HKU Bulletin | Nov 2025 Cover Story 6 7 No erasure Protecting one’s data through the consent process is also no guarantee that it is safe, he said. With privacy law. In Hong Kong, the Personal Data (Privacy) Ordinance dates to the 1990s but has not been updated despite such developments as AI and social media. “The law is so behind in technology, maybe decades behind. For the law to catch up now seems just impossible,” Dr Young said. Nonetheless, the law does provide some framework for privacy protection. Consent is important, although most people do not read the long passages in small font that pop up in consent boxes (not even Dr Young’s higher-level law students – he asked). It may also be very difficult to give consent, for instance, if self-driving vehicles use cameras to observe the street and identify objects and people. The vehicle may have passed by before you realise it has captured your image without your consent. How and why data is collected is also an issue, he said, particularly when there are breaches. Often, people do not know their data has been collected until they learn of the breach through the media or other sources. Even then, there is no legal obligation for firms in Hong Kong to report data breaches or compensate injured parties. In 2018, Cathay Pacific took months to report that hackers had accessed the personal details of 9.4 million passengers. Dr Young noted that technology itself can create vulnerabilities. For instance, when new systems are being integrated with old ones that lack the same security protocols, a malware or virus could use that vulnerability to worm into the system and steal data. the advent of AI and more sophisticated systems, it is possible to reconstitute a person’s identity from different sources – such as the IP address, apps used, photos and social media profiles – bypassing the need for consent. In fact, this data may have been collected legally in small, separate pieces that, alone, are not meant to be identifiers. “It is easy to combine this information if you have sophisticated AI because the cyber footprints are there,” he said. Getting oneself ‘erased’ from the internet is also no solution because while the information can be deleted on one platform, such as Google, it may still exist elsewhere in cyberspace. The one silver lining, Dr Young said, may be that cyberspace is de-institutionalised, making it very hard for a single institution to control everything. Still, most people, particularly young people, readily agree to share their data for free access to platforms (although Dr Young, who also trained as an economist, points out ‘nothing is free’). His students are also indifferent to the issue. While he now teaches three classes on privacy to meet demand, many tell him they find the issue boring. They are only studying privacy because law firms want that expertise. But they may be missing some of the bigger picture, he said. When privacy issues are combined with cybersecurity crimes, online safety and AI, it can lead to very real personal problems, such as health information leaks and cyberbullying. His advice for those concerned: keep important information offline and do not integrate devices and systems. “If it’s really that sensitive, put it on paper and lock it up,” he said. Dr Angus Young Thousands of people are losing money over scams all over the world. We are not talking about uneducated or particularly vulnerable people – professionals are affected, too. A lot of this starts with the loss of privacy. The prospect of having one’s personal information taken and used without consent has become an ever more urgent problem. Prior to the proliferation of computers, and later digital networks, such information could only be accessed in physical form. Now, with an internet connection and some savvy software, almost anyone can obtain personal, identifying details about someone from anywhere in the world. “The harm of having little to no privacy is that one loses one’s individuality, on the one hand. But on the other hand, it actually makes cybercrimes, such as scams and fraud, much easier,” said Dr Angus Young, Senior Lecturer in the Faculty of Law, who teaches postgraduate students about privacy and the law. Modern technology enables criminals to scrape personal information, such as photos or videos, from social media and other sources and use them to create deep fakes. In early 2024, for instance, a finance worker in a multinational firm in Hong Kong was tricked into believing they were on a video conference call with a senior member of the firm; the worker transferred HK$200 million to the fraudster. “Thousands of people are losing money over scams all over the world. We are not talking about uneducated or particularly vulnerable people – professionals are affected, too. A lot of this starts with the loss of privacy,” Dr Young said. Breaches of privacy in the digital age can open the door to cybercrimes. Dr Angus Young of the Faculty of Law considers the legal implications. When Privacy Is Threatened Way behind Unfortunately, laws to protect privacy are uneven across the world. The gold standard is the European Union’s General Data Protection Regulation, but enforcement is a challenge because of the huge resources required. In the US, only California has a
RkJQdWJsaXNoZXIy ODI4MTQ=