Big Data Collection for Smart Mobility vs Privacy Concern - Is There a Golden Mean?

News /

In December 2017 Hong Kong’s Innovation and Technology Bureau launched its Smart City Blueprint setting out the steps that would need to be taken to develop Hong Kong into a Smart City. The Smart City initiative is divided into 6 key sectors: Smart Mobility, Smart Living, Smart Environment, Smart People, Smart Government and Smart Economy.

Using Big Data, Smart Mobility projects aim to improve the safety and efficiency of a city’s transport system as well as ensuring environmental sustainability. Big Data frequently contains personal information the collection, sharing, and processing of which is subject to rules and regulations.

A conflict undoubtedly arises between requiring access to Big Data to further social economic projects using the latest technology, and protecting individual’s right to privacy.

Hong Kong a Smart City

Smart Mobility is an integral part of Hong Kong’s Smart City initiative and aims to streamline the transport and logistics sectors, ensuring that the city is “future proof” against an ever increasing global population and balancing environmentally sustainable practices with efficiency.  

Hong Kong is looking at many different ways of achieving these outcomes, such as:

  • implementing green technologies on local ferry operations;
  • using driverless cars in the airport to increase efficiency;
  • installation of in-vehicles units which will allow payment of tolls / tunnel fees remotely and feed real time traffic information to the drivers with the aim of reducing traffic jams and congestion; and
  • deployment of Logistics software systems which can take advantage of real time data to see when peak times are and to route vehicles efficiently.

In the shipping industry, port calls can be optimised by sharing relevant data in advance improving berth occupation planning and the availability of necessary equipment. Hamburg’s smartPORT uses real time navigation and electric vehicles to ensure a smooth flow of traffic at the port. 

What is Big Data?

There is no set definition of what “Big Data” means, although it is frequently used to describe data sets that are so vast and varied in type that traditional data processing techniques are unable to analyse the information. Big Data by itself is unusable however new analytical methods are able to extract valuable information such as key trends and future pattern predictions.

Sources of Big Data are diverse from smart phones and social media, to vehicle sensors, and GPS applications. Locational related data is usually the key to producing useful information from Big Data sets especially for Smart Mobility initiatives.

For example, Hong Kong currently collects real time traffic data from smart sensors which feed into traffic lights. The traffic lights then automatically change in reaction to the flow of traffic helping to ease congestion.

Hong Kong’s Personal Data Laws

Personal data is defined in Hong Kong as any data (i) relating directly or indirectly to an individual, (ii) from which it is practicable for the identity of the individual to be directly or indirectly ascertained and (iii) in a form in which access to or processing of the data is practicable.

Taking into consideration the sources of Big Data it is easy to see how some of the information collated can be personal data.

Under the Personal Data (Private) Ordinance (Cap. 486) (“PDPO”), consent of the individual is not a prerequisite to data collection in Hong Kong, however, notice of the data collection should be given. Only relevant personal data should be collected for a lawful purpose and be necessary for or directly related to that purpose.  

The 6 Data Protection Principles “DDPs”  

  1. Personal Data must be collected in a lawful and fair way, for a purpose directly related to a function/activity of the data user. Data subjects must be notified of the proposed and the classes of persons to whom the data may be transferred. Data collected should be necessary but not excessive.
  2. Practicable steps shall be taken to ensure personal data is accurate and not kept longer than is necessary to fulfil the purpose for which it is used.
  3. Personal data must be used for the purpose for which the data is collected or for a directly related purpose, unless voluntary and explicit consent with a new purpose is obtained from the data subject.
  4. A data user must take practicable steps to safeguard personal data from unauthorised or accidental access, processing, erasure, loss or use.
  5. A data user must take practicable steps to make personal data policies and practices known to the public regarding the types of personal data it holds and how the data is used.
  6. A data subject must be given access to his/her personal data and allowed to make corrections if it is inaccurate.

Advancement of Smart Mobility v Privacy

In 2015 the Privacy Commissioner for Personal Data held a conference highlighting the privacy issues associated with the collection of Big Data, warning that if the collection of Big Data is not well managed then it could lead to a “dictatorship of data” with individual’s losing control over a substantial amount of information concerning them.

There are many ways in which the collection of Big Data in relation to Smart Mobility may contravene the PDPO for example:

  • Real time traffic information can be collected from the GPS data transmitted from smartphones. This will show the location of the individual the smartphone is registered to;  
  • The inclusion of people and their faces in images taken via automated services for mapping purposes;
  • The on board units of vehicles may have reference to the license plate numbers and MAC (Media Access Control) addresses. These are considered indirect identifiers;  
  • Many companies are collecting data without fully understanding or appreciating whether it will be used for a different purpose in the future; and
  • The accuracy of the information collected is often not verified nor is the relevance of it checked.

It has long been noted that it is difficult for legislation and regulations to keep up with the pace of technological advancement, and the use of Big Data in Smart projects seems to be no different.

However, the PDPO recognises that there is a need to balance the privacy of individuals with public interest and has provided several exceptions to the PDPO regulations. One of which is data collected and processed for the purpose of research and statistics are exempt from the provisions of DPP3.  

As applications are developed to collect Big Data, those designing them should first and foremost identify whether personal data is being collected and how data protection should be incorporated in to the application from the beginning. This could be achieved by stripping out identifying markers at the processing stage.  


It is difficult to escape the conflict between striving for a better future via Smart projects and safeguarding individuals’ privacy. There will be big pressure on companies that collate, store, process and utilise Big Data in a way that is compliant with privacy laws and to maintain compliance going forward.

Nicola Tune

Nicola Tune Registered Foreign Lawyer (England & Wales)

Related sectors:

Related news & insights

News / Court rejects jurisdictional challenge in petroleum dispute

18-02-2022 / Commodities & Trade

Addax Energy S.A. v. Petro Trade Inc. [2022] EWHC 237 (Comm) In a dispute arising out of the supply of petroleum products, the English Court has dismissed a challenge to its jurisdiction, finding that the claimant supplier had a good arguable case that an English jurisdiction clause was incorporated into an alleged oral agreement by way of course of dealing. In doing so, the Court confirmed that the evidence required to establish a course of dealing need not be extensive or consistent to meet the relevant legal test.

Court rejects jurisdictional challenge in petroleum dispute

News / EU Blocking Regulation, US sanctions and contractual termination – when sanctions and business collide

18-02-2022 / Commodities & Trade, Maritime

In a recent ruling, the European Court of Justice (“ECJ”) was asked to consider the interpretation of Article 5 of EC Regulation No. 2771/96 of 22 November 1996 (commonly referred to as the “Blocking Regulation”) in relation to the termination, by a German telecoms company, of a contract with a bank subject to US sanctions.

EU Blocking Regulation, US sanctions and contractual termination – when sanctions and business collide

Insights / Court upholds validity of Notice of Arbitration in commodities dispute

12-01-2022 / Commodities & Trade

This commodities dispute highlights the importance of drafting a notice of arbitration carefully to ensure that it covers all the disputes that are intended to be referred to arbitration.

Court upholds validity of Notice of Arbitration in commodities dispute

Insights / Tribunal’s findings in commodities dispute result in substantial injustice

04-08-2021 / Commodities & Trade

PBO v. DONPRO & others [2021] EWHC 1951 (Comm)

Tribunal’s findings in commodities dispute result in substantial injustice

Insights / Where’s my crude oil? Court upholds claim for return of monies paid under FOB contract

24-06-2021 / Commodities & Trade

BP Oil International Limited v. (1) Vega Petroleum Limited & (2) Dover Investments Limited [2021] EWHC 1364 (Comm)

Where’s my crude oil? Court upholds claim for return of monies paid under FOB contract

Insights / Court concludes parties had not agreed to arbitrate commodities dispute

01-03-2021 / Commodities & Trade

Black Sea Commodities Ltd v. Lemarc Agromond Pte Ltd [2021] EWHC 287 (Comm)

Court concludes parties had not agreed to arbitrate commodities dispute