Wednesday, May 22, 2013

News Feed Comments
You are here: Home / Privacy / ANALYSIS: Hong Kong’s Newly Amended Data Protection Law: What The Changes Mean In Practice

ANALYSIS: Hong Kong’s Newly Amended Data Protection Law: What The Changes Mean In Practice

August 6, 2012 in World Data Protection Report

Leave a Comment

By Anna Gamvros, Aaron Bleasdale, and Jacqueline Wong, of Baker & McKenzie, Hong Kong.

Since its enactment in 1996, Hong Kong’s data privacy legislation, the Personal Data (Privacy) Ordinance (“PDPO”), has remained largely unchanged. However, following public consultation which commenced in 2009, Hong Kong’s Legislative Council recently amended the PDPO by dramatically increasing penalties, introducing new offences particularly focused on direct marketing and unauthorised disclosure of personal data and introducing other changes to strengthen the law.

The Personal Data (Privacy) (Amendment) Ordinance (“Amendment Ordinance”) was passed into law on June 27, 2012. Most of its provisions will come into effect on October 1, 2012. However, a number of provisions, most notably the direct marketing regime, will come into effect at a later date. The delayed commencement of these provisions will allow the Privacy Commissioner’s Office (“PCO”) to issue practical guidance on compliance with the new regime and will provide data users with the opportunity to take compliance measures before commencement.

Although the new penalties will attract the attention of many Hong Kong companies and organisations collecting, using and/or storing personal data (“data users”), the changes introduced by the Amendment Ordinance are of particular relevance to data users that engage in direct marketing or that provide or acquire personal data for direct marketing purposes. The changes will require that data users in Hong Kong review their collection practices and privacy notices as well as ensuring that usage of data for direct marketing is in accordance with the data subject’s consent.

Direct Marketing: The New Regime

The PDPO currently has limited provisions with respect to the use of personal data for direct marketing supplemented by non-binding practical guidance, the “Guidance on Collection and Use of Personal Data in Direct Marketing,” issued by the PCO in October 2010 following its Octopus investigation, which involved the sharing of large amounts of personal data for direct marketing purposes (see report by Anna Gamvros and Paolo Sbuttoni, of Baker & McKenzie, Hong Kong, at WDPR, November 2010, page 19). The Amendment Ordinance adds to the PDPO numerous provisions specifying a data user’s obligations in respect of using or providing personal data to a third party for direct marketing purposes…

  1. Read this entire article for free, simply activate your free 7 day trial access to World Data Protection Report now.
  4. (required)
  5. (required)
  6. (required)
  7. (required)
  8. (valid email required)
  9. (required)
  10. (required)
  12. (required)
  13. (required)
  14. (required)
  15. (required)
  16. Captcha
 

cforms contact form by delicious:days

Did you like this? Share it:

Tags: ,

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.