具体描述
The idea of a right to privacy, which arose in reaction to the rapid rise of newspapers, instant photography and the “paparazzi” of the 19th century, has evolved into a constitutional right in much of the developed world. It is enshrined in Hong Kong through Articles 28, 29, 30 and 39 of the Basic Law. Hong Kong stands proud as the first jurisdiction in Asia to enact legislation to safeguard personal data in the form of the Personal Data (Privacy) Ordinance, Cap 486 (“the Ordinance”) which came into force in 1996. At its centre are the six Data Protection Principles based on the 1980 OECD Guidelines. The office of the Privacy Commissioner for Personal Data was created under this legislation to provide oversight and ensure compliance. The Octopus scandal in mid-2010 eventually led to substantial changes being made to the Ordinance that were enacted in 2012 and 2013, the main amendments being the Direct Marketing provisions and the provision of legal assistance and representation to aggrieved persons. In this digital age, the Ordinance is proving to be the main safeguard of our privacy rights.
The Data Protection Principles seek to create broad common principles based on fairness that apply to the public and private sectors. The passage of twenty years since the enactment of the Ordinance has given rise to a substantial body of case law and administrative decisions on these principles and the other provisions of the Ordinance. The new amendments have already been the subject of judicial scrutiny. This publication, which replaces its predecessor, has the dual aim of becoming a practitioner’s guide on the important subject of personal data privacy, containing, as it does, a detailed exposition of the principles and provisions in the Ordinance and a comprehensive source of reference materials, and of enabling the Privacy Commissioner to discharge his major duty to promote awareness and understanding of the Ordinance.
The Data Protection Principles seek to create broad common principles based on fairness that apply to the public and private sectors. The passage of twenty years since the enactment of the Ordinance has given rise to a substantial body of case law and administrative decisions on these principles and the other provisions of the Ordinance. The new amendments have already been the subject of judicial scrutiny. This publication, which replaces its predecessor, has the dual aim of becoming a practitioner’s guide on the important subject of personal data privacy, containing, as it does, a detailed exposition of the principles and provisions in the Ordinance and a comprehensive source of reference materials, and of enabling the Privacy Commissioner to discharge his major duty to promote awareness and understanding of the Ordinance.
香港个人资料(私隐)法:合规实践指南 本书旨在为企业和个人提供一份全面、深入且极具实操性的指南,解析香港《个人资料(私隐)条例》(第486章)(PDPO)的复杂要求,并提供清晰、可操作的合规策略。 第一部分:理解法律框架与核心原则 本指南首先将带读者深入剖析香港个人资料保护立法的根基——《个人资料(私隐)条例》(PDPO)的完整结构与发展脉络。我们将详细阐述PDPO如何从根本上规范个人资料的收集、使用、披露和存储,及其在数字时代背景下面临的挑战与适应性调整。 第一章:PDPO的法律体系与历史沿革 条例概述与适用范围: 详细界定PDPO管辖的对象、资料类型(包括识别性资料、敏感个人资料等)以及法律的地域管辖范围。 关键定义解析: 对“个人资料”、“资料使用者”、“资料受托人”等核心术语进行精准界定,确保读者对法律责任主体有清晰的认识。 历史性修订与最新趋势: 追溯PDPO自1995年颁布以来的主要修订(例如涉及数据跨境传输和安全事故报告的最新变化),分析这些修订对企业日常运营的实质性影响。 第二章:六项资料保障原则的深度解读 PDPO的基石在于六项资料保障原则。本书将逐一拆解每项原则的法律要求、实践中的常见误区以及如何将其融入日常业务流程。 1. 收集资料的目的及方式原则: 探讨如何确保资料收集的“合法、正当和必要性”,并提供构建有效“收集个人资料摘要”(Collection Statement)的实用模板与范例。 2. 用途限制原则: 深入分析“新目的使用”的限制,详细论述在何种情况下可以免除向个人征求同意进行二次使用,并提供详尽的案例分析。 3. 资料准确性原则: 阐述资料使用者维护资料准确性的责任,以及处理个人更正或删除请求的法定程序和时限要求。 4. 保存期限原则: 指导企业如何制定合理的资料保存政策,以满足法律要求,同时避免不必要的风险积累。 5. 安全保障原则: 这是合规工作的重中之重。本章将详细介绍技术和组织安全措施(TOMs)的制定标准,涵盖数据加密、访问控制、员工培训以及应对网络攻击的准备工作。 6. 开放和透明原则: 讲解如何实现资料使用政策的透明化,确保个人能够方便地获取其个人资料的查阅和更正。 第二部分:合规实务操作与治理架构 本部分将从组织管理和具体业务场景入手,提供建立和维护个人资料保护合规体系的实操工具和路线图。 第三章:建立内部数据治理体系 隐私影响评估(PIA)的应用: 介绍在启动新项目或引入新技术(如AI、大数据分析)前,如何系统地进行隐私影响评估,识别和减轻潜在风险。 隐私政策的构建与维护: 提供撰写符合法律要求且易于公众理解的隐私政策的结构指南,并强调定期审查和更新的重要性。 任命与职能划分: 探讨设置数据保护主任(DPO)或指定合规联络人的必要性,并明确其在组织内部的权责范围。 员工培训与意识提升: 设计针对不同岗位(如市场、人力资源、IT部门)的定制化隐私培训模块,确保“合规文化”渗透到组织每一个角落。 第四章:数据主体权利的履行 PDPO赋予了个人多项关键权利。本章将指导企业如何高效、合规地响应这些请求。 查阅及更正权: 制定标准化的请求处理流程(SOP),明确接收、核实身份、准备资料及回复的时限与费用收取标准。 撤回同意权的应对: 详细分析撤回同意对持续性数据处理活动(如电子直接促销)的影响,以及如何快速有效地停止相关数据使用。 第五章:高风险场景下的特殊合规要点 本指南聚焦于现代企业运营中最常触及法律红线的领域。 电子直接促销(EDM)的合规: 深入解析《非应邀约见管制(个人资料)(隐私)条例实施细则》的要求,包括“明确同意”、“事前通知”和“选择退出”(Opt-out)机制的设置,并提供有效的电子营销合规检查清单。 数据跨境传输的合规性: 鉴于全球数据流动的普遍性,本章将详细阐述PDPO在跨境传输个人资料时对接收方安全保障的要求,并讨论如何利用合同机制(如标准合同条款)来降低传输风险。 人力资源管理中的隐私挑战: 探讨在招聘、绩效评估、员工监控等阶段收集和使用雇员数据的法律边界,平衡雇主管理权与雇员隐私权。 第三部分:风险管理、执法与未来展望 本部分着眼于如何应对合规失误,以及预测未来监管环境的变化。 第六章:数据安全事故响应与通知义务 随着香港引入更严格的数据泄露通知机制,本章提供了从发现泄露到完成报告的应急响应蓝图。 事件分类与严重性评估: 如何快速判断数据泄露事件是否构成需要通知个人资料私隐专员公署(PCPD)的“严重事故”。 危机沟通与透明度: 制定与受影响个人沟通的策略,确保通知内容清晰、及时,并符合法律规定的要素。 事后补救与根源分析: 强调通过事后审计来改进安全控制措施,防止未来再次发生类似事件。 第七章:个人资料私隐专员公署(PCPD)的执法行动 调查程序与权力: 介绍PCPD的调查权限,包括进入、搜查和取证的程序,帮助企业理解面对调查时的应对策略。 处罚机制与法律后果: 详细列举违反PDPO的各类罚款上限和潜在的刑事责任,分析近期PCPD的执法案例,以儆效尤。 第八章:个人资料私隐法的未来:全球趋势与香港的接轨 与国际标准的比较: 将PDPO与GDPR、CCPA等主要国际隐私法进行对比分析,识别香港企业未来可能需要迎合的全球标准。 新兴技术带来的监管前瞻: 探讨生物识别数据、去标识化技术在香港的法律地位,以及如何预见未来的监管方向,提前布局合规策略。 --- 本书特色: 实务导向: 拒绝空泛的理论阐述,聚焦于企业在日常运营中必须面对的实际问题。 案例驱动: 结合香港本地的经典案例和PCPD的执法决定,提供生动的法律适用情境。 工具箱支持: 随书附带的资源包包括隐私政策模板、合规检查清单、风险评估表格等,可即时应用于工作流程。 本书适合对象: 企业董事会成员、数据保护主任(DPO)、首席信息安全官(CISO)、法律顾问、合规经理、人力资源及市场部门负责人,以及所有希望深入理解和严格遵守香港个人资料保护法律的专业人士。
著者信息
作者简介
Mr. Stephen Kai-yi WONG
Mr. Stephen WONG is the Privacy Commissioner for Personal Data in Hong Kong. He is also a Barrister and Adjunct Professor of the School of Law, City University of Hong Kong.
Professor Guobin ZHU
Guobin ZHU is a Professor in the School of Law, City University of Hong Kong and also the Director of City University of Hong Kong Press.
Mr. Stephen Kai-yi WONG
Mr. Stephen WONG is the Privacy Commissioner for Personal Data in Hong Kong. He is also a Barrister and Adjunct Professor of the School of Law, City University of Hong Kong.
Professor Guobin ZHU
Guobin ZHU is a Professor in the School of Law, City University of Hong Kong and also the Director of City University of Hong Kong Press.
图书目录
Chapter 1 Introduction
Chapter 2 The Meaning of “Personal Data”
Chapter 3 The Meaning of “Collect”
Chapter 4 The Meaning of “Data User”
Chapter 5 Data Protection Principle 1
Chapter 6 Data Protection Principle 2
Chapter 7 Data Protection Principle 3
Chapter 8 Data Protection Principle 4
Chapter 9 Data Protection Principle 5
Chapter 10 Data Protection Principle 6(a) to (d) and the Data Access Provisions in Part 5
Chapter 11 Data Protection Principle 6(e) to (g) and the Data Correction Provisions in Part 5
Chapter 12 Exemption Provisions in Part 8
Chapter 2 The Meaning of “Personal Data”
Chapter 3 The Meaning of “Collect”
Chapter 4 The Meaning of “Data User”
Chapter 5 Data Protection Principle 1
Chapter 6 Data Protection Principle 2
Chapter 7 Data Protection Principle 3
Chapter 8 Data Protection Principle 4
Chapter 9 Data Protection Principle 5
Chapter 10 Data Protection Principle 6(a) to (d) and the Data Access Provisions in Part 5
Chapter 11 Data Protection Principle 6(e) to (g) and the Data Correction Provisions in Part 5
Chapter 12 Exemption Provisions in Part 8
图书序言
序
Stephen Kai-yi WONG
In 1996, Hong Kong enforced the Personal Data (Privacy) Ordinance, Cap 486, Laws of Hong Kong (“the Ordinance”) and became the first jurisdiction in Asia operating with a dedicated piece of legislation on personal data privacy protection. The Privacy Commissioner for Personal Data (“the PCPD”) was created in the same year, being the statutory body independent of the Government to oversee the compliance of the Ordinance.
The publication of this book coincides with the twentieth anniversary of the founding of the regulatory framework of personal data privacy in Hong Kong, reflecting on the changes which its two decades of life and growth have seen.
The origin of the law is attributable to the 1995 EU Directive which aimed to protect the fundamental rights and freedoms of natural persons, in particular their right to privacy with respect to the processing of personal data without restricting or prohibiting the free flow of personal data.
PDP (Personal data privacy) was an acronym of which few had any understanding at that time. The first decade of the operation, amid the Information Age, was one of slow growth, until 2009 when there was a marked increase in the transfer and sale of customers’ personal data by enterprises for direct marketing purposes.
>In 2012, the Ordinance was substantially amended as a result of a comprehensive review of the regulatory regime on direct marketing and the impact of information and communications technology on privacy protection.
As revealed in the findings of a surveyundertaken in 2014, personal data privacy has become a popular issue on both social agendas and those of senior management. An in-depth understanding of the Ordinance is considered an asset by individuals, organisations and practitioners alike.
It is not surprising that there are not many judicial decisions on the law as twenty years is not a lengthy period for the development of a new area of law. There are however hundreds of decisions made by the Administrative Appeals Board which is a quasi-judicial body established by statute to determine appeals lodged against the decisions made by the Commissioner in relation to complaints. Many of these quasi-judicial decisions are also published by the PCPD to ensure transparency of the reasoning and application of the law. The PCPD has the benefit of twenty years of experience as the regulator, receiving in the region of 20,000 enquiries and determining about 2,000 complaints on a yearly basis. With the start of the third decade of the operation of the PCPD amid this Age of Artificial Intelligence, this book is offered as a practical guide on compliance to all stakeholders, as well as those who are interested in the personal data privacy landscape in Hong Kong.
My learned predecessors published the first and second editions of a handbook entitled Data Protection Principles in the Personal Data (Privacy) Ordinance — from the Privacy Commissioner’s perspective in 2006 and 2010 respectively. Expanding on the commendable initiative of my predecessors, I attempt to roll out an all-in-one guide on personal data privacy law in Hong Kong, which also offers updates on the 2012 legislative amendments as well as other selected texts, cases and materials up to February 2016. Case notes of significant court judgments and Administrative Appeals Board decisions, as well as the three Codes of Practice issued by the PCPD are annexed.
This book is organised and written with a view to explaining the conceptual, legal and practical frameworks of the personal data privacy protection in Hong Kong, in the hope that readers, individuals or organisations; professionals or otherwise, will find it easy and user-friendly to delve into the most relevant statutory provisions for their need or interest in the topics.
I cannot thank enough all of the contributors who helped to make the publication of this book a reality, but special thanks must go to the Honourable Mr. Justice BHARWANEY for his Lordship’s support in writing the most inspirational foreword to this book, Professor Guobin ZHU for being the co-editor with me, and the editorial team in my office. I would also like to record my appreciation to City University of Hong Kong Press for its dedicated efforts in providing valued assistance and publishing this book.
Guobin ZHU, PhD
Over 125 years ago, Samuel Warren and Louis Brandeis first published “The Right to Privacy” in the Harvard Law Review (4 Harvard L.R. 193, Dec. 15, 1890), in which they articulated that right primarily as a “right to be let alone”. This article, widely regarded as the first publication in the United States (and indeed the world) to advocate a right to privacy, opened a new page in the history of citizens’ rights protection, and its influence, together with the concept of privacy, quickly travelled far beyond the American borders.
Although there is no uniform definition of the notion of privacy, it remains commonly understood as the “right to be let alone”. Privacy certainly has a wider coverage in comparison to personal data privacy, the theme of the present guide. The Law Reform Commission of Australia, cited by many as an authority, has identified four categories of privacy interests requiring legal protection, namely: (i) the interest in controlling entry to a personal place (territorial privacy); (ii) the interest in freedom from interference with one’s person and personal space (privacy of the person); (iii) the interest of the person in controlling the information held by others about him (information privacy); and (iv) the interest in freedom from surveillance and from interception of one’s communications (communications and surveillance privacy). According to this categorisation, personal data privacy falls under information privacy.
The right to privacy has been gradually established as one of the fundamental rights of the citizen and is widely recognised as such by international and regional human rights bodies as well as in the domestic legislation of many nations.
Article 17 of the International Covenant on Civil and Political Rightswhich directly derives from Article 12 of the Universal Declaration of Human Rights (1948), provides:
1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
2. Everyone has the right to the protection of the law against such interference or attacks.
Article 8 (1) “Right to respect for private and family life” of the European Convention on Human Rights (1950) also guarantees that “Everyone has the right to respect for his private and family life, his home and his correspondence”.
In Hong Kong, the right to privacy as stipulated in the ICCPR was incorporated into law before the handover by way of the Hong Kong Bill of Rights Ordinance (Cap 383, 1991). Actually, Article 14 in this document, stipulating the protection of privacy, family, home, correspondence, honour and reputation, is simply a replica of the above quoted Article 17 of the ICCPR. Since the handover of Hong Kong, the right to privacy has acquired a constitutional status by virtue of Article 39 of the Basic Law of the Hong Kong and this has been compounded by the subsequent case law as well. Suffice to say that a constitutional framework of privacy law is already in place in Hong Kong.
Personal records have been with us for as long as the written word has, but computerisation of them has become widespread only since the second half of the twentieth century. This development has revolutionised personal record-keeping, because of the ease of storing, retrieving, combining and transferring data. On the one hand, technology has significantly enhanced the quality of human life, but on the other public concern has arisen about the privacy implications of the resulting large-scale dissemination of personal data. This situation has called for increased lawmaking on information privacy.
Hong Kong has taken the lead in the field of data protection. In 1995, the Personal Data (Privacy) Ordinance (Cap 486) was adopted to implement information privacy protection. The introduction of this law has imposed security safeguards on the keeping of personal data by a “data user” and granted the individual (as “data subject”) the right to obtain copies of, and correct, personal data which relates to him. Most significantly for Hong Kong, the Office of the Privacy Commissioner for Personal Data, an independent statutory body, was set up to oversee the enforcement of the Ordinance in 1996.
Since the enactment of the law and the establishment of the Office of the Privacy Commissioner for Personal Data, Hong Kong has made great achievements in the protection of the right to privacy in general, and of personal data (privacy) in particular. The Hong Kong experience deserves praise along with wider dissemination and recognition.
From a law professor’s perspective, the primary purpose of printing this book, Personal Data (Privacy) Law in Hong Kong: A Practical Guide on Compliance, is three-fold: firstly, to provide an easy reference to legal professionals, governmental officials, and corporate staff, who are the major data users; secondly, to provide the general public with quick and direct access to the personal data (privacy) law of Hong Kong; and thirdly, to disseminate Hong Kong’s experience to a wider international audience through international publication distribution channels.
City University of Hong Kong Press is proud to be part of this significant enterprise. Personally, I am honored to be invited to co-edit this important work. For this, I am particularly grateful to Mr. Stephen Kai-yi WONG, the Privacy Commissioner for Personal Data, for his kind and friendly invitation, and also to his dedicated colleagues whose professionalism and efficiency has greatly impressed me. Last but not least, I wish to record my sincere thanks to my colleagues from the Press and in particular, to Edmund CHAN and Joanna PIERCE. I cherish this experience of collaboration between the two institutions very much.
Stephen Kai-yi WONG
In 1996, Hong Kong enforced the Personal Data (Privacy) Ordinance, Cap 486, Laws of Hong Kong (“the Ordinance”) and became the first jurisdiction in Asia operating with a dedicated piece of legislation on personal data privacy protection. The Privacy Commissioner for Personal Data (“the PCPD”) was created in the same year, being the statutory body independent of the Government to oversee the compliance of the Ordinance.
The publication of this book coincides with the twentieth anniversary of the founding of the regulatory framework of personal data privacy in Hong Kong, reflecting on the changes which its two decades of life and growth have seen.
The origin of the law is attributable to the 1995 EU Directive which aimed to protect the fundamental rights and freedoms of natural persons, in particular their right to privacy with respect to the processing of personal data without restricting or prohibiting the free flow of personal data.
PDP (Personal data privacy) was an acronym of which few had any understanding at that time. The first decade of the operation, amid the Information Age, was one of slow growth, until 2009 when there was a marked increase in the transfer and sale of customers’ personal data by enterprises for direct marketing purposes.
>In 2012, the Ordinance was substantially amended as a result of a comprehensive review of the regulatory regime on direct marketing and the impact of information and communications technology on privacy protection.
As revealed in the findings of a surveyundertaken in 2014, personal data privacy has become a popular issue on both social agendas and those of senior management. An in-depth understanding of the Ordinance is considered an asset by individuals, organisations and practitioners alike.
It is not surprising that there are not many judicial decisions on the law as twenty years is not a lengthy period for the development of a new area of law. There are however hundreds of decisions made by the Administrative Appeals Board which is a quasi-judicial body established by statute to determine appeals lodged against the decisions made by the Commissioner in relation to complaints. Many of these quasi-judicial decisions are also published by the PCPD to ensure transparency of the reasoning and application of the law. The PCPD has the benefit of twenty years of experience as the regulator, receiving in the region of 20,000 enquiries and determining about 2,000 complaints on a yearly basis. With the start of the third decade of the operation of the PCPD amid this Age of Artificial Intelligence, this book is offered as a practical guide on compliance to all stakeholders, as well as those who are interested in the personal data privacy landscape in Hong Kong.
My learned predecessors published the first and second editions of a handbook entitled Data Protection Principles in the Personal Data (Privacy) Ordinance — from the Privacy Commissioner’s perspective in 2006 and 2010 respectively. Expanding on the commendable initiative of my predecessors, I attempt to roll out an all-in-one guide on personal data privacy law in Hong Kong, which also offers updates on the 2012 legislative amendments as well as other selected texts, cases and materials up to February 2016. Case notes of significant court judgments and Administrative Appeals Board decisions, as well as the three Codes of Practice issued by the PCPD are annexed.
This book is organised and written with a view to explaining the conceptual, legal and practical frameworks of the personal data privacy protection in Hong Kong, in the hope that readers, individuals or organisations; professionals or otherwise, will find it easy and user-friendly to delve into the most relevant statutory provisions for their need or interest in the topics.
I cannot thank enough all of the contributors who helped to make the publication of this book a reality, but special thanks must go to the Honourable Mr. Justice BHARWANEY for his Lordship’s support in writing the most inspirational foreword to this book, Professor Guobin ZHU for being the co-editor with me, and the editorial team in my office. I would also like to record my appreciation to City University of Hong Kong Press for its dedicated efforts in providing valued assistance and publishing this book.
Guobin ZHU, PhD
Over 125 years ago, Samuel Warren and Louis Brandeis first published “The Right to Privacy” in the Harvard Law Review (4 Harvard L.R. 193, Dec. 15, 1890), in which they articulated that right primarily as a “right to be let alone”. This article, widely regarded as the first publication in the United States (and indeed the world) to advocate a right to privacy, opened a new page in the history of citizens’ rights protection, and its influence, together with the concept of privacy, quickly travelled far beyond the American borders.
Although there is no uniform definition of the notion of privacy, it remains commonly understood as the “right to be let alone”. Privacy certainly has a wider coverage in comparison to personal data privacy, the theme of the present guide. The Law Reform Commission of Australia, cited by many as an authority, has identified four categories of privacy interests requiring legal protection, namely: (i) the interest in controlling entry to a personal place (territorial privacy); (ii) the interest in freedom from interference with one’s person and personal space (privacy of the person); (iii) the interest of the person in controlling the information held by others about him (information privacy); and (iv) the interest in freedom from surveillance and from interception of one’s communications (communications and surveillance privacy). According to this categorisation, personal data privacy falls under information privacy.
The right to privacy has been gradually established as one of the fundamental rights of the citizen and is widely recognised as such by international and regional human rights bodies as well as in the domestic legislation of many nations.
Article 17 of the International Covenant on Civil and Political Rightswhich directly derives from Article 12 of the Universal Declaration of Human Rights (1948), provides:
1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
2. Everyone has the right to the protection of the law against such interference or attacks.
Article 8 (1) “Right to respect for private and family life” of the European Convention on Human Rights (1950) also guarantees that “Everyone has the right to respect for his private and family life, his home and his correspondence”.
In Hong Kong, the right to privacy as stipulated in the ICCPR was incorporated into law before the handover by way of the Hong Kong Bill of Rights Ordinance (Cap 383, 1991). Actually, Article 14 in this document, stipulating the protection of privacy, family, home, correspondence, honour and reputation, is simply a replica of the above quoted Article 17 of the ICCPR. Since the handover of Hong Kong, the right to privacy has acquired a constitutional status by virtue of Article 39 of the Basic Law of the Hong Kong and this has been compounded by the subsequent case law as well. Suffice to say that a constitutional framework of privacy law is already in place in Hong Kong.
Personal records have been with us for as long as the written word has, but computerisation of them has become widespread only since the second half of the twentieth century. This development has revolutionised personal record-keeping, because of the ease of storing, retrieving, combining and transferring data. On the one hand, technology has significantly enhanced the quality of human life, but on the other public concern has arisen about the privacy implications of the resulting large-scale dissemination of personal data. This situation has called for increased lawmaking on information privacy.
Hong Kong has taken the lead in the field of data protection. In 1995, the Personal Data (Privacy) Ordinance (Cap 486) was adopted to implement information privacy protection. The introduction of this law has imposed security safeguards on the keeping of personal data by a “data user” and granted the individual (as “data subject”) the right to obtain copies of, and correct, personal data which relates to him. Most significantly for Hong Kong, the Office of the Privacy Commissioner for Personal Data, an independent statutory body, was set up to oversee the enforcement of the Ordinance in 1996.
Since the enactment of the law and the establishment of the Office of the Privacy Commissioner for Personal Data, Hong Kong has made great achievements in the protection of the right to privacy in general, and of personal data (privacy) in particular. The Hong Kong experience deserves praise along with wider dissemination and recognition.
From a law professor’s perspective, the primary purpose of printing this book, Personal Data (Privacy) Law in Hong Kong: A Practical Guide on Compliance, is three-fold: firstly, to provide an easy reference to legal professionals, governmental officials, and corporate staff, who are the major data users; secondly, to provide the general public with quick and direct access to the personal data (privacy) law of Hong Kong; and thirdly, to disseminate Hong Kong’s experience to a wider international audience through international publication distribution channels.
City University of Hong Kong Press is proud to be part of this significant enterprise. Personally, I am honored to be invited to co-edit this important work. For this, I am particularly grateful to Mr. Stephen Kai-yi WONG, the Privacy Commissioner for Personal Data, for his kind and friendly invitation, and also to his dedicated colleagues whose professionalism and efficiency has greatly impressed me. Last but not least, I wish to record my sincere thanks to my colleagues from the Press and in particular, to Edmund CHAN and Joanna PIERCE. I cherish this experience of collaboration between the two institutions very much.
图书试读
用户评价
评分
香港的个人资料(隐私)法,对于台湾的我们来说,一直是个既熟悉又陌生的领域。熟悉是因为两地在法律体系上都有共通之处,毕竟都深受英美法律的影响;陌生则在于香港的《个人资料(私隐)条例》(PDPO)在具体实施和解释上,与台湾的《个人资料保护法》存在不少差异。我从事跨境电商已经五年,经常需要处理来自香港的客户资料,一开始真的摸不着头脑,生怕一不小心就触犯了当地的法律。后来,我开始有意识地去了解香港的PDPO,发现它对“个人资料”的定义比台湾更广泛,涵盖了所有能识别个人的信息,即使这些信息本身看似无害。而且,香港的PDPO强调“资料使用者”的责任,要求企业在收集、使用、保存个人资料时,必须遵循六项原则,包括收集目的的明确性、资料的准确性、资料的保密性等等。这些原则看似简单,但实际操作起来却有很多细节需要注意。例如,在收集客户的信用卡信息时,必须确保数据传输的安全性,并告知客户信息将被用于何处。另外,香港的PDPO还设立了私隐专员公署(PCP),负责监督和执行PDPO,PCP的权力相当大,可以对违规行为进行调查和处罚。所以,对于经常与香港市场打交道的台湾企业来说,了解香港的个人资料保护法律至关重要,否则很容易陷入法律风险。
评分身为一名在台湾的法律系学生,我最近在研究比较不同地区的隐私法,香港的个人资料保护条例自然是重点之一。坦白说,一开始我以为香港的法规会和台湾的非常相似,毕竟地理位置近,文化背景也相近。但深入研究后,我发现两者之间存在着微妙但重要的差异。香港的PDPO更强调“自律”,鼓励企业通过制定内部政策和程序来保护个人资料,而不是完全依赖政府的强制执行。这种自律的方式,在一定程度上体现了香港自由经济的理念。然而,这种自律也存在一定的局限性,因为并非所有企业都会主动遵守相关规定。此外,香港的PDPO在“直接营销”方面也有一些特殊的规定,例如,企业在向客户发送营销信息之前,必须获得客户的明确同意,并且提供客户选择退订的机制。这些规定对于台湾的营销人员来说,可能需要重新调整策略。我特别感兴趣的是香港的“数据转移”规定,香港允许将个人资料转移到其他国家或地区,但前提是这些国家或地区必须提供与香港同等的个人资料保护水平。这对于台湾企业来说,意味着在向香港出口个人资料时,需要确保台湾的个人资料保护法符合香港的要求。总而言之,香港的个人资料保护条例是一个值得深入研究的法律体系,它不仅可以帮助我们了解香港的法律环境,还可以为我们完善台湾的个人资料保护法提供借鉴。
评分作为一名长期关注科技伦理的媒体工作者,我一直对不同国家和地区的个人资料保护法律保持着高度的关注。香港的《个人资料(私隐)条例》在我看来,是一个兼具实用性和前瞻性的法律体系。它不仅充分借鉴了国际上的先进经验,例如欧盟的GDPR,而且结合了香港的实际情况,制定了一系列具有针对性的规定。我特别欣赏香港PDPO对“数据可携性”的规定,允许个人要求企业将自己的个人资料转移到其他企业,这对于促进市场竞争和保护消费者权益具有重要意义。然而,香港PDPO也存在一些不足之处,例如,对“算法透明度”的关注不够,没有明确要求企业公开算法的运作机制,这可能会导致算法歧视等问题。此外,香港PDPO的执行力度也需要加强,目前PCP的处罚力度相对较轻,难以对违规行为形成有效的震慑。我曾经采访过一位香港的隐私保护专家,他告诉我,香港PDPO的修订已经提上议程,未来可能会对算法透明度、数据可携性等方面进行进一步的完善。我认为,香港PDPO的修订是一个积极的信号,它表明香港政府正在认真对待个人资料保护问题,并努力构建一个更加安全、透明和公正的数字环境。对于台湾来说,香港PDPO的经验和教训都具有重要的参考价值,我们可以借鉴香港PDPO的优点,并避免其不足之处,从而完善台湾的个人资料保护法。
评分我是一名在香港工作的台湾律师,主要从事商业诉讼和合规咨询。在为客户提供法律服务时,我经常会遇到涉及个人资料保护的问题。香港的《个人资料(私隐)条例》是我的工作重点之一。我发现,很多台湾企业在进入香港市场时,对香港的PDPO缺乏足够的了解,导致在合规方面存在很多问题。例如,有些企业在收集客户的个人资料时,没有明确告知客户收集的目的和使用方式,或者没有获得客户的明确同意。有些企业在处理个人资料时,没有采取足够的数据安全措施,导致个人资料泄露。这些行为都可能违反香港的PDPO,并面临法律风险。为了帮助台湾企业避免这些风险,我经常会举办一些法律讲座和培训课程,向他们介绍香港的PDPO,并提供合规建议。我发现,台湾企业普遍对香港PDPO的“六项原则”比较陌生,这六项原则是香港PDPO的核心内容,包括收集目的的明确性、资料的准确性、资料的保密性、资料的使用限制、资料的保存期限和资料的访问权。我建议台湾企业在进入香港市场之前,务必认真学习这六项原则,并将其融入到企业的日常运营中。此外,我还建议台湾企业聘请专业的法律顾问,定期进行合规审查,及时发现和解决潜在的法律风险。总而言之,香港的个人资料保护法律是一个复杂而重要的领域,对于台湾企业来说,了解和遵守香港的PDPO至关重要。
评分我是一家小型科技新创公司的创始人,我们最近开始拓展香港市场。在进入香港之前,我花了很多时间研究当地的法律法规,其中最让我头疼的就是个人资料保护问题。我发现香港的PDPO对“个人资料”的定义非常广泛,几乎涵盖了所有能识别个人的信息,这让我感到有些措手不及。更让我担心的是,香港的PDPO对“数据安全”的要求非常高,要求企业采取各种技术和组织措施来保护个人资料,防止未经授权的访问、使用、披露、复制、修改或销毁。作为一家小型公司,我们并没有足够的资源来建立一个完善的数据安全体系。为了解决这个问题,我咨询了一家专业的法律顾问公司,他们建议我们采取一些切实可行的措施,例如,对员工进行数据安全培训,定期进行安全漏洞扫描,使用加密技术保护敏感数据等等。此外,我们还制定了一份详细的隐私政策,明确告知客户我们如何收集、使用、保存和保护他们的个人资料。在实际操作中,我们发现香港的PDPO对“同意”的要求非常严格,要求企业在收集个人资料之前,必须获得客户的明确同意,并且告知客户收集的目的、使用方式和保存期限。这对于我们来说,是一个很大的挑战,因为我们经常需要收集客户的个人资料才能提供服务。但是,我们最终还是通过一些巧妙的设计,例如,在注册页面上添加一个明确的同意条款,并在服务条款中详细说明我们的隐私政策,成功地获得了客户的同意。
相关图书
本站所有内容均为互联网搜索引擎提供的公开搜索信息,本站不存储任何数据与内容,任何内容与数据均与本站无关,如有需要请联系相关搜索引擎包括但不限于百度,google,bing,sogou 等
© 2025 ttbooks.qciss.net All Rights Reserved. 小特书站 版权所有