Date: 12 September 2019
Direct Marketing Offence Admitted:
Telecommunications Company Fined HK$84,000
SmarTone Mobile Communications Limited (SmarTone) faced 23 charges under the Personal Data (Privacy) Ordinance (the Ordinance) today at the Kwun Tong Magistrates’ Courts. All charges related to the offence of failing to comply with the requirement from the data subject to cease to use her personal data in direct marketing, contrary to section 35G(3) of the Ordinance. The Company pleaded guilty to 14 charges, and was fined HK$84,000 in total (HK$6,000 in respect of each charge). This single case has recorded the highest number of charges and the second highest amount of fine since the added provisions of the Ordinance relating to regulating direct marketing activities came into effect on 1 April 2013.
The case stemmed from a complaint received by the office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) in 2017. The complainant received 23 direct marketing text messages or emails from SmarTone between August and December 2017 (in four months’ time).
The complainant was a customer of SmarTone which provided mobile telecommunications service to her. In July 2017, she made her opt-out request to SmarTone relating to cessation of using her personal data in direct marketing by phone. However, the complainant still received a direct marketing email from SmarTone in August 2017 and hence complained to PCPD. During the period when PCPD was handling her complaint, the complainant continued receiving direct marketing text messages and emails from SmarTone. The Privacy Commissioner for Personal Data, Hong Kong was of the view that SmarTone failed to comply with the opt-out request of the complainant.
Pursuant to section 35G(3) of the Ordinance, a company which receives a customer’s request for ceasing to use his or her personal data in direct marketing must comply with the request without charge. Failure to comply with the request is a criminal offence which is punishable by a fine of up to HK$500,000 and imprisonment of up to 3 years.
The Privacy Commissioner Mr Stephen Kai-yi WONG said, “This conviction has conveyed a clear and serious message to the public: organisations should not ignore customers’ “opt-out” requests. Organisations should develop and implement relevant privacy policies, procedures and guidelines to ensure that employees having access to and using customers’ personal data are trained in data handling and protection. They must also communicate effectively to their customers the intended use or provision of their personal data for use in direct marketing, and respect the customer's right over such use of their personal data.” Mr Wong also stressed that organisations should abide by higher ethical standards and adopt the three management values (i.e. respectful, beneficial and fair) in handling customers’ data so as to meet their expectations, apart from meeting the requirements of laws and regulations.
The Privacy Commissioner also reminded consumers that if they still receive direct marketing messages after making an opt-out request, they should make a record and gather as many details of the direct marketing messages as possible so as to enable themselves to formulate a valid complaint to the PCPD.
The PCPD has published the following publications for organisations and consumers: