I came across this illustration named “the forbidden city” (figure 1) recently, which was an interesting allusion to Germany’s ruling to allow its cities to ban diesel vehicles, except for those that meet the Euro… More
The last time I watched a tournament live was almost 2 years ago with my best friend Andrew. Time flew and the US Open Tennis champion of this year was born this past week when a 20-year old Naomi Osaka beat the the six-time US Open champion Serena Williams in a controversial final.
The game was controversial and dramatic throughout. First, the young and fairly unknown Osaka beat the veteran and legendary Williams in straight-sets 6-2, 6-4. Second Williams was penalised twice and heavily fined for a coaching violation, slamming the racket and verbally abusing the umpire, with Williams accusing the umpire of sexist double standards. The game ended up bitter with the audience booing the awards ceremony.
Controversy aside, Osaka is a promising young athlete. She is the first player from Japan to win a Grand Slam singles tournament. And remarkably, she won straight sets except for the fourth match throughout the tournament. She will soon be coming to Hong Kong. I’m looking forward to seeing her live.
上一次現場看網球比賽已是兩年前的香港網球公開賽，當時和好友Andrew一同觀賽。時間飛逝，今年的美國網球公開賽亦於上星期結束，年僅二十歲的大坂娜奧米（Naomi Osaka）擊敗六次奪得美網冠軍的沙蓮娜·威廉絲（Serena Williams），贏得大滿貫。
Merely two months ago in July a catastrophic rainstorm broke out in Western Japan, causing many casualties, and I reflected on a city’s resilience against such extreme climate events. Last week Japan was again struck by two devastating hazards, the supertyphoon Jebi and the deadly earthquake in Hokkaido.
Jebi has been the worst typhoon striking Japan in 25 years, leaving so far 11 dead and causing imponderable economic damage, particularly to tourism. Osaka and neighbouring cities bore the brunt of the storm and the Kansai airport was closed indefinitely because of the flood. Just the same week Hokkaido experienced a 6.7-magnitude earthquake, which killed 44 and cut energy access to 5.3 million residents on the island.
The typhoon and earthquake struck Japan unpredictably, leaving residents suffering and tourists stranded in Osaka. Despite the innovative technologies we have at hand, we cannot predict all climate events and natural hazards. And when one breaks out, we are caught off guard, just like this time. And life is just as unpredictable. We never know what life has in store for us. So we should live in the moment, and enjoy.
Innovative technologies have developed rapidly. Many companies utilise advanced innovations to tap user data to understand users’ needs, upgrade operations, and discover business opportunities. However this has raised data privacy issues. The outbreak of Facebook data leak scandal has caused a wider user data privacy concern. To safeguard user data privacy, the European Union (EU) implemented the General Data Protection Regulation (GDPR) this year on May 25.
How GDPR affects Hong Kong companies?
Dubbed the strictest data protection law, the GDPR puts citizens in EU in control of their data. The GDPR applies to any business involving processing activities of personal data of the EU citizens, be it in or outside EU jurisdictions. In other words, the regulation applies to Hong Kong companies that run businesses that consist of processing operations related to EU citizens which require regular and systematic monitoring of data subjects on a large scale, or involve core activities consisting of processing a large scale of sensitive personal data and data relating to criminal convictions and offences.
The GDPR highlights an accountability principle and requires companies to implement measures to ensure compliance. Hong Kong companies that involve processing of EU citizens’ data are required to appoint a Data Protection Officer (DPO) to monitor and advise on GDPR compliance; conduct Data Protection Impact Assessment (DPIA) before engaging in any data processing that may put individuals’ rights at risk; undertake Privacy by Design and by Default in determining the means of processing and to integrate the necessary safeguards to realise the data protection principles; keep records of processing activities; and formulate data processing policies for compliance and accountability purposes. In case of a data breach, a company is required to issue a mandatory breach notification no later than 72 hours after noticing the breach.
How should financial technologists cope with the GDPR?
The financial sector, among the industries that deal with considerable sensitive personal user data, may expect more attention from the regulatory authority and the public. That is why financial technologists need to be on the lookout for the compliance risk of GDPR by complying with the principles of processing personal data stipulated in the GDPR.
The overriding principle of the GDPR is to safeguard data privacy of EU citizens, so financial technologists are obliged to protect the rights and privacy of data subjects in formulating and implementing their technical and organisational policies. In processing or overseeing the processing of user data, financial technologists should ensure the concerned service only collects and processes personal data stipulated in documented instructions, processes data confidentially, ensures safety of the data processed, answers the requests of deleting or returning the data after the processing activity.
The GDPR underlies data subjects’ control over their own data, that is why consent of the data subject is the prerequisite for legal processing of personal data. It is essential for financial technologists to ensure a clear and intelligible request on their service platforms for data consent from data subjects, which should also inform data subjects the option of withdrawing their consent anytime. Data consent from minors should as well be obtained, by the authorisation by their guardians.
Companies do not simply need to obtain from data subjects their consent of data usage, but also need to respect how and to what extent data subjects want their data to be used, by allowing the options of data rectification, objection, restriction, erasure, right to be forgotten and right to data portability. Financial technologists need to review their practices in alignment with the above enhanced rights for data subjects. Especially with the rapid advancement and increasing adoption of financial technologies to predict business trends and analyse customers’ needs, user data is inevitably collected and analysed in the financial sector. Such practices may go against the GDPR as the GDPR allows data subjects to object to data processing or profiling that is for direct marketing purposes, interests pursued by the concerned company or third party, statistical purposes, etc. Financial technologists need to ensure options to be provided to allow data subjects to object to or delete a data processing.
A more secured approach to handling user data can contribute to building customers’ trust on the company and improving customer services. Financial technologists should take this chance to review their technical practices against the GDPR to safeguard the public’s right to their personal data, while securing the company’s services to achieve a win-win situation.
創新科技發展一日千里，許多公司利用創新科技開拓用家數據和資料，提取有用資訊，讓企業更明白用戶的需要，藉以提升營運，發掘商機。然而，使用用戶數據和資料難免帶來侵犯個人資料和私隱的隱憂，近期Facebook洩露用戶資訊的一連串事件便引起社會廣泛關注。為了保障用戶資料安全，歐盟於今年五月二十五日起實施《通用數據保障條例》（General Data Protection Regulation，縮寫GDPR），GDPR被部分人認為是史上最嚴的個人資料保護條例。
委任保障資料主任（Data Protection Officer），負責監督、建議該公司的GDPR合規事宜；
在進行任何可能使個人權利面臨風險的數據處理活動前，須進行資料保障影響評估（Data Protection Impact Assessment）；
採取貫徹私隱的設計及預設設定（Privacy by Design and by Default ），即在決定資料處理方法時結合必要的保障措施，貫踐資料保護原則；
Last week New York imposed a regulation on Airbnb to disclose hosts’ information and transaction data to the authority. Under the new law Airbnb will have to report hosts’ information such as names and addresses through electronic reports. The regulation aims to combat against illegal short-term rentals and will go into effect in 180 days. Non-compliance will result in heavy fines.
Launched in 2008, Airbnb is a home-rental company rising from the new sharing economy. Like most businesses in the new economy to traditional industries, Airbnb has brought disruptions to the hotel industry. The new New York law aims to clamp down on unlicensed guesthouses and the rising housing stock resulted from short-term rentals. However the law may also infringe on hosts’ privacy.
The New York law was not the first authoritative attempt to regulate Airbnb businesses. Early this year Japan passed a stringent home-sharing regulation to ask hosts to register their listing and limit home-sharing in Japan to 180 days a year. Local governments in Japan are enforcing even stricter regulations in their areas. For example in Yokohama, Tokyo’s Shinjuku, Nerima, Bunkyo, etc home-sharing is banned on weekdays. The stringent law led to Airbnb dropping almost 80% of its Japanese listings.
As the new sharing economy emerged and thrived, new business models such as the Airbnb home-sharing developed ahead of regulations. While the new model injects dynamic energy into the business through introducing unique traveller experience, there are problems beyond regulation such as hosts avoiding lodging taxes, safety issues, blows to housing markets, etc. The new law will be able to tackle illegal rentals by keeping an eye on hosts to combat hosts that rent apartments that forbid short-term rentals, commercial operators that run unlicensed listings, etc. By curbing illegal rentals, more housing can be released back to the market. The regulation also secured the service with a regulated list of hosts. Despite all the advantages expected to come with the law, the law will almost ruin the original idea of sharing spare home space to people with a charge and strangle the model of creating values out of available resources.
The tension between the hotel industry and the new sharing economy has been an issue that needs to be resolved. More similar regulatory attempts are expected to come in future. The public should pay attention to the development.