Personal Data (Privacy) Law in Hong Kong--A Practical Guide on Compliance

Author / Editor
In stock
Add to Wish List
The idea of a right to privacy, which arose in reaction to the rapid rise of newspapers, instant photography and the “paparazzi” of the 19th century, has evolved into a constitutional right in much of the developed world. It is enshrined in Hong Kong through Articles 28, 29, 30 and 39 of the Basic Law. Hong Kong stands proud as the first jurisdiction in Asia to enact legislation to safeguard personal data in the form of the Personal Data (Privacy) Ordinance, Cap 486 (“the Ordinance”) which came into force in 1996. At its centre are the six Data Protection Principles based on the 1980 OECD Guidelines. The office of the Privacy Commissioner for Personal Data was created under this legislation to provide oversight and ensure compliance. The Octopus scandal in mid-2010 eventually led to substantial changes being made to the Ordinance that were enacted in 2012 and 2013, the main amendments being the Direct Marketing provisions and the provision of legal assistance and representation to aggrieved persons. In this digital age, the Ordinance is proving to be the main safeguard of our privacy rights.

The Data Protection Principles seek to create broad common principles based on fairness that apply to the public and private sectors. The passage of twenty years since the enactment of the Ordinance has given rise to a substantial body of case law and administrative decisions on these principles and the other provisions of the Ordinance. The new amendments have already been the subject of judicial scrutiny. This publication, which replaces its predecessor, has the dual aim of becoming a practitioner’s guide on the important subject of personal data privacy, containing, as it does, a detailed exposition of the principles and provisions in the Ordinance and a comprehensive source of reference materials, and of enabling the Privacy Commissioner to discharge his major duty to promote awareness and understanding of the Ordinance.
Pub. Date
Jul 1, 2016
556 pages
145 x 210 mm
Stephen Kai-yi WONG:
In 1996, Hong Kong enforced the Personal Data (Privacy) Ordinance, Cap 486, Laws of Hong Kong (“the Ordinance”) and became the first jurisdiction in Asia operating with a dedicated piece of legislation on personal data privacy protection. The Privacy Commissioner for Personal Data (“the PCPD”) was created in the same year, being the statutory body independent of the Government to oversee the compliance of the Ordinance.
The publication of this book coincides with the twentieth anniversary of the founding of the regulatory framework of personal data privacy in Hong Kong, reflecting on the changes which its two decades of life and growth have seen.
The origin of the law is attributable to the 1995 EU Directive which aimed to protect the fundamental rights and freedoms of natural persons, in particular their right to privacy with respect to the processing of personal data without restricting or prohibiting the free flow of personal data.
PDP (Personal data privacy) was an acronym of which few had any understanding at that time. The first decade of the operation, amid the Information Age, was one of slow growth, until 2009 when there was a marked increase in the transfer and sale of customers’ personal data by enterprises for direct marketing purposes.
>In 2012, the Ordinance was substantially amended as a result of a comprehensive review of the regulatory regime on direct marketing and the impact of information and communications technology on privacy protection.
As revealed in the findings of a surveyundertaken in 2014, personal data privacy has become a popular issue on both social agendas and those of senior management. An in-depth understanding of the Ordinance is considered an asset by individuals, organisations and practitioners alike.
It is not surprising that there are not many judicial decisions on the law as twenty years is not a lengthy period for the development of a new area of law. There are however hundreds of decisions made by the Administrative Appeals Board which is a quasi-judicial body established by statute to determine appeals lodged against the decisions made by the Commissioner in relation to complaints. Many of these quasi-judicial decisions are also published by the PCPD to ensure transparency of the reasoning and application of the law. The PCPD has the benefit of twenty years of experience as the regulator, receiving in the region of 20,000 enquiries and determining about 2,000 complaints on a yearly basis. With the start of the third decade of the operation of the PCPD amid this Age of Artificial Intelligence, this book is offered as a practical guide on compliance to all stakeholders, as well as those who are interested in the personal data privacy landscape in Hong Kong.
My learned predecessors published the first and second editions of a handbook entitled Data Protection Principles in the Personal Data (Privacy) Ordinance — from the Privacy Commissioner’s perspective in 2006 and 2010 respectively. Expanding on the commendable initiative of my predecessors, I attempt to roll out an all-in-one guide on personal data privacy law in Hong Kong, which also offers updates on the 2012 legislative amendments as well as other selected texts, cases and materials up to February 2016. Case notes of significant court judgments and Administrative Appeals Board decisions, as well as the three Codes of Practice issued by the PCPD are annexed.
Chapter 1 Introduction
Chapter 2 The Meaning of “Personal Data”
Chapter 3 The Meaning of “Collect”
Chapter 4 The Meaning of “Data User”
Chapter 5 Data Protection Principle 1
Chapter 6 Data Protection Principle 2
Chapter 7 Data Protection Principle 3
Chapter 8 Data Protection Principle 4
Chapter 9 Data Protection Principle 5
Chapter 10 Data Protection Principle 6(a) to (d) and the Data Access Provisions in Part 5
Chapter 11 Data Protection Principle 6(e) to (g) and the Data Correction Provisions in Part 5
Chapter 12 Exemption Provisions in Part 8
Mr. Stephen Kai-yi WONG Mr. Stephen WONG is the Privacy Commissioner for Personal Data in Hong Kong. He is also a Barrister and Adjunct Professor of the School of Law, City University of Hong Kong. Professor Guobin ZHU Guobin ZHU is a Professor in the School of Law, City University of Hong Kong and also the Director of City University of Hong Kong Press.