Naomi Osaka won the 2018 US Open Tennis Championships

The last time I watched a tournament live was almost 2 years ago with my best friend Andrew. Time flew and the US Open Tennis champion of this year was born this past week when a 20-year old Naomi Osaka beat the the six-time US Open champion Serena Williams in a controversial final.

The game was controversial and dramatic throughout. First, the young and fairly unknown Osaka beat the veteran and legendary Williams in straight-sets 6-2, 6-4. Second Williams was penalised twice and heavily fined for a coaching violation, slamming the racket and verbally abusing the umpire, with Williams accusing the umpire of sexist double standards. The game ended up bitter with the audience booing the awards ceremony.

Controversy aside, Osaka is a promising young athlete. She is the first player from Japan to win a Grand Slam singles tournament. And remarkably, she won straight sets except for the fourth match throughout the tournament. She will soon be coming to Hong Kong. I’m looking forward to seeing her live.


大坂娜奧米贏得2018年美國網球公開賽冠軍


上一次現場看網球比賽已是兩年前的香港網球公開賽,當時和好友Andrew一同觀賽。時間飛逝,今年的美國網球公開賽亦於上星期結束,年僅二十歲的大坂娜奧米(Naomi Osaka)擊敗六次奪得美網冠軍的沙蓮娜·威廉絲(Serena Williams),贏得大滿貫。

決賽結果充滿戲劇性,由年輕新星大坂以6-2,6-4擊敗戰績彪炳的名將威廉絲。比賽過程亦備受爭議,裁判指威廉絲違規接受教練場外指導,首次警告威廉絲,其後威廉絲因摔擲球拍被罰分,與裁判發生衝突,因侮辱裁判而被罰輸一局,威廉絲指責裁判性別歧視。比賽以威廉絲敗局結束,頒獎禮在全場觀眾噓聲中進行。事後威廉絲因三項違規而被罰款。

暫且不提比賽的爭議性,大坂的實力不容少覷,她是首個贏得大滿貫的日本球手,這次美網除了第四局外大坂都未輸一局完勝,表現精彩。大坂其後將到香港作賽,十分期待能現場觀賽。

Life in face of unpredictable climate events

Merely two months ago in July a catastrophic rainstorm broke out in Western Japan, causing many casualties, and I reflected on a city’s resilience against such extreme climate events. Last week Japan was again struck by two devastating hazards, the supertyphoon Jebi and the deadly earthquake in Hokkaido.

Jebi has been the worst typhoon striking Japan in 25 years, leaving so far 11 dead and causing imponderable economic damage, particularly to tourism. Osaka and neighbouring cities bore the brunt of the storm and the Kansai airport was closed indefinitely because of the flood. Just the same week Hokkaido experienced a 6.7-magnitude earthquake, which killed 44 and cut energy access to 5.3 million residents on the island.

The typhoon and earthquake struck Japan unpredictably, leaving residents suffering and tourists stranded in Osaka. Despite the innovative technologies we have at hand, we cannot predict all climate events and natural hazards. And when one breaks out, we are caught off guard, just like this time. And life is just as unpredictable. We never know what life has in store for us. So we should live in the moment, and enjoy.


天災難料 生命無常

今年七月,日本西部暴雨肆虐,造成大量傷亡,使我反思到城市建設在抵禦極端天氣上的重要性,不足兩個月,颱風「飛燕」襲日,北海道亦發生強烈地震,天災接二連三,帶來災難性傷亡。

「飛燕」是日本近二十五來最強勁的颱風,共造成十一人死亡。其中大阪和鄰近城市為重災區,關西機場亦因水浸不知何時重開,為日本經濟特別是旅遊業帶來難以估算的損失。同一星期,北海道經歷6.7級地震,共四十四人罹難,地震同時導致停電,受影響人數達五百三十萬。

颱風和地震毫無預警來襲,不僅使居民受苦,旅客亦滯留機場,受影響人不計其數。即使我們擁有多麼先進的科研和技術,亦不能準確預測自然災害,一旦災難性氣候事件爆發,我們又會像這次般被殺個措手不及,但後果可能更不堪想象。天災難料,生命無常,我們難以預計生命為我們準備了甚麼,因此此刻更應活在當下,享受生命。

What does GDPR mean to financial technologists?

Innovative technologies have developed rapidly. Many companies utilise advanced innovations to tap user data to understand users’ needs, upgrade operations, and discover business opportunities. However this has raised data privacy issues. The outbreak of Facebook data leak scandal has caused a wider user data privacy concern. To safeguard user data privacy, the European Union (EU) implemented the General Data Protection Regulation (GDPR) this year on May 25.

How GDPR affects Hong Kong companies?

Dubbed the strictest data protection law, the GDPR puts citizens in EU in control of their data. The GDPR applies to any business involving processing activities of personal data of the EU citizens, be it in or outside EU jurisdictions. In other words, the regulation applies to Hong Kong companies that run businesses that consist of processing operations related to EU citizens which require regular and systematic monitoring of data subjects on a large scale, or involve core activities consisting of processing a large scale of sensitive personal data and data relating to criminal convictions and offences.

The GDPR highlights an accountability principle and requires companies to implement measures to ensure compliance. Hong Kong companies that involve processing of EU citizens’ data are required to appoint a Data Protection Officer (DPO) to monitor and advise on GDPR compliance; conduct Data Protection Impact Assessment (DPIA) before engaging in any data processing that may put individuals’ rights at risk; undertake Privacy by Design and by Default in determining the means of processing and to integrate the necessary safeguards to realise the data protection principles; keep records of processing activities; and formulate data processing policies for compliance and accountability purposes. In case of a data breach, a company is required to issue a mandatory breach notification no later than 72 hours after noticing the breach.

How should financial technologists cope with the GDPR?

The financial sector, among the industries that deal with considerable sensitive personal user data, may expect more attention from the regulatory authority and the public. That is why financial technologists need to be on the lookout for the compliance risk of GDPR by complying with the principles of processing personal data stipulated in the GDPR.

The overriding principle of the GDPR is to safeguard data privacy of EU citizens, so financial technologists are obliged to protect the rights and privacy of data subjects in formulating and implementing their technical and organisational policies. In processing or overseeing the processing of user data, financial technologists should ensure the concerned service only collects and processes personal data stipulated in documented instructions, processes data confidentially, ensures safety of the data processed, answers the requests of deleting or returning the data after the processing activity.

The GDPR underlies data subjects’ control over their own data, that is why consent of the data subject is the prerequisite for legal processing of personal data. It is essential for financial technologists to ensure a clear and intelligible request on their service platforms for data consent from data subjects, which should also inform data subjects the option of withdrawing their consent anytime. Data consent from minors should as well be obtained, by the authorisation by their guardians.

Companies do not simply need to obtain from data subjects their consent of data usage, but also need to respect how and to what extent data subjects want their data to be used, by allowing the options of data rectification, objection, restriction, erasure, right to be forgotten and right to data portability. Financial technologists need to review their practices in alignment with the above enhanced rights for data subjects. Especially with the rapid advancement and increasing adoption of financial technologies to predict business trends and analyse customers’ needs, user data is inevitably collected and analysed in the financial sector. Such practices may go against the GDPR as the GDPR allows data subjects to object to data processing or profiling that is for direct marketing purposes, interests pursued by the concerned company or third party, statistical purposes, etc. Financial technologists need to ensure options to be provided to allow data subjects to object to or delete a data processing.

A more secured approach to handling user data can contribute to building customers’ trust on the company and improving customer services. Financial technologists should take this chance to review their technical practices against the GDPR to safeguard the public’s right to their personal data, while securing the company’s services to achieve a win-win situation.


《通用數據保障條例》對金融科技從業員的影響

創新科技發展一日千里,許多公司利用創新科技開拓用家數據和資料,提取有用資訊,讓企業更明白用戶的需要,藉以提升營運,發掘商機。然而,使用用戶數據和資料難免帶來侵犯個人資料和私隱的隱憂,近期Facebook洩露用戶資訊的一連串事件便引起社會廣泛關注。為了保障用戶資料安全,歐盟於今年五月二十五日起實施《通用數據保障條例》(General Data Protection Regulation,縮寫GDPR),GDPR被部分人認為是史上最嚴的個人資料保護條例。

GDPR如何影響香港企業?

GDPR把個人資料的控制權交回用戶本身,賦予歐盟居民更大權力決定個人資料的使用。GDPR適用於所有涉及處理歐盟居民資料的企業,包括在歐盟以外的企業。換言之,任何香港公司如業務涉及歐盟居民資料處理,包括定期和有系統地監控大量個人資料,或其核心業務涉及處理大量敏感的個人資料,或與刑事定罪和犯罪有關的資料時,均須遵行GDPR。

GDPR強調問責原則,要求公司採取措施確保合規。根據GDPR,香港任何公司若業務涉及處理歐盟居民資料,必須遵行以下規定︰

  • 委任保障資料主任(Data Protection Officer),負責監督、建議該公司的GDPR合規事宜;

  • 在進行任何可能使個人權利面臨風險的數據處理活動前,須進行資料保障影響評估(Data Protection Impact Assessment);

  • 採取貫徹私隱的設計及預設設定(Privacy by Design and by Default ),即在決定資料處理方法時結合必要的保障措施,貫踐資料保護原則;

  • 保留資料處理活動的紀錄;

  • 為合規和問責的目標訂立政策和措施;

  • 如果發生資料外洩事故,公司須於發現違規行為後72小時內發出通告。

金融科技從業員應如何應對GDPR?

金融業每天處理大量敏感個人資料,容易受到監管機構和公眾的格外關注,金融科技從業員因而須特別留意GDPR的合規風險,確保公司奉行GDPR的條例。

GDPR的首要原則是保護歐盟居民的個人資料和私隱,因此金融科技從業員在訂立和實施技術和企業措施時須以保障用戶的權利和私隱為目標。在資料處理或監察資料處理工作時,金融科技從業員須

  • 確保有關服務僅按照控制者書面指示處理個人資料;

  • 保密處理數據;

  • 確保處理資料安全;

  • 回應用戶要求在完成資料處理後刪除或交還其個人資料。

GDPR強調用戶對個人資料的控制,因而用戶的同意和授權是資料處理活動合法進行的必要前提,金融科技從業員因此須在公司網站或服務平台以清晰易明的字句徵詢用戶的同意,並須知會用戶有權在任何時候撤回同意。用戶若未成年,企業仍須獲得其父母或合法監護人的授權。

除了須獲得用戶同意處理個人資料外,企業亦須尊重用戶有權希望如何使用其資料和使用的程度,包括滿足用戶對資料修改、反對、限制、刪除、被遺忘及資料可攜權等要求。金融科技從業員有必要審視其行業實踐是否切合以上的用戶權利。隨着金融科技的急速發展和廣泛行業應用,金融業愈趨收集和分析用戶資料,以預測行業趨勢和了解客戶需要,這和GDPR若干規例原則相違背,例如GDPR讓用戶有權反對任何資料處理和個人概況彙編活動,只要活動用作直接捉銷、涉及有關企業或第三方利益、以統計為目的等,為此金融科技從業員須為用戶提供反對和刪除資料處理的選擇。

金融科技從業員應把握機會根據GDPR檢視其業務實踐,以更可靠、安全的方法處理用戶數據,不但能夠建立客戶對企業的信任,並提高客戶服務水平,在保障大眾個人資料使用權的同時,加強企業服務,達致雙贏。

New York passed a new law on home-sharing to regulate Airbnb business

Last week New York imposed a regulation on Airbnb to disclose hosts’ information and transaction data to the authority. Under the new law Airbnb will have to report hosts’ information such as names and addresses through electronic reports. The regulation aims to combat against illegal short-term rentals and will go into effect in 180 days. Non-compliance will result in heavy fines.

Launched in 2008, Airbnb is a home-rental company rising from the new sharing economy. Like most businesses in the new economy to traditional industries, Airbnb has brought disruptions to the hotel industry. The new New York law aims to clamp down on unlicensed guesthouses and the rising housing stock resulted from short-term rentals. However the law may also infringe on hosts’ privacy.

The New York law was not the first authoritative attempt to regulate Airbnb businesses. Early this year Japan passed a stringent home-sharing regulation to ask hosts to register their listing and limit home-sharing in Japan to 180 days a year. Local governments in Japan are enforcing even stricter regulations in their areas. For example in Yokohama, Tokyo’s Shinjuku, Nerima, Bunkyo, etc home-sharing is banned on weekdays. The stringent law led to Airbnb dropping almost 80% of its Japanese listings.

As the new sharing economy emerged and thrived, new business models such as the Airbnb home-sharing developed ahead of regulations. While the new model injects dynamic energy into the business through introducing unique traveller experience, there are problems beyond regulation such as hosts avoiding lodging taxes, safety issues, blows to housing markets, etc. The new law will be able to tackle illegal rentals by keeping an eye on hosts to combat hosts that rent apartments that forbid short-term rentals, commercial operators that run unlicensed listings, etc. By curbing illegal rentals, more housing can be released back to the market. The regulation also secured the service with a regulated list of hosts. Despite all the advantages expected to come with the law, the law will almost ruin the original idea of sharing spare home space to people with a charge and strangle the model of creating values out of available resources.

The tension between the hotel industry and the new sharing economy has been an issue that needs to be resolved. More similar regulatory attempts are expected to come in future. The public should pay attention to the development.


紐約新法案打擊Airbnb共享業務

上星期紐約簽署法案規定Airbnb向當局提交屋主資料和交易訊息,包括屋主姓名和地址等,以電子報告的形式每月向紐約當局提交,用以打擊非法出租。新法於簽署後180天起生效,違例將予以嚴重罰款。

Airbnb於2008年成立,是共享經濟下迅速發展的房屋共享公司。許多共享經濟的公司或業務對傳統行業帶來顛覆性影響,而Airbnb也不例外,對酒店業造成衝擊。紐約市的新法旨於打擊非法租賃和短期出租帶來的房租上漲、空房率下隆的問題。然而新法將侵犯屋主私隱。

紐約並非首個對Airbnb業務進行規管的地區,今年初日本亦頒布針對民宿出租的嚴厲新法,民宿經營者需進行登記,出租期一年內亦不得多於180日,地區政府更進一步收緊做法,例如在橫濱、東京新宿、練馬、文京區等,民宿經營者不得在星期一至五出租房屋。新法下,Airbnb的日本民宿近八成下架。

共享經濟發展蓬勃,嶄新的商業經濟模式發展日新月異,不受法例規範和監管。雖然Airbnb的經營模式為旅客帶來獨特的住宿體驗,為行業注入活力和新意,但不受法例監管卻造成各項問題,例如屋主逃稅、住客安全問題、地區房租上漲等等。新法可望有效打擊非法的短期房屋租賃,並杜絕商戶經營未登記的物業等等。打擊非法租賃可把更多物業放回市場,同時屋主受監管安障了住客。然而,新法將扼殺透過共享閒置資源創造更大價值的概念。

酒店業和共享經濟間的衝突有待解決。未來對共享經濟模式將有更多的規管行為,大眾亦應留意發展。