We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

Hong Kong Issues Clearer Guidance on Privacy Notices

Gabriela Kennedy

21 August 2013
On July 29, the Hong Kong Office of the Privacy Commissioner for Personal Data ("PCPD") issued a new guidance note (PDF) on preparing Personal Information Collection Statements ("PICS") and Privacy Policy Statements ("PPS"). The guidance note is intended to help organizations prepare clear and informative privacy notices in order to comply with the requirements under the Personal Data (Privacy) Ordinance (the "Ordinance") and the Data Protection Principles ("DPPs"). 
Hong Kong Issues Clearer Guidance on Privacy Notices

Broadly, a PICS statement sets out how a data subject's personal data will be collected and used by the organization.  A PPS statement – which often incorporates a PICS – should also set out the organization's policies on data retention, data security, and how it will deal with requests for data access and correction. The PICS and PPS statements are required under DPP1 (which requires a data user to inform a data subject of the purpose and manner of collection of their personal data) and DPP5 (which requires a data user to take steps to ensure that a data subject can ascertain the personal data policies and practices of the data user), respectively.

When the rules on direct marketing were changed in Hong Kong on April 1, 2013, the PCPD issued guidelines to explain the changes to the Ordinance but those guidelines provided only brief details on the format and use of PICS and PPS statements.  Organizations looking to engage in direct marketing activities after April 1 were required to make changes to their personal data collection statements and privacy policies to ensure compliance with the new legislation, but often struggled to do so, as guidance on the changes required was limited. These latest guidance notes help to fill that information gap.

The timing of the publication of this latest guidance note by the PCPD is also interesting. As part of a global initiative with other members of the Global Privacy Enforcement Network, the PCPD conducted an Internet Privacy Sweep in Hong Kong between May 6 and 12, 2013. That initiative examined the availability, clarity, and accessibility of the PICS and PPS statements that local providers of software applications ("Apps") give to their customers upon the installation of their Apps. While the official results of the sweep are due to be announced later this summer, the publication of this guidance note by the PCPD now, perhaps suggests that in Hong Kong at least there is a concern with the availability and clarity of PICS and PPS statements. This guidance note may be just the first step in a series of follow up actions to be taken by the PCPD on this issue.

Gabriela Kennedy

Future-Proofing Privacy: New and Stronger Rights

The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...

06 June 2016
Loading data