PCPD - PCPD 2007-2008 Annual Report

Investigation Report / Inspection Report

Publications and Videos
Annual Report

Legal Work

Review of the Ordinance

A decade has passed since the Ordinance came into force on 20 December 1996. The rapid technological and e-commerce developments that are taking place in this electronic era and the exponential rate with which it continues to progress give rise to global privacy concern.

Overseas governments and privacy regulators see a pressing need for reviewing and reforming the privacy law in order to safeguard the personal data privacy interests of the individuals. Australia, Canada, New Zealand and the United Kingdom all embark actively on the review of their laws. The international privacy arena has clearly witnessed a call for higher level of personal data privacy protection and stronger sanction and legislation to properly address the privacy impact brought about by technological advancements.

Personal data privacy has been an evolving concept responding to changes and development in society. The Commissioner sees the core value of balancing the personal data privacy right with other rights and social interest in maintaining a harmonious society. With a decade of regulatory experience gained in discharge of his regulatory duties and without losing sight of the macro international privacy perspectives that are taking shape, the Commissioner finds it appropriate and timely to conduct a comprehensive review of the Ordinance. With these objectives in mind, an internal Ordinance Review Working Group was formed in June 2006 to assess the adequacy of the protection rendered to personal data privacy by the Ordinance.

In the course of his review of the Ordinance, the Commissioner has taken into account the following factors:-

(a)	the sufficiency of protection and the proportionality of penal sanction under the Ordinance;
(b)	the development of international privacy laws and standards since the operation of the Ordinance;
(c)	the regulatory experience of the Commissioner gained in the course of discharging his functions and powers;
(d)	the difficulties encountered in the application of certain provisions of the Ordinance;
(e)	the technological development in an electronic age facilitating the collection, holding and processing of personal data in massive quantum at a low cost;
(f)	the development of biometric technology for the identification of an individual posing challenges to the maintenance of individuals' privacy; and
(g)	the vulnerability of individuals in becoming less able to control and determine the collection, use and security of his personal data stored and transmitted through electronic means.

The Commissioner has five missions to achieve in undertaking the review exercise. They are: -

(1)	To address issues of public concern.
(2)	To safeguard personal data privacy rights while protecting public interest.
(3)	To enhance the efficacy of regulation under the Ordinance.
(4)	To harness matters that will have significant privacy impact.
(5)	To deal with technical and necessary amendments.

The subjects reviewed by the Commissioner include, amongst others, the following: -

scope of personal data
leakage of personal data on the Internet
disclosure of personal data by Internet or email service providers
handling of personal data in times of crisis
prescribed consent given by individuals
data access request
direct marketing activities
exemptions
investigation and prosecution procedures
enforcement and penalty level
transborder data flows

The Commissioner has since then presented to the Secretary for Constitutional and Mainland Affairs 52 amendment proposals and 3 additional issues of privacy concerns.

While engaging in a series of discussions with the Secretary for Constitutional and Mainland Affairs on the amendment proposals, the Commissioner is confident that a comprehensive review of the Ordinance with participation by the general public will bring about an updated piece of privacy legislation that amply protects and enforces personal data privacy right in Hong Kong.