With less than two weeks to go for the high-speed rail service launch, Hongkongers have a fresh concern over the arrangements pertaining to cross-border travel: privacy and security of their personal data.
People using the “Vibrant Express” trains to travel to China are required to agree to a passenger rule regarding personal data collection if they choose to use the WiFi service provided by MTR Corp.
The rule has sparked worries as it would allow mainland authorities to access the personal information of the passengers, given an information sharing arrangement between Hong Kong and China.
According to information posted on the MTR website, passenger information will be shared with the Express rail Link’s mainland railway operators and their agents and service providers.
The arrangement has prompted Hong Kong people to worry about data security and misuse risks, given the weak data protection and privacy laws in China.
A total of 44 binding rules that must be abided by passengers of the Guangzhou-Shenzhen-Hong Kong Express Rail Link (XRL) have recently been put out on the MTR website.
They are mainly about what XRL passengers are not permitted to do when at stations or aboard trains. Violators may be banned from getting on the trains or told to get off, and their identities may be recorded.
One of the rules specifies that passengers can use a WiFi service, which will be operated by mainland telecom service provider Comba Telecom, at XRL stations either in the Hong Kong Port Area or Mainland Port Area or on the high-speed trains once they agree to a disclaimer that the operator can collect their personal information.
Under the disclaimer, Comba has the right to allow the Hong Kong government, Chinese authorities, and other institutions recognized by them to access, reveal, transfer or share such information for the purposes of preventing and investigating crimes as well as responding to investigations carried out through legal and regulatory requirements.
The applicable range covers WiFi use both inside and outside Hong Kong.
In response to media inquiry about the rule, the Office of the Privacy Commissioner for Personal Data said a wireless internet service provider must be subject to the regulations of the Personal Data (Privacy) Ordinance when providing such service in Hong Kong if personal data is involved.
Expressing his unhappiness over the WiFi use clause, Democratic Party lawmaker James To Kun-sun, who is deputy chairman of the Legislative Council’s Panel on Security, called the rule very unreasonable.
Lawmaker Michael Tien Puk-sun, who chairs the Legco’s Subcommittee on Matters Relating to Railways, noted that, to his understanding, mainland security authorities are willing to make concessions and promise that personal data collected south of Shenzhen River, including the Mainland Port Area, will be protected by Hong Kong law and will not be transferred to the mainland.
Still, Francis Fong Po-kiu, honorary chairman of the Hong Kong Information Technology Federation, criticized the rule, saying it infringes on freedom of information under Hong Kong law.
Fong urged users to install protective applications such as firewall in their smartphones when taking the high-speed trains.
In other XRL-related news, Chief Executive Carrie Lam Cheng Yuet-ngor reiterated on Tuesday that the first day of ticket sales for the cross-border trains have been generally smooth, notwithstanding the problems encountered by some people.
But she admitted that there was room for improvement.
On operational issues, including data protection when using the Wi-Fi service at the West Kowloon terminus, the Hong Kong leader said the Transport and Housing Bureau and MTR Corp will address those concerns.
– Contact us at [email protected]