Table of Contents Table of Contents
Previous Page  85 / 192 Next Page
Show Menu
Previous Page 85 / 192 Next Page
Page Background

practice for the recipient to seek the prescribed consent of the data subject before

making further use of his personal data.

Personal Data Collected from the Public Domain


A common misconception is that personal data collected from the public domain (for

example, from a public register) or which is made publicly available (for example, from

the internet), is free to be used for whatever purpose the data user wishes. However, the

Ordinance does not differentiate or exempt from its application personal data collected

or made available in the public domain. With a view to assisting data users to comply

with the requirements under the Ordinance in using personal data obtained from the

public domain, the Commissioner published a Guidance Note on the Use of Personal

Data Obtained from the Public Domain in August 2013 (“Guidance Note”).



Guidance Note stresses that a data subject’s personal data that can be obtained from

the public domain should not be taken to mean that the data subject has given blanket

consent for re-use of his personal data for whatever purposes. The Guidance Note

highlights the relevant factors to be considered in assessing the permitted purposes of

use of the personal data. These factors include:

• ascertaining the original purpose for which the personal data was placed in the

public domain;

• the restrictions, if any, imposed by the data user who made the data available on the

public domain; and

• the reasonable expectation of the personal data privacy of the data subjects.


The tests to be applied are: whether the intended reuse of the data falls within the

scope of the original purpose of collection; and if not, or if the original purpose is not

clear, whether a reasonable person in the data subject’s situation would find the reuse

of the data unexpected, inappropriate or otherwise objectionable.


Data users should note that the use of personal data kept in public registers is governed

by the terms and conditions prescribed by the operators of the registers or the relevant

ordinances establishing such registers.


Some public registers have specified the

purposes for which the personal data is held or may be used. Certain public records

may expressly restrict the purposes for which the information, including the personal

data, contained in the records may be used, including in relation to direct marketing.

Where the lawful perimeters for making further use of the data so obtained are defined

or inferred, the subsequent data user will be liable and accountable for any misuse or

improper use of the personal data. If there is no such stated purpose, the Commissioner



Guidance Note on the Use of Personal Data Obtained from the Public Domain

, available on the Website:


In July 2015, the Commissioner published a survey report on the protection of personal data contained in ten

commonly-used public registers, namely Bankruptcy Register, Births Register, Business Register, Companies Register, Land

Register, Marriage Register, Register of Notice of Intended Marriage, SFC Register of Licensed Persons, Register of

Vehicles and Register of Electors. The survey report containing recommendations on safeguarding personal data