Opinion | When you shop or browse online, know that your personal information isn’t really safe

Globally, the use of different social media and online shopping platforms is experiencing a meteoric rise. According to Forbes, the number of social media users worldwide has hit a record high of 4.9 billion this year, and it is expected that almost 21 per cent of retail purchases this year will take place online.

In today’s digital era, it only takes the touch of a finger to purchase groceries online, like a post, or share your live location, in a matter of seconds. However, almost every tap or swipe performed during those actions involves giving away your personal data, such as your browsing history, purchase transactions and, sometimes, credit card details.

This data is valuable, allowing online companies to provide you with personalised content and advertisements. As you go about your daily routine, you may be sharing more personal data than you realise.

It may come as a surprise that all of them also transferred users’ personal data to third parties, including not only advertising and promotion partners but also external service providers.

For example, hackers who have used data scraping to obtain your personal data, including your financial credentials, may expose them on the dark web, sell them to other cybercriminals, or even manipulate them for identity theft. The adverse consequences that may follow can be alarming.

Giving away personal data to social media and online shopping platforms can be perilous, given the increasing reports on data scraping, digital fraud, identity theft and other cybersecurity threats. This calls for closer scrutiny of our approach to data security and strengthening our defences against potential data breaches and cyberattacks.

As co-chair of the Global Privacy Assembly’s International Enforcement Cooperation Working Group, Hong Kong’s Office of the Privacy Commissioner for Personal Data has strongly advocated the promulgation of a set of global expectations and principles on privacy protection. The joint statement is just one example of this effort.

Operators of social media and online shopping platforms must prioritise the protection of users’ personal data by establishing clear policies and procedures on data governance and data security.

The popularity and profitability of the services which they offer should not be at the expense of eroding users’ data privacy. The operators of social media and online shopping platforms should be acutely aware of and assume responsibility for protecting their users’ privacy.

Debate on data privacy and Chinese apps could do with a dose of honesty

In addition to accountability, platforms should also enhance their transparency, including on how they collect, use or transfer data, along with the kind of data collected and used.

For users of such platforms, before you click on “Pay” or “I Agree” to the terms and conditions of a website or mobile application, think twice about giving away your personal data.

While registering an account and allowing platforms to collect your personal data, browsing histories and location data may appear harmless at first glance. However, users should be aware of the risk that such data may become digital breadcrumbs for other companies to profile you and track your activities for marketing purposes. The data could also end up in the hands of fraudsters, for sale on the dark web, or used for a targeted cyberattack or even identity theft.

As the age-old maxim goes, prevention is better than cure.

Ada Chung Lai-ling is Hong Kong’s privacy commissioner for personal data