序
Stephen Kai-yi WONG
In 1996, Hong Kong enforced the Personal Data (Privacy) Ordinance, Cap 486, Laws of Hong Kong (“the Ordinance”) and became the first jurisdiction in Asia operating with a dedicated piece of legislation on personal data privacy protection. The Privacy Commissioner for Personal Data (“the PCPD”) was created in the same year, being the statutory body independent of the Government to oversee the compliance of the Ordinance.
The publication of this book coincides with the twentieth anniversary of the founding of the regulatory framework of personal data privacy in Hong Kong, reflecting on the changes which its two decades of life and growth have seen.
The origin of the law is attributable to the 1995 EU Directive which aimed to protect the fundamental rights and freedoms of natural persons, in particular their right to privacy with respect to the processing of personal data without restricting or prohibiting the free flow of personal data.
PDP (Personal data privacy) was an acronym of which few had any understanding at that time. The first decade of the operation, amid the Information Age, was one of slow growth, until 2009 when there was a marked increase in the transfer and sale of customers’ personal data by enterprises for direct marketing purposes.
>In 2012, the Ordinance was substantially amended as a result of a comprehensive review of the regulatory regime on direct marketing and the impact of information and communications technology on privacy protection.
As revealed in the findings of a surveyundertaken in 2014, personal data privacy has become a popular issue on both social agendas and those of senior management. An in-depth understanding of the Ordinance is considered an asset by individuals, organisations and practitioners alike.
It is not surprising that there are not many judicial decisions on the law as twenty years is not a lengthy period for the development of a new area of law. There are however hundreds of decisions made by the Administrative Appeals Board which is a quasi-judicial body established by statute to determine appeals lodged against the decisions made by the Commissioner in relation to complaints. Many of these quasi-judicial decisions are also published by the PCPD to ensure transparency of the reasoning and application of the law. The PCPD has the benefit of twenty years of experience as the regulator, receiving in the region of 20,000 enquiries and determining about 2,000 complaints on a yearly basis. With the start of the third decade of the operation of the PCPD amid this Age of Artificial Intelligence, this book is offered as a practical guide on compliance to all stakeholders, as well as those who are interested in the personal data privacy landscape in Hong Kong.
My learned predecessors published the first and second editions of a handbook entitled Data Protection Principles in the Personal Data (Privacy) Ordinance — from the Privacy Commissioner’s perspective in 2006 and 2010 respectively. Expanding on the commendable initiative of my predecessors, I attempt to roll out an all-in-one guide on personal data privacy law in Hong Kong, which also offers updates on the 2012 legislative amendments as well as other selected texts, cases and materials up to February 2016. Case notes of significant court judgments and Administrative Appeals Board decisions, as well as the three Codes of Practice issued by the PCPD are annexed.
This book is organised and written with a view to explaining the conceptual, legal and practical frameworks of the personal data privacy protection in Hong Kong, in the hope that readers, individuals or organisations; professionals or otherwise, will find it easy and user-friendly to delve into the most relevant statutory provisions for their need or interest in the topics.
I cannot thank enough all of the contributors who helped to make the publication of this book a reality, but special thanks must go to the Honourable Mr. Justice BHARWANEY for his Lordship’s support in writing the most inspirational foreword to this book, Professor Guobin ZHU for being the co-editor with me, and the editorial team in my office. I would also like to record my appreciation to City University of Hong Kong Press for its dedicated efforts in providing valued assistance and publishing this book.
Guobin ZHU, PhD
Over 125 years ago, Samuel Warren and Louis Brandeis first published “The Right to Privacy” in the Harvard Law Review (4 Harvard L.R. 193, Dec. 15, 1890), in which they articulated that right primarily as a “right to be let alone”. This article, widely regarded as the first publication in the United States (and indeed the world) to advocate a right to privacy, opened a new page in the history of citizens’ rights protection, and its influence, together with the concept of privacy, quickly travelled far beyond the American borders.
Although there is no uniform definition of the notion of privacy, it remains commonly understood as the “right to be let alone”. Privacy certainly has a wider coverage in comparison to personal data privacy, the theme of the present guide. The Law Reform Commission of Australia, cited by many as an authority, has identified four categories of privacy interests requiring legal protection, namely: (i) the interest in controlling entry to a personal place (territorial privacy); (ii) the interest in freedom from interference with one’s person and personal space (privacy of the person); (iii) the interest of the person in controlling the information held by others about him (information privacy); and (iv) the interest in freedom from surveillance and from interception of one’s communications (communications and surveillance privacy). According to this categorisation, personal data privacy falls under information privacy.
The right to privacy has been gradually established as one of the fundamental rights of the citizen and is widely recognised as such by international and regional human rights bodies as well as in the domestic legislation of many nations.
Article 17 of the International Covenant on Civil and Political Rightswhich directly derives from Article 12 of the Universal Declaration of Human Rights (1948), provides:
1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
2. Everyone has the right to the protection of the law against such interference or attacks.
Article 8 (1) “Right to respect for private and family life” of the European Convention on Human Rights (1950) also guarantees that “Everyone has the right to respect for his private and family life, his home and his correspondence”.
In Hong Kong, the right to privacy as stipulated in the ICCPR was incorporated into law before the handover by way of the Hong Kong Bill of Rights Ordinance (Cap 383, 1991). Actually, Article 14 in this document, stipulating the protection of privacy, family, home, correspondence, honour and reputation, is simply a replica of the above quoted Article 17 of the ICCPR. Since the handover of Hong Kong, the right to privacy has acquired a constitutional status by virtue of Article 39 of the Basic Law of the Hong Kong and this has been compounded by the subsequent case law as well. Suffice to say that a constitutional framework of privacy law is already in place in Hong Kong.
Personal records have been with us for as long as the written word has, but computerisation of them has become widespread only since the second half of the twentieth century. This development has revolutionised personal record-keeping, because of the ease of storing, retrieving, combining and transferring data. On the one hand, technology has significantly enhanced the quality of human life, but on the other public concern has arisen about the privacy implications of the resulting large-scale dissemination of personal data. This situation has called for increased lawmaking on information privacy.
Hong Kong has taken the lead in the field of data protection. In 1995, the Personal Data (Privacy) Ordinance (Cap 486) was adopted to implement information privacy protection. The introduction of this law has imposed security safeguards on the keeping of personal data by a “data user” and granted the individual (as “data subject”) the right to obtain copies of, and correct, personal data which relates to him. Most significantly for Hong Kong, the Office of the Privacy Commissioner for Personal Data, an independent statutory body, was set up to oversee the enforcement of the Ordinance in 1996.
Since the enactment of the law and the establishment of the Office of the Privacy Commissioner for Personal Data, Hong Kong has made great achievements in the protection of the right to privacy in general, and of personal data (privacy) in particular. The Hong Kong experience deserves praise along with wider dissemination and recognition.
From a law professor’s perspective, the primary purpose of printing this book, Personal Data (Privacy) Law in Hong Kong: A Practical Guide on Compliance, is three-fold: firstly, to provide an easy reference to legal professionals, governmental officials, and corporate staff, who are the major data users; secondly, to provide the general public with quick and direct access to the personal data (privacy) law of Hong Kong; and thirdly, to disseminate Hong Kong’s experience to a wider international audience through international publication distribution channels.
City University of Hong Kong Press is proud to be part of this significant enterprise. Personally, I am honored to be invited to co-edit this important work. For this, I am particularly grateful to Mr. Stephen Kai-yi WONG, the Privacy Commissioner for Personal Data, for his kind and friendly invitation, and also to his dedicated colleagues whose professionalism and efficiency has greatly impressed me. Last but not least, I wish to record my sincere thanks to my colleagues from the Press and in particular, to Edmund CHAN and Joanna PIERCE. I cherish this experience of collaboration between the two institutions very much.
天天爆殺 
今日66折 
博客來
博客來
博客來
博客來
博客來
常見問題
線上客服
客服信箱
