Skip to content

Media Statements

Media Statements

Date: 9 September 2015

A Telecommunications Service Provider Convicted of an Offence under the New Direct Marketing Regulatory Regime

(9 September 2015) Hong Kong Broadband Network Limited ("HK Broadband") was convicted, after trial, of failure to comply with the requirement from a data subject to cease to use his personal data in direct marketing, contrary to section 35G(3) of the Personal Data (Privacy) Ordinance (the "Ordinance") today at the Tsuen Wan Magistrates' Court. HK Broadband was fined HK$30,000

This is the first conviction after the penalty level of the offence was raised under the new direct marketing regulatory regime which took effect on 1 April 2013 under the Personal Data (Privacy) (Amendment) Ordinance 2012. The maximum penalty of the offence was raised from a fine of HK$10,000 to a fine of HK$500,000 and imprisonment for 3 years.

Case Background

The case stemmed from a complaint received by the Office of the Privacy Commissioner for Personal Data ("PCPD") in May 2013.

The complainant is a customer of HK Broadband. In April 2013, he made his opt-out request to HK Broadband via email and mail. In response, HK Broadband acknowledged receipt of the complainant's opt-out request in writing. However, a staff member of HK Broadband still left a voice message through the complainant's mobile phone number in May 2013, informing the complainant of the termination of his service contract and at the same time promoting to him their services.

PCPD's Comments

Under section 35G(3) of the Ordinance, a service provider who receives a request for cessation of using the customer's personal data in direct marketing must, without charge to the data subject, comply with the request. To ensure compliance, service providers have to maintain an "Opt-Out List" of all customers and cease to use their personal data for direct marketing. Failure to comply with the requirements is an offence.

The Privacy Commissioner for Personal Data Mr Stephen Wong commented, "These are the results of the concerted efforts of PCPD, the Police and Department of Justice. I believe that this successful conviction will convey a strong message to organisations engaging in direct marketing activities that requests from the consumers must be complied with and the use of consumers' personal data be respected. Hopefully, the conviction and the penalty imposed will serve as a deterrent and strengthen the culture of respecting personal data privacy."

Mr Wong added, "Organisations should update the Opt-Out List regularly and ensure that their standing procedures for their staff to follow are followed. I appeal to all organisations engaged in direct marketing activities, large or small, to comply with the legal requirements and refrain from taking risks of non-compliance. Under section 35G of the Ordinance, individual consumer may require an organisation to cease to use his personal data in direct marketing. An organisation must comply with such requirement without charge."

Mr Wong reminded, "If consumers no longer wish to receive direct marketing messages, they should file an opt-out request preferably in writing and keep a copy of it. If they still receive direct marketing messages after making an opt-out request, they should make a record and gather as many details of the direct marketing messages as possible in order to lodge a successful complaint."

Consumers and organisations engaging in direct marketing may visit PCPD's website at for more information and tips.

For guidance on legal compliance, organisations should refer to PCPD's "Guidance on Direct Marketing" available at

PCPD has also revised an Information Leaflet entitled" Exercising Your Right of Consent to and Opt-out from Direct Marketing Activities under the Personal Data (Privacy) Ordinance". This revised information leaflet can be downloaded from PCPD's website at

An easy-to-understand infographic "It is Your Choice to Accept or Refuse Direct Marketing" for members of the public is available at

- End -