March 28 2024, DRAPAC Series: Research on Digital Privacy in Hong Kong, South Korea, and Taiwan

From TCU Wiki
Research on Digital Privacy in Hong Kong, South Korea, and Taiwan

These notes belong to the session "Research on Digital Privacy in Hong Kong, South Korea, and Taiwan" of the DRAPAC Series 2024, by EngageMedia.

In East Asia, advanced digital development and a thriving economy coexist with growing authoritarian challenges. This underscores the crucial need to explore how civil societies view digital rights risks, protect citizens from state violations, and promote digital democracy. The Open Culture Foundation conducted research delving into how civil society actors in East Asia devise advocacy strategies to address emerging privacy risks stemming from the implementation and governance of digital technologies by the state. This includes initiatives like the rollout of digital transformation policies, the establishment of digital public services, and the utilization of surveillance technologies.

The research aims to chart the landscape of activism centring on digital rights and privacy in East Asia. It intends to showcase how pivotal civil society actors within each region cultivate distinctive focal points and strategies, allowing them to adeptly navigate the intricate social, political, and technological landscapes.

The research aims to raise international awareness of the digital rights situation in East Asia and, by highlighting common concerns and topics across the region, to foster transnational connections among activists and civil society organisations.

Date: Tuesday, March 28, 2024

Speakers:

  • Charles Mok (Research Scholar, Global Digital Policy Incubator/Stanford University)
  • Byoung-il Oh (President, Korean Progressive Network Jinbonet)
  • Chia-Shuo Tang (Research Manager, Open Culture Foundation)
  • Szu-Hui Huang (Project Manager, Open Culture Foundation)

Notes

Research on digital privacy in Hong Kong, South Korea, and Taiwan

  • In East Asia, advancement in technology capacity intersects with threats and privacy issues in the region, and targeting of civil society organizations (CSOs) and activists.
  • The focus on digital privacy also comes from the increasing use of digital services in the public services, rising authoritarianism, and other pandemic effects.
  • In the report, they mention that civil society voice, and citizen strategy are rarely heard or centered.

Research strategies and approaches

  • Mapping CSOs strategies, where CSO representatives, scholars and the open source community.
  • They want to scale the research to spaces with democratic governance.

Digital Privacy Status, current challenges and activist/ CSO strategies in Taiwan.

  • Taiwan lacks regulatory frameworks to enhance digital privacy protection, despite the impression that Taiwan is leading digital democracy in the region.  
  • Taiwan still does not have a personal data protection agency, or human resources in the government to ensure and enforce the personal data protection (PDP).  Part of this is the country lagging behind in updating the PDP act to cope with the rapid development of technologies.
  • The act doesn’t clarify whether online tracking methods are covered under the act.
  • They aren't sure if the government uses data against citizens, however  there is expanded data use, and release of citizen data. The CSOs are constantly pushing back on the use of.
  • The byproduct of the National Health Insurance System (NHIS) is collecting comprehensive house data, where there is an agenda being pushed for the data to be used for expanded research. The NHIS institution also shares the data with private companies, like insurance companies, but citizens cannot opt out of the use.
  • CSOs action is primarily strategic litigation, and after 10 years there was progress where the court suggested that citizens should at least be able to opt-out of expanded use of their data.

Digital Privacy Status, current challenges and activist/ CSO strategies in South Korea

  • Personal information and privacy issues in South Korea (SK) are very broad. There are various forms of information surveillance, biometric data collection, and recently targeted advertising.
  • E-ID was the beginning of the privacy movement of SK, which was later abandoned due to the financial crisis. Although this doesn't mean there aren't data service mediated by the government.
  • Resident Registration Number (RRN): people are not allowed to change their number, but after a data leak, the national ID number allowed proxy data points to be used to target citizens. After the constitutional court recognized the citizen's right to change the number, and self determination of personal information.
  • RRN, hospital records and credit card record was used to track folks during the covid pandemic.
  • Korea’s history is similar to that of Taiwan’s NHIS privacy challenges.
  • The social movement in Korea has worked for almost 30 years to create one of the strongest privacy and data protection laws in the region.

Digital Privacy Status, current challenges and activist/ CSO strategies in Hong Kong

  • The privacy and data protection law was established very early in the region in 1994 while they were a British colony, and eventually under China. The benefit of having that law early on was that the citizens were able to build up the awareness that they can demand personal data privacy.
  • The law is independent in terms of structure but lacks it at the enforcement level.
  • Another benefit was that the law was long before the technology revolution of any kind. However they have been struggling to update the law to meet the evolving data and surveillance ecosystem.
  • There were eventual provisions to handle targeted digital marketing.
  • Within the law, government institutions were exempted from the law. There were conversation on including updates to address the leaking of personal data.
  • During the protest there were lots of doxxing activities, and the governments’ priority is currently addressing doxxing.
  • Activists who were doxxed risked being arrested the most, and currently as they work on doxxing, the data protection institution is looking to expand data sharing/ transfer between Hong Kong and China.
  • Yet the data law of 1994 had a clause that restricted that data of citizens be shared outside of Hong Kong, except the country/ location had similar data protection. Although it was never enacted.
  • The Real name registration for SIM card created concerns for users, but eventually died down (from what was gathered, it was as a result of increased threat).
  • Most CSOs in Hong Kong have become dormant because the room to work has become very small. There may not be active digital rights orgs left in Hong Kong, and for diasporic people it is still very difficult to engage in digital rights work.  

Similarities between Taiwan, Hong Kong and South Korea

  • Taiwan's digital rights space is very similar to Hong Kong, because of increasing authoritarianism. Taiwan is more of a post authoritarian regime, but there are still very many threats for digital rights work in Taiwan.
  • There isn't much capacity or citizen understanding of privacy rights, it is usually limited to data breaches, but not government surveillance.
  • Litigation is one of the key approaches in Taiwan because that is the most effective way to pushback on privacy related threats. This is also the same for South Korea.
    • However in Korea it is much different because it is not informed by a democratic process.
    • In SK constitutional protection is the most effective approach, but it is costly and time consuming.
  • Although there is still a need for social communication in Taiwan. In SK losing a case in the court does increase public awareness.
  • The space of using the court to facilitate privacy protection or digital rights is shrinking, or non-existent in Hong Kong.
  • There is increasing government surveillance in Hong Kong, and despite initial pushback, there is currently no avenue for activism against surveillance.
  • In all regions, the little digital rights energy left in the communities takes up CSO work. Tech workers in Hong Kong and SK, Open Tech Community in Taiwan. So in East Asia there is an opportunity for the Tech community to fill in the gaps that exist in digital rights activism.
  • The different organizations in the different countries need to actively push the same message. In Taiwan it's not the case, but in South Korea the action approach is that of solidarity.
  • In Taiwan, the government is afraid of CSOs because of the constant litigation against them.

International (US, EU) Differences with South Asian Digital Rights

  • The urge for the US and EU to regulate big tech is different in East Asia, i.e. Taiwan, Hong Kong and Korea. Asian countries are most interested in protecting local companies, rather than protecting human rights.
  • In Asia they worry about the government more than they worry about big tech.
  • The Korean version of Google is Naver. The CSOs in Korea still voice the need for regulation for such local monopolies.

OCF: Open Culture Foundation Recommendations from a Project Management Perspective

  • They were able to conduct the research through regional collaboration through network resources. Some of the orgs shared their networks with Open Culture Foundation (OCF) to conduct the work.
  • There is an opportunity for local orgs to partner with regional orgs and then with international orgs to share and highlight the South Asian experiences in digital rights.
  • Open Culture Foundation’s slides: [Public] Digital Rights and Privacy in East Asia.