The Hong Kong Privacy Commissioner of Personal Data (the “Commissioner”) ended 2014 with a special interest in mobile applications (“apps”).
In a media statement published 15 December 2014, the Commissioner reported that versions 4.3 and earlier of Google’s Android operating system contained a flaw that allowed others to read shared memory in mobile devices without the proper user permission. The Commissioner had contacted Google twice to formally request it to “take corrective action and/or warn the end-users concerned that they are subject to the risk of data access by malicious apps without their knowledge and permission.”
This is not the first time the Hong Kong privacy regulator has reproached Google for its data practices. In 2010, Google undertook to investigate its Street View and WiFi data collection, to ensure practices complied with Hong Kong law. Also, earlier in 2014, the Commissioner pressed Google to apply the EU “right to be forgotten” safeguard to Hong Kong.
On the same date, the Commissioner completed two separate investigative reports on mobile travel apps by travel services companies,* finding that these apps had either inappropriately collected excessive personal information without giving customers notice as to how their data was to be used, or otherwise failed to safeguard customer personal information.
* The Commissioner conducts investigations of suspected breaches of the Personal Data (Privacy) Ordinance (Cap. 486) based on complaints received, and publishes an investigation report when he opines that it is in the public interest to do so.