Written by Jennifer Zhang.

The Hong Kong government has been disclosing the aggregate number of online user data and content removal requests it has sent to service providers since 2010, the correct move to increase transparency and accountability of Internet governance. However, the government has yet to disclose its request-making procedures, and the lack of a strong freedom of information regime makes it difficult for the public to seek further information from the government or to hold their government accountable for accessing their online data without going through proper judicial scrutiny.

Transparency reporting

The Hong Kong government started releasing its own “transparency report” in 2013 to inform the public which government departments made how many requests, how many service providers were involved, what types of user information the government requested, the reasons for making requests, whether the requests were made under a court order, details of users’ information requested for disclosure, whether the requests were acceded to by service providers and reasons given by service providers for not complying with requests. This year, the government started disclosing the nature of data requested (metadata or content).

For the four-year period from 2010 to 2013, six government departments made a total of 19,965 user information requests (requests for users’IP addresses, names, addresses, etc.) to service providers, according to data collected by Hong Kong Transparency Report from government releases. Of these, the Police Force made 85%, of the requests, followed by the Customs and Excise Department with 13%. The two major reasons for government data requests are: crime prevention and detection cited by the Police Force and the Customs and Excise Department, and law enforcement cited by Inland Revenue, Office of Communications Authority and Companies Registry. Certain departments were unable to provide the compliance rates as service providers did not get back to them.

During the same period, eight government departments made a total of 8,958 content removal requests (requests to remove articles, web pages, hyperlinks, etc.) to service providers. Over 92% of such requests came from Department of Health. The three major reasons for content removal requests are: suspected auction or sales of unregistered medicine or drugs cited by Department of Health, suspected sales of counterfeit or pirated goods cited by the Customs and Excise Department, and crime prevention cited bythe Police Force. Almost all the requests were acceded to by service providers.

One key element that the government has been hiding is its request-making procedure, the disclosure of which is especially important given the fact that Hong Kong does not have a specific law regulating online data and content removal requests from government agencies. The only law that protects online user privacy, the Personal Data (Privacy) Ordinance, sets forth a list of exemptions that service providers can hand over user data to the government for “the prevention or detection of crimes” or “the prevention, preclusion or remedying (including punishment) of unlawful or seriously improper conduct, or dishonesty or malpractice”. There is no publicly available information on what formal procedures government agencies must go through to make such requests, or who will be responsible to check the legitimacy of government officers’ requests before they are issued to service providers.

Legislators have been asking the government to release its request-making guidelines and monitoring mechanism since 2013, and the replies by the government have been the same. That it does not have a central mechanism or procedure to co-ordinate or regulate the requests made by different government departments to various service providers, and since the existing mechanism functions effectively, the government does not think it necessary to set up a central mechanism or review the existing internal procedures.

Access to information

A strong freedom of information law empowers the pubic to scrutinise the government’s work. Lord David Clark, who drafted Britain’s Information Bill, recently said “a society where ordinary citizens couldn’t access information held by politicians just seemed incompatible with a mature democracy.”

Hong Kong’s Code on Access to Information, introduced in 1995 and borrowed from the United Kingdom, aims to keep the public informed of the government services and policy making. It requires the government to give the public access to information but also sets out 16 circumstances in which government departments may refuse a request to disclose information, which includes the general and obscure “law enforcement, legal proceedings and public safety” reasons.

Under the code, if people who request information are dis-satisfied with a government department’s reply, they can either ask the department to review the situation or complain to the ombudsman, who has a specific mandate to deal with the complaint. However, the ombudsman can only make recommendations to relevant government departments, but cannot issue legally binding orders.

Since the code’s implementation, the Hong Kong government has received a total of 43,904 access to information requests and was able to meet over 97% of them, according to official statistics. But the government has yet to categorise the requests based on their natures or different government agencies they were filed to (see theUK government example), nor does it release the data in an open machine-readable format. Most importantly, it does not explain what “meeting the requests” means.

Researchers at Hong Kong Transparency Report sent 39 access to information requests to officers at ten government agencies in 2014 seeking further information from the government’s official releases. The access to information officers were able to reply within the target response time of 21 days. Yet there have been cases where researchers did not receive the initial outcome as officers quoted ordinances that seem to prohibit the disclosure of requested information, the large amount of human resources needed to gather the information requested, or the fact that the respective agencies have not maintained a database for the information requested. Only in one case did the officer not provide a reply at all.

A Hong Kong ombudsman’s investigation report on the code in 2014 succinctly points out that a lack of proactive disclosure of government documents that affect public decision-making, a lack of regular and detailed reporting of requests for information and the government’s responses, as well as the code’s inadequate control over the release of information by public organisations (the code only covers two public organisations while excluding hundreds of others), all erode the government’s commitment to transparency.

Jennifer Zhang is a researcher at Hong Kong Transparency Report, an independent research project under Journalism and Media Studies Centre, The University of Hong Kong. Image Credit: CC by globetrotter_rodrigo/Flickr.