A uniform group collected minors’ personal data for recruitment of group members – Data Protection Principle (DPP) 1(2)
The complainant was dissatisfied that in an activity organised by a uniform group, teenagers who were not accompanied by adults were forced to apply for admission to the group, and provide their and their parents’ personal data in an application form.
In replying to PCPD, the group stated that recruitment leaflets distributed onsite emphasised that all applications should be made on the applicants’ own will. The group stated that applicants between 12 and 17 of age only need to fill in their own particulars for preliminary verification of their age and arrangement for interview with the applicants and his parents at later stage. On the interview day, the applicants accompanied by their parents will then complete the remaining parts of the application form. The group admitted that they did not explain to the applicants of the above arrangement during the activity. They believed that some teenage applicants might have filled in the personal data of their parents in the application forms without consulting their parents.
After examining the recruitment practices of the group, PCPD did not consider that the group had collected personal data in an unfair manner, and there was no evidence showing that the group had forced applicants to provide personal data, thereby contravening DPP1(2). However, PCPD was of the view that collection of personal data from teenagers involved great privacy concerns. It is the responsibility of the group to clearly explain the requirements of completing the application form to teenagers so that they would not provide the personal data of their parents without their knowledge.
After PCPD’s intervention, the group agreed to improve the recruitment arrangement by providing written instructions on the items that need to be filled in at the initial application stage. The group has requested its supervisors to clearly brief duty officers before recruitment activities and increase the frequency of inspection to ensure the implementation of the new arrangement.
In our daily lives, there are so many situations, from application for membership of loyalty programmes to application for online accounts that requires us, no matter adults or minors, to provide personal data.
The community has the duty to protect minors from being infringed on their privacy rights. All data users collecting personal data from minors should learn from this case. They should make appropriate arrangements for collecting personal data in a respectful, mutual beneficial and fair manner according to the maturity of subjects. Only adequate (but not excessive) personal data should be collected and the purpose of collection should be explained in an easily understandable way. Moreover, when communicating with minors, frontline officers should be mindful of their presentation and avoid using improper tone and wording making them feeling being pressurized to provide their personal data.
(Uploaded in September 2020)