1 / 21

Allan Chiang, S.B.S. Privacy Commissioner for Personal Data 8 July 2013

Asian Privacy Scholars Network Conference. Balance between Access to Public Domain Information and the Protection of Personal Data. Allan Chiang, S.B.S. Privacy Commissioner for Personal Data 8 July 2013. Sources of Public Domain Information. Companies register Land register

sora
Download Presentation

Allan Chiang, S.B.S. Privacy Commissioner for Personal Data 8 July 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Asian Privacy Scholars Network Conference Balance between Access to Public Domain Information and the Protection of Personal Data Allan Chiang, S.B.S. Privacy Commissioner for Personal Data 8 July 2013

  2. Sources of Public Domain Information • Companies register • Land register • Register of vehicles • SFC’s register of licensed persons and registered institutions • Notice of intended marriage • Register of voters

  3. Sources of Public Domain Information • Judiciary’s daily cause list • Judiciary’s cause book • Government gazette • Telephone directory • Professional or business directory, listing or notice

  4. Myth: Public Domain Information is Open to Unrestricted Use Correction: Personal data, be it publicly available or not, is subject to protection under the PDPO

  5. Use Limitations • DPP3: unless the data subject has given prior consent, personal data shall be used for the purpose for which they were originally collected or a directly related purpose

  6. Personal Data in Public Domain still Subject to PDPO • Government confirmed LRC’s view “putting personal data in the public domain does not make the data available for use for any purpose” • Hon Chu JA in Re HuiKee Chun, CACV 4/2012 DPP3 “is directed against the misuse of personal data and it matters not that the personal data involved has been published elsewhere or is publicly available”

  7. Implications of Unfettered Use of Data • Privacy intrusion in general • Insufficient or no control over data security, accuracy, retention • Function creep, e.g. direct marketing, profiling • Identity theft, stalking and surveillance etc.

  8. Use Limitations • DPP3: unless the data subject has given prior consent, personal data shall be used for the purpose for which they were originally collected or a directly related purpose

  9. Use Limitations • Original purpose: explicit • SFC’s register: Security & Futures Ordinance “ For the purposes of enabling any member of the public to ascertain whether he is dealing with a licensed person or a registered institution in matters of or connected with any regulated activity and to ascertain the particulars of the licence or registration of such person or institution (as the case may be), the register shall be made available for public inspection…”

  10. Use Limitations • Original purpose: explicit • Government telephone directory: an explicit use restriction to the effect that the information (government officials’ names and contact details) is not intended to be used for direct marketing activities and the information should not be transferred for commercial gains

  11. Use Limitations • Original purpose: implied • Register of vehicles is established under the Road Traffic (Registration and Licensing of Vehicles) Regulation “to provide for the regulation of road traffic and the use of vehicles and roads (including private roads) and for other purposes connected therewith” • Hence permitted use of personal data should relate to traffic and transport matters

  12. Use Limitations • Directly related purpose • Data subject’s reasonable expectation: • Assessed on a case by case basis • Take into account specific context of data collection and sensitivity of data • Will a reasonable person in the data subject’s situation finds the data re-use unexpected, inappropriate or otherwise objectionable based on the context of the data collection?

  13. Hypothetical Scenarios for DPP3 Application • Vehicle owner • Company director • Property owner

  14. Other rightsPublic interests Privacy rights

  15. Exemptions from DPP3 under PDPO • Section 52 (domestic purposes) • Section 58 (crime) • Section 59 (health) • Section 60B (legal proceedings) • Section 61 (news) • Section 62 (statistics and research) • Section 63 (emergency situation)

  16. Protection Measures: Examples of Good Practice • Vehicle owners particulars • Administrative measures to remind applicants that personal data is provided for traffic and transport-related matters • Applicants asked to declare purpose of use of personal data sought

  17. Protection Measures: Examples of Good Practice • Land registry • Massive download of data not possible • Marriage registry • Notice amended in 2005 to include less data than those supplied by the marrying parties • Register of voters • Use of personal data for any purpose other than a purpose related to the election is an offence under the Electoral Affairs Commission Regulation

  18. Protection Measures: Examples of Good Practice • Government telephone directory • An explicit use restriction to the effect that the information (government officials’ names and contact details) is not intended to be used for direct marketing activities and the information should not be transferred for commercial gains

  19. Protection Measures: Examples of Failures • Vehicle owners particulars • Irrespective of whether a purpose of use of data is indicated and what purpose is indicated, C for T has to comply with the request • Company register • Unfettered public access to company directors’ HKID and residential addresses • Land registry • Unfettered public access to property owners’ identity card numbers and signatures

  20. Way Ahead • Education • Enforcement • Legislation

  21. Thank You

More Related