Skip to content

PCPD e-Newsletter

PCPD Facebook Instagram LinkedIn Twitter Weibo YouTube

Ms Ada CHUNG Assumes Office Today as the Privacy Commissioner for Personal Data, Hong Kong

Dear all,

I am very honored, and privileged, to be appointed as the Privacy Commissioner for Personal Data. Together with my team, I would spare no effort in furthering our mission of protecting privacy in relation to personal data.

I believe that with the continuous support of the community, I would be able to further elevate our work on the protection of personal data privacy.

In order to enhance the protection of personal data, I trust that my office should be an enforcer, educator and facilitator of the protection of personal data privacy. I hope that by strengthening the protection of personal data, we can enhance the use of data while at the same time protect personal privacy, hence contributing to the prosperous development of the community as a whole.

I look forward to working with you in personal data privacy protection.

Ms Ada CHUNG Lai-ling
Privacy Commissioner for Personal Data

The PCPD on 26 August 2020 released an inspection report about the employment-related personal data system of a sizable company in the food and beverage industry (Data User). The findings revealed that the Data User had devoted its efforts in privacy management, complied with most of the requirements under the Code of Practice on Human Resource Management and adopted some good practices. No material deficiencies were found, although some areas might be improved.

Read inspection report
Read media statement

[Final call!] Online Professional Workshop - Data Protection in Direct Marketing Activities

Date: 9 September (Wednesday)
Time: 2:15pm - 5:15pm
Fee:   $750/ $600*

To promote their products, services and events, marketers use different methods such as eDM, phone calls and mails. These activities may involve the use of personal data, which is governed by the Personal Data (Privacy) Ordinance (PDPO). The occasional convictions for failing to comply with the requirements of the direct marketing provisions under the PDPO ring alarm bells among companies because misuse of personal data may cost them reputation and consumers’ trust. This Workshop will help equip participants with the essential skills for legal compliance and good data governance in conducting direct marketing activities.

By the end of this Workshop, participants are expected to:

  • know the requirements under the PDPO in direct marketing activities;
  • understand hands-on solutions to problems that marketers face in planning direct marketing activities;
  • know the elements of offences and defence;
  • learn the practical tips for compliance; and
  • understand key learnings from conviction cases.

*Members of PCPD's Data Protection Officers' Club and the supporting organisations can enjoy the discounted fee.

Enrol Now

Online Professional Workshop - Data Protection in Banking/Financial Services

Date: 16 September (Wednesday)
Time: 2:15pm - 5:15pm
Fee:   $750/ $600*

This workshop is designed for banking and financial personnel who wish to acquire knowledge on the requirements under the PDPO in different aspects of banking and financial services including Fintech and the practical ways to deal with them effectively in their daily operations.

Key take-aways:

• An overview of the relevant requirements under the PDPO
• Privacy and ethical implications of new technologies
   o Collection and use of customers’ biometric data
   o FinTech and personal data privacy
   o Privacy Management Programme and Data Ethics
• How to comply with the requirements of the PDPO in daily banking operations
   o collection and use of customers’ personal data
   o handling of customers’ personal data in debt collection
   o handling of customers’ data access requests
   o use of customers’ personal data for direct marketing
   o outsourcing the processing of personal data
• Code of Practice on Consumer Credit Data
• Recent topical issues on data privacy

*Members of PCPD's Data Protection Officers' Club and the supporting organisations can enjoy the discounted fee.

Enrol Now

Enrol in our new season of professional workshops

Professional workshops organised by the PCPD have long been well received by people who are charged with the responsibility to advise on compliance with the PDPO. Participants of the workshops can acquire solid knowledge through interactive participation.

To help prevent the spread of COVID-19, the PCPD has been adopting online learning tools to conduct the professional workshops.
For the workshops to be held in September and October, online mode will continue to be adopted. For the workshops to be held thereafter, the PCPD will closely monitor the COVID-19 situation and make necessary adjustment and timely announcement.

Enrol now

[Free] Seminar on Introduction to the Personal Data (Privacy) Ordinance (PDPO)

Want to get to know the basics of PDPO? The PCPD organises introductory seminars on the PDPO for members of the public for free. The details are as follows:

Time: 3:00pm - 4:30pm

Key Takeaways:

  • A general introduction to the PDPO
  • The six data protection principles
  • Offences & compensation
  • Direct marketing
  • Q & A session

Enrol Now

Response to media enquiry on employers asking their staff to provide COVID-19 test results (31 August) 

Read media response
(Chinese version only)

Response to media enquiry on a website revealing personal data (31 August) 

Read media response

Response to media enquiry on suspected use of personal data for registration purposes without data subjects' consent (30 August) 

Read media response
(Chinese version only)

Universal Community Testing Programme Complies with Requirements of the Personal Data (Privacy) Ordinance (28 August) 

Read media statement

The term 'ethical AI' is finally starting to mean something

The PCPD has been promoting ethics in artificial intelligence (AI) and is a Co-Chair of the Global Privacy Assembly Working Group on Ethics and Data Protection in Artificial Intelligence. This article sums up the development of ethical AI and shows us the way forward.

Read more

Finland-based firm designs machine learning system that is the first to blur profanity in text-editing software like Word or Outlook in a bid to combat cyberbullying

A Finnish tech company is hoping to create a kinder virtual space with a font that covers profanity in text-editing software, such as Word or Outlook, by blurring curse words and rewriting hate speech.

Read more

Data Protection vs. Cybersecurity: Why you need both

Data protection and cybersecurity are essential to safeguarding organisation against data breaches. New laws are getting enacted across the globe to regulate the collection, retention, use, disclosure, and discarding or personal information. Therefore, it is important to distinguish between data protection and cybersecurity and why you need both of them.

Read more

UK ICO's Children's Code comes into effect for online safety of minors

The Age Appropriate Design Code in the U.K. came into force on 2 September 2020. Online services will have a 12-month transition period to conform to the 15 standards to protect children's privacy. The standards include safeguards that privacy settings should be at their highest level for any service targeted toward children under the age of 18.

Read more

iOS 14: Facebook's Apple Nightmare Keeps Getting Worse

Apple's iOS 14 signals the end of collecting iPhone identifiers for advertisers (IDFA), due to Apple’s strong measures to prevent services from tracking individuals across apps.

Read more

EU data watchdog calls for vigilance on COVID temperature checks

The European Data Protection Supervisor has called for caution in the continuing employment of body temperature checks across EU buildings, saying that some operations involved in this process "may constitute an interference into individuals’ rights to private life."

Read more

Section 23, section 25 of the PDPO and Data Protection Principle 2(1) - accuracy of data 

A credit reference agency had not handled a data correction request in line with the requirements of the PDPO, and recorded irrelevant information in a credit report

The complainant was a lawyer. He was appointed as a trustee of a bankruptcy order. The person subject to the order was a defendant of a civil lawsuit.

The complainant discovered that a credit reference agency had erroneously recorded him as the defendant of the civil lawsuit in his credit report. The complainant thereby made a data correction request to the credit reference agency seeking rectification.

The credit reference agency, however, did not remove the lawsuit from the complainant’s credit record. It only updated the status of the lawsuit with reference to the affirmation provided by the complainant. The complainant then made a complaint to the PCPD against the credit reference agency.


The PCPD was of the view that the credit reference agency had failed to ensure the accuracy of the complainant’s credit report, contravening Data Protection Principle 2(1). Following the PCPD’s intervention, the credit reference agency eventually removed the lawsuit from the complainant’s credit report, and furnished the complainant with the corrected report. The credit reference agency also revised its measures to ensure that court cases relating to bankruptcy orders would not be recorded in the credit reports of the trustees of the orders.

In view of the findings, the PCPD served a warning letter on the credit reference agency, urging it to comply with the PDPO in ensuring the accuracy of personal credit data and proper handling of data correction requests.

Lesson learnt

This complaint could have been avoided. If the credit reference agency had examined the writ of summons with due care, it would have noted that the complainant was not the defendant of the case.

In the data-driven economy, customer data has transformed to valuable asset for business operation and promotion. Credit reference agencies, holding a database with enormous customer data, should adhere to higher ethical standards. Apart from complying with the requirements under the PDPO, credit reference agencies should also aim to meet the stakeholders’ expectation, and use customers’ personal data in a respectful, mutually beneficial and fair manner.


For enquiry, please contact us.
Address: Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong         Tel: (852) 2877 7179

If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.




The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.

The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.

If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.