The Hong Kong Privacy Commissioner of Personal Data (the “Commissioner”) ended 2014 with a special interest in mobile applications (“apps”).

In a media statement published 15 December 2014, the Commissioner reported that versions 4.3 and earlier of Google’s Android operating system contained a flaw that allowed others to read shared memory in mobile devices without the proper user permission. The Commissioner had contacted Google twice to formally request it to “take corrective action and/or warn the end-users concerned that they are subject to the risk of data access by malicious apps without their knowledge and permission.”

This is not the first time the Hong Kong privacy regulator has reproached Google for its data practices. In 2010, Google undertook to investigate its Street View and WiFi data collection, to ensure practices complied with Hong Kong law. Also, earlier in 2014, the Commissioner pressed Google to apply the EU “right to be forgotten” safeguard to Hong Kong.

On the same date, the Commissioner completed two separate investigative reports on mobile travel apps by travel services companies,* finding that these apps had either inappropriately collected excessive personal information without giving customers notice as to how their data was to be used, or otherwise failed to safeguard customer personal information.

Finally, the Commissioner also issued a statement on a survey done in conjunction with the 2nd annual Global Privacy Enforcement Network Mobile Sweep. The survey reviewed 60 popular mobile apps developed by Hong Kong entities and found that “their transparency in terms of privacy policy was clearly inadequate and there was no noticeable improvement compared with the results of a similar survey conducted in 2013.”


* The Commissioner conducts investigations of suspected breaches of the Personal Data (Privacy) Ordinance (Cap. 486) based on complaints received, and publishes an investigation report when he opines that it is in the public interest to do so.