The networked and datafied contentious performances seen during the Occupy Central movement provide a unique context to re-examine the nexus between data-driven governance and individual data practice during times of contention. The Hong Kong government’s use of a combination of ‘hard’ and ‘soft’ strategies, including the forceful suppression of protesters with tear gas and water cannon as well as the collection of personal information about them through facial recognition software (Mozur, Citation2020), transport usage records and social media posts, illustrates how data has been both the weapon and the object of contention.
This is particularly the case for those who have opted to use their personal data to support or oppose the movement, and who have thus become data subjects in their own right. In the latter case, the data used by doxers to publicly expose the personal details of those who supported and opposed the movement, and which was often shared via online forums and microblogs, has been both a means of political expression and a tool for the censorship of information. The different moral justifications for these divergent doxing practices highlight the ambiguous positionality of data as both a weapon and an object of contention.
The definition of personal data under the PDPO includes “any information relating to an identified or identifiable natural person, from which it is practicable for that individual to be directly or indirectly identified.” This extends to the use of combinations of personal data such as those found on staff cards which typically exhibit an employee’s own name, company name, photograph and employee number. Currently, the data protection regime requires that such information is only collected for specific purposes and should not be made available to people who are not authorised to receive it. This also applies to international transfers of such data that may be deemed as the processing of personal information.
As a result, direct marketing practices continue to be one of the most common enforcement areas for the privacy watchdog. However, the number of cases is likely to drop due to increased awareness among data users. This will likely make them less willing to engage in this type of data collection and will instead focus on other compliance requirements, such as the need to comply with the PDPO’s rules on consent.
Despite the challenges in some districts, such as finding an energy source to power data centres, Hong Kong remains a key hub for the Greater Bay Area (GBA). The city’s proximity to mainland China, a robust legal framework, a reliable and secure energy supply, sound telecommunication infrastructure and low risk of natural disasters all contribute to its attractiveness as a place to locate GBA operations.
Moreover, the Hong Kong government’s recent agreement with Beijing to establish data transfer guidelines between the two jurisdictions will further boost demand for local data centres. These developments could create a wealth of opportunities for the industry and the economy as a whole. But it also highlights the need to balance these potential gains with an understanding of the impact of these new technologies on individuals’ privacy, trust and security.