The Government published today (October 18) the Report on Public Consultation on Review of the Personal Data (Privacy) Ordinance (PDPO) and launched further public discussions on the legislative proposals to strengthen personal data privacy protection under the PDPO.
The PDPO, enacted in 1995, requires updating in order to afford adequate protection to personal data privacy having regard to technological and other developments over the last decade. Having reviewed the PDPO, the Government consulted the public from August to November 2009 on the proposals arising from the review.
The views received during the public consultation showed that most of the Government's proposals are generally supported by the public, while some proposals are more complex and public views on them are diverse. Separately, the community has recently expressed concerns about the transfer of customer personal data by some enterprises for direct marketing purposes without explicitly and specifically informing the customers of the purpose of the transfer and the identity of the transferees. The Government has considered these concerns carefully and put forward in the consultation report some new proposals to strengthen the protection of personal data privacy in this regard.
"We have set out in the consultation report 37 proposals to be taken forward. The major proposals cover a number of areas, including direct marketing, data security, powers and functions of the Privacy Commissioner for Personal Data (PCPD) and offences and sanctions.
"On direct marketing, we propose to introduce additional specific requirements on the collection and use of personal data for direct marketing purposes, and to make it an offence if a data user does not comply with the requirements and subsequently uses the personal data for direct marketing purposes. Those requirements include requiring the data user's Personal Information Collection Statement (PICS) to be reasonably specific about the intended marketing activities, the classes of persons to whom the data may be transferred and the kinds of data to be transferred; the presentation of the abovementioned information should be understandable and reasonably readable by the general public; and the data subject should be provided with an opportunity to choose not to agree to the use of his/her personal data for any of the intended direct marketing activities or the transfer of the data to any class of transferees.
"We also propose to raise the penalty for contravention of the requirement in section 34(1)(b)(ii) of the PDPO relating to the use of personal data in direct marketing (i.e. if a data subject requests the data user not to use his/her personal data for direct marketing purposes, the data user shall cease to so use the data) from a fine at Level 3 ($10,000) to a fine of $500,000 and imprisonment for three years.
"We also propose to consider making the sale of personal data by data user without the data subject's consent an offence, and to make it an offence for a person who discloses for profits or malicious purposes personal data which he obtained from a data user without the latter's consent.
"In addition, we propose to empower the PCPD to provide legal assistance to an aggrieved data subject who intends to institute legal proceedings against a data user to seek compensation under section 66 of the PDPO.
"We also propose to introduce new offences and sanctions by making it an offence for a data user who, having complied with the directions in an enforcement notice to the satisfaction of the PCPD, subsequently intentionally does the same act or engages in the same practice for which the PCPD had previously issued an enforcement notice. Further, we also propose to impose a heavier penalty on data users for repeated non-compliance with enforcement notice. The level of fine will be raised from Level 5 ($50,000) to Level 6 ($100,000), with the same term of imprisonment at two years.
"We welcome public views on the legislative proposals. We will also arrange for meetings with relevant organisations and stakeholders for in-depth discussions on the details of the proposals planned to be taken forward, including the contents of the legislative amendments."
The consultation report can be obtained from the Public Enquiry Service Centres of District Offices or downloaded from the website of the Constitutional and Mainland Affairs Bureau at www.cmab.gov.hk .
Members of the public may submit views by post (to Team 4, Constitutional and Mainland Affairs Bureau, Room 364, East Wing, Central Government Offices, Lower Albert Road, Hong Kong), facsimile (at 2523 0565) or email (at email@example.com) on or before December 31, 2010.
Ends/Monday, October 18, 2010
Consultation Report on Review of Personal Data (Privacy) Ordinance published
The Secretary for Constitutional and Mainland Affairs, Mr Stephen Lam (centre), held a press conference today (October 18) to announce the Consultation Report on Review of the Personal Data (Privacy) Ordinance (PDPO) and launched further public discussions on the legislative proposals to strengthen personal data privacy protection under the PDPO. Photo shows Mr Lam presenting the consultation report at the press conference with the Under Secretary for Constitutional and Mainland Affairs, Miss Adeline Wong (left), and the Deputy Secretary for Constitutional and Mainland Affairs, Mr Arthur Ho (right).