Thank you very much for your enquiry. Our general observations from personal data privacy perspective are as follows:
Our Office will not comment on the legality of any practices before looking into the details of the specific circumstances. If a data user controls through mobile apps the collection, holding, processing or use of personal data in Hong Kong, he must comply with the requirements under the Personal Data (Privacy) Ordinance including the six Data Protection Principles (“DPPs”), in particular:
A data user is advised to provide timely and succinct notice to data subjects about
(i) what personal data is to be collected and (ii) the purpose of collection.
If a data subject does not want his geo-location data to be collected by a mobile application, he can either turn off the location mode of his mobile phone or (if the operation system of the mobile phone is compatible) deny access to the geo-location data by the mobile application concerned.
The Privacy Commissioner issued the “Protect Privacy by Smart Use of Smartphones” leaflet that helps the smartphone users avoid personal data privacy pitfalls of using smartphones. Members of the public can also visit our thematic website to get more practical tips on protecting personal data: https://www.pcpd.org.hk/besmartonline/en/. The Privacy Commissioner also issued the “Best Practice Guide for Mobile App Development” that aims to provide comprehensive step-by-step practical guidance to those who are in the mobile applications development business. It outlines the key areas of concern when developing apps in order to earn trust from customers through respecting their personal data privacy. The “Guidance for Data Users on the Collection and Use of Personal Data through the Internet” was issued to assist data users in complying with the Ordinance while engaging in the collection, display or transmission of personal data through the Internet.
(The above reply can be attributed to Mr Stephen Kai-yi Wong, Privacy Commissioner for Personal Data, Hong Kong)