Large crowd of people walking along a sidewalk in Hong Kong showing Big Tech protest over doxxing privacy law

Big Tech Lobby Makes Noise About Pulling Out of Hong Kong Over “Doxxing” Privacy Law

An Asia-based lobbying group that represents some of the biggest names in Big Tech in the region has indicated that some of their members are considering pulling out of Hong Kong. The reason is a recently-implemented “doxxing” law that could give authorities the ability to force platforms to remove personal information. The new privacy law was developed in the wake of the 2019 pro-democracy protests that rocked the island.

Big Tech calls privacy law “too broad,” unclear which are seriously weighing pull-out

The warning comes from the Singapore-based Asia Internet Coalition (AIC), which represents Apple, Facebook, Google and Twitter among other members. In a statement, an AIC spokesperson pointed out that the local staff in Hong Kong handling the day-to-day operations for these tech giants does not have the access rights or ability to remove content if so demanded by the local government. The AIC says that this could place members in an untenable position that could only be resolved by withdrawing their services from Hong Kong.

AIC presented this warning in a letter to Hong Kong’s Privacy Commissioner for Personal Data on June 25, but did not name any specific members that might be considering a withdrawal from the region. The government responded with a statement specifying that the new privacy law applies only to cases of “unlawful doxxing” and would not have any bearing on free speech as provided for in the Hong Kong SAR and the Hong Kong Bill of Rights Ordinance. Both the Privacy Commissioner’s office and Hong Kong leader Carrie Lam said that they welcomed dialogue with any of the Big Tech companies that had concerns about the privacy law.

In addition to the reasons given by the AIC in its letter, the Big Tech firms are also concerned about being held criminally liable for failing to remove offending information that is posted by users. There are also political and public perception considerations, as the privacy law stems from the doxxing of police officers on various social media sites during the 2019 protests. The move is part of a general trend toward authoritarianism in Hong Kong as the Chinese government has taken a more direct hand in government, in particular passing a broad national security law that prompted many opponents of the CCP to flee abroad or be imprisoned for “disloyalty” to Beijing.

The AIC’s proposed solution to the issue is to direct any legal action for privacy law violations to the Big Tech platform’s global headquarters, wherever that might be located (and outside of China in most cases). Violations would then be prosecuted by international lawsuit rather than local Hong Kong police action. The AIC also called for changes to the wording of the law: it rejected the definition of “psychological harm” caused by doxxing as too broad, wants an exemption to be added for circumstances in the public interest (such as legitimate journalism), and asked that the proposed “rectification notices” be removed given that each applicable Big Tech platform has its own existing processes for reporting of doxxing.

Would tech platforms really abandon Hong Kong over doxxing?

The AIC’s suggestion that its Big Tech members might pull out of the region was about as vague as could be, and there is no real reason to believe that any company is seriously considering it at this point. However, it is not beyond possibility; this is increasingly true as China exerts more influence over the government of Hong Kong, and as the prospect of its mainland crackdown on homegrown tech companies could expand. There is also the possibility that it will someday be placed behind the “Great Firewall” that divides the mainland from the rest of the internet.

The immediate concern for Big Tech is how doxxing incidents would ultimately be handled by local Hong Kong authorities. The issue was essentially a one-year flare-up in 2019 due to the extended and widespread protests, with complaints of doxxing dropping 76% from 2019 to 2020 (with a total of 1,036 last year). This could indicate some flexibility on the part of Hong Kong officials given that the root cause of the new privacy law does not appear to be endemic. The doxxing epidemic essentially consisted of an online war between the two sides of the struggle, with protesters looking up and posting the identities of police officers that had removed their name badges while police supporters responded by posting the identities of street protesters.

Criminal liabilities for violations of the new privacy law include fines of up to 1 million Hong Kong dollars (about $128,800 USD) and up to five years imprisonment. Google, Zoom, Microsoft and Telegram have said that they will temporarily stop accepting requests for user data from the Hong Kong government. Facebook additionally said that it was pausing on accepting requests while it evaluated the human rights impact of the law.