay fears raised by the Asia Internet Coalition, saying the implementation of the legislation will prove its effectiveness and ease their concerns.

Earlier this month, Chief Executive Carrie Lam Cheng Yuet-ngor said the coming overhaul of the city’s data privacy regime was aimed at addressing rampant cyber harassment following the anti-government protests of 2019.

Lam likened the tech giants’ concerns to fears swirling around the national security law, which she insisted had been proven false since the  Beijing-imposed implementation of  the legislation.

“Many people have been traumatised by doxxing. The proposed amendments to the law will address this problem. When these amendments are introduced, it is like the national security law that sparked concerns and anxiety at the time of legislation,” she said.

Hot Topics: The world worries about the Delta variant

Lawmaker and barrister Priscilla Leung Mei-fun agreed the tech coalition’s concerns were “unfounded”. She added that the companies needed to understand the serious threat posed by doxxing in Hong Kong, when “even judges are not exempt”.

Leung did not think the proposed law was particularly harsh, and emphasised it was needed to safeguard residents’ personal safety. However, she said authorities could consider introducing a “safe harbour” clause to exempt hosts of online content from legal liability if they could prove they took due care to address complaints.

Separately, Simon Lee Siu-po, co-director of the international business and Chinese enterprise programme at the Chinese University of Hong Kong, said there was still time for the privacy commissioner to exercise caution in finalising details of the law before it  was passed.

“The definition of legal terms  must be clear to give confidence of enforcement,” he said. “Take the  lessons on the enforcement of the national security law, which has shown a huge discrepancy between the way the law is written and the series of arrests that followed.”

Written by staff writers

• List and elaborate on ONE instance in which tech companies should have legal immunity over user content.
• Based on News, Issue 1 and your own knowledge, explain the dilemma between freedom of expression and doxxing laws.

Twitter appointed an India-based grievance redressal officer and published a monthly transparency report in early July, in keeping with new regulations from the Indian government.

A page uploaded on Twitter’s website on July 11 identified Vinay Kumar as the resident grievance officer in India and gave his contact details and information on how to report potential violations of Twitter’s rules and terms of service.

The appointment comes amid strained relations between the US-headquartered company and the Indian government over Twitter’s compliance with new regulations for large social media platforms that have more than five million users, such as Facebook, WhatsApp and Twitter.

Twitter also published a monthly transparency report with data on how it has handled complaints in keeping with another requirement of the new regulations. Its transparency report that covers data from May 26 to June 25 said 38 complaints were registered, and it had acted against 133 tweets that related to defamation, harassment, terrorism and impersonation among others.

Social media companies are working to comply with different laws in different countries.
Twitter’s monitoring mechanisms had also flagged and suspended more than 18,000 accounts for content related to child sexual exploitation, non-consensual nudity and similar content; and another 4,000  plus accounts were suspended for content that promoted terrorism.

Earlier this year, officials demanded Facebook and Twitter take down hundreds of posts, divulge sensitive user information, and submit to a regulatory regime that includes potential jail terms for executives if companies do not comply. While the government accuses social media companies of infringing on the nation’s digital sovereignty, tech companies say the rules violate users’ rights to privacy.

The administration’s push to exert more control over user data and online discourse reflects efforts globally to come to grips with tech giants and their enormous influence. The stakes are high for internet firms because – shut out of China – India is the only billion-people market up for grabs. 

Critics fear that actions taken by India could offer a template for other governments to encroach on personal privacy in the name of domestic security.

From DPA, Bloomberg and Reuters

• How might Hong Kong benefit from having a grievance officer, and to which division of the Office of the Privacy Commissioner (see Glossary) should the officer report to? Explain your answer.
• “India’s rules could give the government greater control over how tech companies handle data and help prevent misuse. But under authoritarian regimes, the laws could also be used to conduct surveillance and erode privacy.” To what extent  do you agree with this statement, and why?  Justify your answer using Issues 1 and 2 and your own knowledge. 

Asia Internet Coalition: a trade association founded in 2010 that addresses public policy issues and facilitates the development of the internet economy in the Asia-Pacific region. Its current members include Apple, Facebook, Google, Expedia Group, Amazon, Line, LinkedIn, Rakuten, Airbnb, Grab, Twitter, and Yahoo.

Constitutional and Mainland Affairs Bureau: the Hong Kong government body responsible for overseeing the implementation of the city’s Basic Law, and promoting closer ties between the city and mainland China

digital sovereignty: refers to the ability and efforts of governments to regulate the flow of data within their countries by setting up their own monitoring system, and asserting control over technological infrastructure, such as companies’ servers and data storage

defamation: any statement that hurts someone’s reputation. Written defamation is called “libel”, while spoken defamation is known as “slander”.

doxxing: the act of revealing someone’s personal identity online without their permission – such as their real name, home address, workplace, phone, financials, and other identifying information. The details are then circulated among the public, usually with the intention of hurting the victim.

Office of the Privacy Commissioner: an independent body set up by the Hong Kong government to reinforce the protection of privacy of individuals in the city. It has the authority to check that the activities of a business or organisation are legal and follow official rules. The office has six divisions: complaints, compliance, legal, policy and research, communications and education, and corporate support and enquiries.

grievance officer: an individual who is responsible for addressing and resolving community complaints and concerns. Part of India’s new internet rules states that all social media platforms with more than five million users need to appoint a resident grievance officer. 

The individual should be based in India, be an employee of the company, and be a member of a self-regulating body in the industry. The name and contact details of the grievance officer need to be published on the social media platform’s website. The officer must acknowledge all complaints within 24 hours and resolve issues within 15 days from the date a complaint is received. The individual is also required to receive and acknowledge any order, notice or direction issued by the government, any competent authority or a court.

safe harbour clause: a particular section of a law or regulation that specifies certain conduct does not violate a given rule when a set of conditions are met

transparency report: a statement issued on a regular basis by a technology or communications company that shows a variety of statistics including user data, records, or content