In five recent judicial review applications, the Court of First Instance held that the Securities and Futures Commission (“SFC”) is entitled to seize and retain digital devices during search operations and investigations into suspected breaches of the Securities and Futures Ordinance (“SFO”).
The Applicants argued that the SFC’s seizures and continued retention of the digital devices and the notices issued by the SFC for the production of emails and passwords were unlawful, beyond the power of the SFC and interfered with the Applicants’ right to privacy under the Basic Law (“BL”) and the Hong Kong Bill of Rights (“BOR”). The Applicants also sought to challenge the search warrants issued by two Magistrates on the basis that they were unlawful or invalid for want of specificity. The SFC has power, under the SFO, to require production of documents and information, to apply for search warrants and to issue notices to compel a person to attend an interview and to answer questions (with the right to silence abrogated).
As the Court was not concerned with the underlying facts of the case in the judicial review applications, we shall go through the facts of the case in brief. Since 2017, the SFC has been investigating on the listing and bond placements of various listed companies. It later transpired that the Applicants were related to the dealings of such listed companies and hence should also be subject to investigations. Upon having obtained the search warrants by the SFC, an operation was conducted on 5 July 2018 to, among others, seize digital devices and require the provision of login names and passwords to such devices or email accounts by the Applicants.
SFC’s decision to seize and retain digital devices
Whilst the Applicants argued that the seizure of the devices was ultra virus the SFO or the search warrants, the Court opined that this is an issue of statutory construction.
The Court held that it would be out of touch with reality to read the SFO as excluding digital devices. The words “document” and “record” in the SFO should not be narrowly construed, having regard to the manner in which information and data are nowadays being created and stored by digital devices. When the SFC have reasonable cause to believe that the digital devices contained information relevant to the investigation, the search warrants plainly authorised digital devices to be seized by the SFC.
The Applicants further argued that the seizure of digital devices was unlawful or unconstitutional as it disproportionately interfered with one’s right to privacy under BL and/or BOR. However, the right to privacy may lawfully be restricted insofar as it can satisfy the 4-step proportionality test established in the case of Hysan Development Co Ltd v Town Planning Board (2016) 19 HKCFAR 372, namely, (i) legitimate aim, (ii) rational connection, (iii) no more than reasonably necessary, and (iv) fair balance.
The Court found that the legitimate aim in the present case would be the pursuit of the SFC’s investigation, where the seizures of the digital devices were rationally connected to the advancement of that aim.
When the Applicants declined or used various excuses not to provide login names or passwords etc., the SFC’s officers had no reasonable or practicable alternative but to seize the digital devices. The interference with the Applicants’ privacy occasioned by the seizures of the digital devices was no more than reasonably necessary in the circumstances.
The Court lastly found that the element of “fair balance” is also satisfied since the pursuit of societal interests (i.e. the SFC’s proper investigation of possible breaches of the SFO and maintenance of market integrity) has not resulted in an unacceptably harsh burden on the Applicants since:
(1) the SFC has all along made it clear that it is amenable to using keyword searches to identify relevant materials contained in the digital devices;
(2) the contents contained in the digital devices are viewed together with the Applicants so as to minimize the chance of other information which is irrelevant to the SFC’s investigations being viewed by the SFC officers; and
(3) any dispute on relevance can be brought to the Court for determination, with the disputed materials being sealed pending the Court’s decision.
In light of the above, the Court held that the SFC‘s decision to seize digital devices was lawful and constitutional.
SFC’s request for the means of access to the digital devices be provided
The Applicants in the judicial review also raised the argument that the decision of the SFC to issue notices requiring the Applicants to provide to the SFC the passwords to their email accounts or digital devices to unlock the digital devices, were ultra vires the SFO or the search warrants, unlawful and/or unconstitutional.
Once again, the Court opined that the SFC is empowered, under section 183(1) of the SFO, to require the Applicants to provide means of access to email accounts and digital devices even if the email accounts and digital devices would likely also contain other personal materials not relevant to the SFC’s investigations. This is driven by the practical reality that information are nowadays mostly kept in digital forms and stored in email accounts and digital devices which are often also protected by specific login names and passwords.
Based on the reasons as discussed above, the Court also refused the Applicants’ contention that permitting the SFC to require the production of large amounts of irrelevant materials would give rise to a disproportionate restriction of the right to privacy violating BL and/or BOR.
The Court in these judicial review applications reinforced the investigative powers of the SFC and clarified the frequently contested rights of many. The Court’s decision means that the SFC is justified to seize, retain and request for access to digital devices during search operations. Whilst there are considerable concerns relating to one’s privacy under his digital devices, the Court reminds us that the right to privacy is not absolute. Given the draconian power of the SFC, we encourage not only a thorough review and protection of the data stored in your digital devices (particularly for legal professional privilege protected data) but also to ensure that you are well accompanied by legal representatives during dawn raids.
|For enquiries, please contact our Litigation & Dispute Resolution Department:|
|E: email@example.com T: (852) 2810 1212
W: www.onc.hk F: (852) 2804 6311
19th Floor, Three Exchange Square, 8 Connaught Place, Central, Hong Kong
|Important: The law and procedure on this subject are very specialised and complicated. This article is just a very general outline for reference and cannot be relied upon as legal advice in any individual case. If any advice or assistance is needed, please contact our solicitors.|
|Published by ONC Lawyers © 2020|