Who Decides What Is Personal Data? Testing the Access Principle with Telecommunication Companies and Internet Providers in Hong Kong

Authors

  • Lokman Tsui The Chinese University of Hong Kong
  • Stuart Hargreaves The Chinese University of Hong Kong

Keywords:

access principle, personal data protection, surveillance

Abstract

Do personal data protection laws allow citizens to access their personal data? We answer this question by testing the data access principle of the Personal Data Privacy Ordinance (PDPO) with telecommunication companies and Internet providers in Hong Kong. In our study, we submitted data access requests to telecommunication companies and Internet providers for a range of information, including subscriber information, call logs, IP addresses, geolocation data, and whether they had shared any of this data with third parties. We argue that the telecommunication companies failed to (1) let users see their personal information in a comprehensive manner, including IP addresses or geolocations; (2) tell users whether they indeed process such information; (3) offer the possibility of correction or deletion; and (4) tell users whether they have shared this data with third parties, including law enforcement.

Author Biographies

Lokman Tsui, The Chinese University of Hong Kong

Assistant Professor at the School of Journalism and Communication of the Chinese University of Hong KongPhone: +852 3943-7710  

Stuart Hargreaves, The Chinese University of Hong Kong

Assistant professor at the Faculty of Law of the Chinese University of Hong KongPhone: +852-3943-1901

Downloads

Published

2019-04-14

Issue

Section

Articles