The Privacy Commissioner for Personal Data said that the operations of credit reference platforms are currently not regulated by any financial industry-related legislation.

A technology company which holds data on 180,000 borrowers was found to have breached privacy laws after a user reported that eight moneylending companies had reviewed his credit data without his consent, according to the city’s privacy watchdog.

The Office of the Privacy Commissioner for Personal Data (PCPD) said on Thursday that Softmedia Technology Company (Softmedia), which operates the TE Credit Reference System, failed to implement appropriate security measures to manage access to the system, contravening the Personal Data (Privacy) Ordinance.

The PCPD sent Softmedia enforcement notices on Wednesday.

Chung said that the operations of credit reference platforms are currently not regulated by any financial industry-related legislation. She called for regulation which may include legislation, guidelines or licensing systems.

Online shopping system

Aside from the investigation of the TE system, the PCPD also reviewed the privacy policies and settings of ten online shopping platforms, including HKTVmall, Taobao, Carousell, JD.COM and eBay.

JD.COM was found not to provide options to users to indicate whether they accept advertising or promotional messages. Chung said her office would follow up to see whether JD.COM had used personal data of users without consent.

Source: HKFP