Protest Breaches Threaten Hong Kong’s Digital Hopes

(Bloomberg Opinion) -- Hong Kong’s ambitions to be an international data-center hub are a potential casualty of the city’s mass protests. Privacy breaches stemming from a summer of clashes between demonstrators and police threaten to erode confidence in the city as a base for foreign companies to set up storage facilities. To alleviate concerns, the government needs to improve security and regulation in the handling of sensitive data.

Last month, dozens of protesters were arrested after being treated in the emergency ward of a public hospital following battles with riot police. The city’s Hospital Authority subsequently denied leaking patient data – despite the discovery of an internal document labeled “for police” that listed names of protesters seeking medical treatment, according to the South China Morning Post. At around the same time, the personal information of more than 800 police officers was hacked and released online.

Data centers are a fast-growing market, valued at $31 billion globally in 2017 and forecast by Zion Market Research to grow 14% annually to reach $105 billion by 2026. In Hong Kong, total revenue for data centers is expected to reach $1 billion this year, with three firms sharing 55% of the market: Japan’s NTT Communications Corp.; Sunevision Holdings Ltd., a unit of local developer Sun Hung Kai Properties Ltd.; and Silicon Valley-based Equinix Inc.

The Hong Kong government has targeted the industry for growth, and the city has many advantages that make it an attractive location. The former British colony has a common-law legal system that’s recognized and trusted across the Western world, and its data-privacy laws are among the strictest in Asia. In addition, Hong Kong sits at the mouth of the Greater Bay Area, a grouping of 11 cities with a population of 69 million and annual GDP of $1.5 trillion that China plans to develop into an economic bloc. For multinationals, storing data in Hong Kong bypasses red tape and potential legal minefields in mainland China.

Besides its legal system and geographic position, Hong Kong is well equipped with a highly reliable power supply – averaging only 1.5 minutes of unplanned power outages per year, according to one of the city’s two main electricity providers. This compares with 17 to 28 minutes in other major cities such as New York, Sydney and London. Consistent power enables strong broadband capacity and an established fiber-optic network. Another boast is Hong Kong’s low latency transfer in cloud computing – the speed at which information travels from place to place.

The government has supported construction of data centers, by offering large financial incentives for companies to set up shop and specifying three locations to build such facilities. Unlike technology hubs such as Silicon Valley, these locations were intentionally set aside to accommodate the sector – no small feat, considering the diminishing supply of available land. Last year, Sunevision bought the last designated plot with a winning bid of $697 million – 45% higher than the estimate of Colliers International Group Inc., the South China Morning Post reported.

The sale highlighted the perceived growth prospects for Hong Kong's data-center business. Companies such as Nvidia Corp. and Digital Realty Trust Inc. are also eyeing Hong Kong for expansion opportunities (though the city’s land shortages and red-hot property market may make that easier said than done).

These advantages may count for little unless the government sustains confidence in the ability and willingness of authorities to protect data privacy. The leaking by hospitals of protesters’ identities – an apparently blatant privacy breach – caused widespread unease. In the case of the police hack, eight people were eventually charged with dishonest intent and criminal destruction. Still, the ease with which the intrusion took place shocked politicians and the public. Fears of further breaches could scare businesses away.

Hong Kong needs to strengthen its data-security laws or risk international companies abandoning the city for more privacy-oriented locations, according to Padraig Walsh, a partner at legal firm Tanner De Witt who focuses on fintech and data privacy. Having been in the vanguard when it passed the Personal Data (Privacy) Ordinance in 1996, Hong Kong has been overtaken by jurisdictions such as the European Union, which adopted its General Data Protection Regulation in 2017, Walsh said.

To remain competitive, the government should consider amending the Hong Kong ordinance to require data users to report breaches and to give the Privacy Commissioner stronger enforcement powers. Singapore will update its privacy laws next year, according to Walsh. If Hong Kong doesn’t adapt, companies will go elsewhere.

(Ronald W. Chan and his firm, Chartwell Capital, do not hold positions in the  companies he writes about for Bloomberg Opinion.)

To contact the editor responsible for this story: Matthew Brooker at mbrooker1@bloomberg.net

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

Ronald W. Chan is the founder and CIO of Chartwell Capital in Hong Kong. He is the author of “The Value Investors” and “Behind the Berkshire Hathaway Curtain.”

©2019 Bloomberg L.P.