Doxing and the Challenge to Legal Regulation: When Personal Data Becomes a Weapon

Author: Anne Cheung

A book chapter in Bailey, J., Flynn, A. and Henry, N. (Ed.) The Emerald International Handbook of Technology Facilitated Violence and Abuse (Book series: Emerald Studies In Digital Crime, Technology and Social Harms), Emerald Publishing Limited, Bingley, pp. 577-594. https://doi.org/10.1108/978-1-83982-848-520211041 (2021) or https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3864766.

Abstract: Doxing refers to the intentional public release by a third party of personal data without consent, often with the intent to humiliate, intimidate, harass, or punish the individual concerned. Intuitively, it is tempting to condemn doxing as a crude form of cyber violence that weaponizes personal data. When it is used as a strategy of resistance by the powerless to hold the powerful accountable, however, a more nuanced understanding is called for. This chapter focuses on the doxing phenomenon in Hong Kong, where doxing incidents against police officers and their family members have skyrocketed since 2019 (a 75-fold increase over 2018). It contends that doxing for political purposes is closely related to digital vigilantism, signifying a loss of confidence in the ruling authority and a yearning for an alternative form of justice. The chapter therefore argues that public interest should be recognized as a legal defense in doxing cases when those discharging or entrusted with public duty are the targets. Equally, it is important to confine the categories of personal data disclosed to information necessary to reveal the alleged wrongdoer or wrongdoing. Only in this way can a fair balance be struck between privacy, freedom of expression, and public interest.