Skip to content

PCPD e-Newsletter

PCPD Facebook Instagram LinkedIn Twitter Weibo YouTube



How to strike a balance between privacy right and competing interests? There is no definite answer because it all boils down to the question of proportionality to determine whether a privacy-intrusive measure is constitutional.

The Court of Final Appeal has laid down a 4-stage proportionality test:

1) whether the intrusive measure pursues a legitimate aim;
2) if so, whether it is rationally connected with advancing that aim;
3) whether the measure is no more than necessary for that purpose; and
4) whether a reasonable balance has been struck between societal benefits of the encroachment and the inroads made into the constitutionally protected rights of the individual.

Labour Day is coming. What should employers do to honour the achievements of their employees? Employees  are indispensable asset in companies. To protect and respect employees’ personal data privacy, a responsible employer should practise ethical data governance.

If you plan to undertake employee monitoring or are already doing this, you could consult “Privacy Guidelines: Monitoring and Personal Data Privacy at Work”, which provides guidance to employers to assess whether employee monitoring is appropriate and how they can collect personal data in a fair manner and manage the data ethically. The Guidelines also offer a practical solution in terms of balancing the legitimate business interests of employers and the personal data privacy rights of employees.

Read the “Privacy Guidelines: Monitoring and Personal Data Privacy at Work”



In light of the outbreak of COVID-19, the Privacy Commissioner issued guidelines for employers and employees as the pandemic has created concerns for employers who are asking whether they are permitted to collect health data of their employees to help prevent the spread of the virus in workplace.

Read “Fight COVID-19 Pandemic – 
Guidelines for Employers and Employees”

Since June last year, serious doxxing acts have taken place and personal data has been “weaponised”.

Dare doxxers think that they can weaponise others' personal data obtained from public domain for intimidation, inciting hatred or violence, harassment, defamation or ridicule? 

Section 64(2) of PDPO provides that a person commits an offence if the person discloses any personal data of a data subject without obtaining their consent and the disclosure causes psychological harm to the data subject, most of which came from intimidation. Upon conviction, the maximum penalty is a fine of HK$1,000,000 and an imprisonment for 5 years.

Despite the PCPD currently can only refer suspected cases to the Police for prosecutions, the proposed amendments to the PDPO will confer the Privacy Commissioner statutory powers to request the removal of doxxing contents on social media platforms or websites, as well as the powers to carry out criminal investigations and prosecutions.



   A new page entitled “Privacy in Sunlight” is now on the PCPD website ( where you can find all 
   our social media posts on the most talked-about privacy issues of the town and worldwide.

Surf the new web page – Privacy in Sunlight



Online Introduction to the Personal Data (Privacy) Ordinance (PDPO) Seminar

Enrol to attend our new interactive online privacy seminar for a virtual classroom experience. You can deepen your privacy knowledge in PDPO by understanding your obligations as data users and your rights as data subjects without having to travel or deal with the crowds!

Date: 13 May 2020 (Wednesday)
Time: 3:00pm - 4:30pm
Fee: Free of charge
Mode: Online

Key Takeaways:
- A general introduction to the PDPO
- The six data protection principles
- Offences & Compensation
- Direct Marketing
- Q & A session

Enrol now!

Response to media enquiry on CCTV installed by the Food and Environmental Hygiene Department (25 April)


Read media response (Chinese only)

Response to media enquiry on privacy issues arising from "Medication Collection Service at Public Hospitals" launched by a chain store (18 April)

Read media response (Chinese only)

Response to media enquiry on a media organisation allegedly disclosing a phone number when pushing news notifications to its app users (16 April)

Read media response (Chinese only)

Response to media enquiry on leakage of patients' data by Hong Kong West Cluster of Hospital Authority (15 April)

Read media response (Chinese only)

Response to media enquiry on data localisation (15 April)

Read media response

COVID-19: A stress test for fundamental rights and freedom

In Italy, the outbreak of COVID-19 has aroused public debate about the public health and the right to privacy. Although it is all known that the right to health prevails above all other rights, how far the fundamental privacy rights can be compressed is still controversial. The author offers his views from theoretical, practical and ethnical perspectives.

Read more

Coronavirus pandemic is becoming a human rights crisis, UN warns

The UN secretary general stressed although new technologies can help fight the pandemic, the use of artificial intelligence and big data may be intrusive and infringe on privacy.

Read more

DLP tech: A panacea for keeping data safe or just another smokescreen?

What is "Data Loss Protection" (DLP)? In this technology-driven world, DLP is known as a security technology to monitor data flows and prevent data breach. This article examines pros and cons of the technology, and reminds people to be vigilant even when using the technology.

Read more

Deepfakes and AI: Fighting Cybersecurity Fire with Fire

Nowadays, deepfakes become an evolving technology which enables cybercriminals to gain access to confidential business systems and data. Enterprises need to adopt strategic approach and leverage technology to protect against this new cybersecurity threat. Approaches like zero trust are recommended to eliminate the risk of new attack vectors like deepfakes.

Read more

For enquiry, please contact us.
Address: Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong         Tel: (852) 2877 7179

If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.



The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.