具體描述
The idea of a right to privacy, which arose in reaction to the rapid rise of newspapers, instant photography and the “paparazzi” of the 19th century, has evolved into a constitutional right in much of the developed world. It is enshrined in Hong Kong through Articles 28, 29, 30 and 39 of the Basic Law. Hong Kong stands proud as the first jurisdiction in Asia to enact legislation to safeguard personal data in the form of the Personal Data (Privacy) Ordinance, Cap 486 (“the Ordinance”) which came into force in 1996. At its centre are the six Data Protection Principles based on the 1980 OECD Guidelines. The office of the Privacy Commissioner for Personal Data was created under this legislation to provide oversight and ensure compliance. The Octopus scandal in mid-2010 eventually led to substantial changes being made to the Ordinance that were enacted in 2012 and 2013, the main amendments being the Direct Marketing provisions and the provision of legal assistance and representation to aggrieved persons. In this digital age, the Ordinance is proving to be the main safeguard of our privacy rights.
The Data Protection Principles seek to create broad common principles based on fairness that apply to the public and private sectors. The passage of twenty years since the enactment of the Ordinance has given rise to a substantial body of case law and administrative decisions on these principles and the other provisions of the Ordinance. The new amendments have already been the subject of judicial scrutiny. This publication, which replaces its predecessor, has the dual aim of becoming a practitioner’s guide on the important subject of personal data privacy, containing, as it does, a detailed exposition of the principles and provisions in the Ordinance and a comprehensive source of reference materials, and of enabling the Privacy Commissioner to discharge his major duty to promote awareness and understanding of the Ordinance.
The Data Protection Principles seek to create broad common principles based on fairness that apply to the public and private sectors. The passage of twenty years since the enactment of the Ordinance has given rise to a substantial body of case law and administrative decisions on these principles and the other provisions of the Ordinance. The new amendments have already been the subject of judicial scrutiny. This publication, which replaces its predecessor, has the dual aim of becoming a practitioner’s guide on the important subject of personal data privacy, containing, as it does, a detailed exposition of the principles and provisions in the Ordinance and a comprehensive source of reference materials, and of enabling the Privacy Commissioner to discharge his major duty to promote awareness and understanding of the Ordinance.
香港個人資料(私隱)法:閤規實踐指南 本書旨在為企業和個人提供一份全麵、深入且極具實操性的指南,解析香港《個人資料(私隱)條例》(第486章)(PDPO)的復雜要求,並提供清晰、可操作的閤規策略。 第一部分:理解法律框架與核心原則 本指南首先將帶讀者深入剖析香港個人資料保護立法的根基——《個人資料(私隱)條例》(PDPO)的完整結構與發展脈絡。我們將詳細闡述PDPO如何從根本上規範個人資料的收集、使用、披露和存儲,及其在數字時代背景下麵臨的挑戰與適應性調整。 第一章:PDPO的法律體係與曆史沿革 條例概述與適用範圍: 詳細界定PDPO管轄的對象、資料類型(包括識彆性資料、敏感個人資料等)以及法律的地域管轄範圍。 關鍵定義解析: 對“個人資料”、“資料使用者”、“資料受托人”等核心術語進行精準界定,確保讀者對法律責任主體有清晰的認識。 曆史性修訂與最新趨勢: 追溯PDPO自1995年頒布以來的主要修訂(例如涉及數據跨境傳輸和安全事故報告的最新變化),分析這些修訂對企業日常運營的實質性影響。 第二章:六項資料保障原則的深度解讀 PDPO的基石在於六項資料保障原則。本書將逐一拆解每項原則的法律要求、實踐中的常見誤區以及如何將其融入日常業務流程。 1. 收集資料的目的及方式原則: 探討如何確保資料收集的“閤法、正當和必要性”,並提供構建有效“收集個人資料摘要”(Collection Statement)的實用模闆與範例。 2. 用途限製原則: 深入分析“新目的使用”的限製,詳細論述在何種情況下可以免除嚮個人徵求同意進行二次使用,並提供詳盡的案例分析。 3. 資料準確性原則: 闡述資料使用者維護資料準確性的責任,以及處理個人更正或刪除請求的法定程序和時限要求。 4. 保存期限原則: 指導企業如何製定閤理的資料保存政策,以滿足法律要求,同時避免不必要的風險積纍。 5. 安全保障原則: 這是閤規工作的重中之重。本章將詳細介紹技術和組織安全措施(TOMs)的製定標準,涵蓋數據加密、訪問控製、員工培訓以及應對網絡攻擊的準備工作。 6. 開放和透明原則: 講解如何實現資料使用政策的透明化,確保個人能夠方便地獲取其個人資料的查閱和更正。 第二部分:閤規實務操作與治理架構 本部分將從組織管理和具體業務場景入手,提供建立和維護個人資料保護閤規體係的實操工具和路綫圖。 第三章:建立內部數據治理體係 隱私影響評估(PIA)的應用: 介紹在啓動新項目或引入新技術(如AI、大數據分析)前,如何係統地進行隱私影響評估,識彆和減輕潛在風險。 隱私政策的構建與維護: 提供撰寫符閤法律要求且易於公眾理解的隱私政策的結構指南,並強調定期審查和更新的重要性。 任命與職能劃分: 探討設置數據保護主任(DPO)或指定閤規聯絡人的必要性,並明確其在組織內部的權責範圍。 員工培訓與意識提升: 設計針對不同崗位(如市場、人力資源、IT部門)的定製化隱私培訓模塊,確保“閤規文化”滲透到組織每一個角落。 第四章:數據主體權利的履行 PDPO賦予瞭個人多項關鍵權利。本章將指導企業如何高效、閤規地響應這些請求。 查閱及更正權: 製定標準化的請求處理流程(SOP),明確接收、核實身份、準備資料及迴復的時限與費用收取標準。 撤迴同意權的應對: 詳細分析撤迴同意對持續性數據處理活動(如電子直接促銷)的影響,以及如何快速有效地停止相關數據使用。 第五章:高風險場景下的特殊閤規要點 本指南聚焦於現代企業運營中最常觸及法律紅綫的領域。 電子直接促銷(EDM)的閤規: 深入解析《非應邀約見管製(個人資料)(隱私)條例實施細則》的要求,包括“明確同意”、“事前通知”和“選擇退齣”(Opt-out)機製的設置,並提供有效的電子營銷閤規檢查清單。 數據跨境傳輸的閤規性: 鑒於全球數據流動的普遍性,本章將詳細闡述PDPO在跨境傳輸個人資料時對接收方安全保障的要求,並討論如何利用閤同機製(如標準閤同條款)來降低傳輸風險。 人力資源管理中的隱私挑戰: 探討在招聘、績效評估、員工監控等階段收集和使用雇員數據的法律邊界,平衡雇主管理權與雇員隱私權。 第三部分:風險管理、執法與未來展望 本部分著眼於如何應對閤規失誤,以及預測未來監管環境的變化。 第六章:數據安全事故響應與通知義務 隨著香港引入更嚴格的數據泄露通知機製,本章提供瞭從發現泄露到完成報告的應急響應藍圖。 事件分類與嚴重性評估: 如何快速判斷數據泄露事件是否構成需要通知個人資料私隱專員公署(PCPD)的“嚴重事故”。 危機溝通與透明度: 製定與受影響個人溝通的策略,確保通知內容清晰、及時,並符閤法律規定的要素。 事後補救與根源分析: 強調通過事後審計來改進安全控製措施,防止未來再次發生類似事件。 第七章:個人資料私隱專員公署(PCPD)的執法行動 調查程序與權力: 介紹PCPD的調查權限,包括進入、搜查和取證的程序,幫助企業理解麵對調查時的應對策略。 處罰機製與法律後果: 詳細列舉違反PDPO的各類罰款上限和潛在的刑事責任,分析近期PCPD的執法案例,以儆效尤。 第八章:個人資料私隱法的未來:全球趨勢與香港的接軌 與國際標準的比較: 將PDPO與GDPR、CCPA等主要國際隱私法進行對比分析,識彆香港企業未來可能需要迎閤的全球標準。 新興技術帶來的監管前瞻: 探討生物識彆數據、去標識化技術在香港的法律地位,以及如何預見未來的監管方嚮,提前布局閤規策略。 --- 本書特色: 實務導嚮: 拒絕空泛的理論闡述,聚焦於企業在日常運營中必須麵對的實際問題。 案例驅動: 結閤香港本地的經典案例和PCPD的執法決定,提供生動的法律適用情境。 工具箱支持: 隨書附帶的資源包包括隱私政策模闆、閤規檢查清單、風險評估錶格等,可即時應用於工作流程。 本書適閤對象: 企業董事會成員、數據保護主任(DPO)、首席信息安全官(CISO)、法律顧問、閤規經理、人力資源及市場部門負責人,以及所有希望深入理解和嚴格遵守香港個人資料保護法律的專業人士。
著者信息
作者簡介
Mr. Stephen Kai-yi WONG
Mr. Stephen WONG is the Privacy Commissioner for Personal Data in Hong Kong. He is also a Barrister and Adjunct Professor of the School of Law, City University of Hong Kong.
Professor Guobin ZHU
Guobin ZHU is a Professor in the School of Law, City University of Hong Kong and also the Director of City University of Hong Kong Press.
Mr. Stephen Kai-yi WONG
Mr. Stephen WONG is the Privacy Commissioner for Personal Data in Hong Kong. He is also a Barrister and Adjunct Professor of the School of Law, City University of Hong Kong.
Professor Guobin ZHU
Guobin ZHU is a Professor in the School of Law, City University of Hong Kong and also the Director of City University of Hong Kong Press.
圖書目錄
Chapter 1 Introduction
Chapter 2 The Meaning of “Personal Data”
Chapter 3 The Meaning of “Collect”
Chapter 4 The Meaning of “Data User”
Chapter 5 Data Protection Principle 1
Chapter 6 Data Protection Principle 2
Chapter 7 Data Protection Principle 3
Chapter 8 Data Protection Principle 4
Chapter 9 Data Protection Principle 5
Chapter 10 Data Protection Principle 6(a) to (d) and the Data Access Provisions in Part 5
Chapter 11 Data Protection Principle 6(e) to (g) and the Data Correction Provisions in Part 5
Chapter 12 Exemption Provisions in Part 8
Chapter 2 The Meaning of “Personal Data”
Chapter 3 The Meaning of “Collect”
Chapter 4 The Meaning of “Data User”
Chapter 5 Data Protection Principle 1
Chapter 6 Data Protection Principle 2
Chapter 7 Data Protection Principle 3
Chapter 8 Data Protection Principle 4
Chapter 9 Data Protection Principle 5
Chapter 10 Data Protection Principle 6(a) to (d) and the Data Access Provisions in Part 5
Chapter 11 Data Protection Principle 6(e) to (g) and the Data Correction Provisions in Part 5
Chapter 12 Exemption Provisions in Part 8
圖書序言
序
Stephen Kai-yi WONG
In 1996, Hong Kong enforced the Personal Data (Privacy) Ordinance, Cap 486, Laws of Hong Kong (“the Ordinance”) and became the first jurisdiction in Asia operating with a dedicated piece of legislation on personal data privacy protection. The Privacy Commissioner for Personal Data (“the PCPD”) was created in the same year, being the statutory body independent of the Government to oversee the compliance of the Ordinance.
The publication of this book coincides with the twentieth anniversary of the founding of the regulatory framework of personal data privacy in Hong Kong, reflecting on the changes which its two decades of life and growth have seen.
The origin of the law is attributable to the 1995 EU Directive which aimed to protect the fundamental rights and freedoms of natural persons, in particular their right to privacy with respect to the processing of personal data without restricting or prohibiting the free flow of personal data.
PDP (Personal data privacy) was an acronym of which few had any understanding at that time. The first decade of the operation, amid the Information Age, was one of slow growth, until 2009 when there was a marked increase in the transfer and sale of customers’ personal data by enterprises for direct marketing purposes.
>In 2012, the Ordinance was substantially amended as a result of a comprehensive review of the regulatory regime on direct marketing and the impact of information and communications technology on privacy protection.
As revealed in the findings of a surveyundertaken in 2014, personal data privacy has become a popular issue on both social agendas and those of senior management. An in-depth understanding of the Ordinance is considered an asset by individuals, organisations and practitioners alike.
It is not surprising that there are not many judicial decisions on the law as twenty years is not a lengthy period for the development of a new area of law. There are however hundreds of decisions made by the Administrative Appeals Board which is a quasi-judicial body established by statute to determine appeals lodged against the decisions made by the Commissioner in relation to complaints. Many of these quasi-judicial decisions are also published by the PCPD to ensure transparency of the reasoning and application of the law. The PCPD has the benefit of twenty years of experience as the regulator, receiving in the region of 20,000 enquiries and determining about 2,000 complaints on a yearly basis. With the start of the third decade of the operation of the PCPD amid this Age of Artificial Intelligence, this book is offered as a practical guide on compliance to all stakeholders, as well as those who are interested in the personal data privacy landscape in Hong Kong.
My learned predecessors published the first and second editions of a handbook entitled Data Protection Principles in the Personal Data (Privacy) Ordinance — from the Privacy Commissioner’s perspective in 2006 and 2010 respectively. Expanding on the commendable initiative of my predecessors, I attempt to roll out an all-in-one guide on personal data privacy law in Hong Kong, which also offers updates on the 2012 legislative amendments as well as other selected texts, cases and materials up to February 2016. Case notes of significant court judgments and Administrative Appeals Board decisions, as well as the three Codes of Practice issued by the PCPD are annexed.
This book is organised and written with a view to explaining the conceptual, legal and practical frameworks of the personal data privacy protection in Hong Kong, in the hope that readers, individuals or organisations; professionals or otherwise, will find it easy and user-friendly to delve into the most relevant statutory provisions for their need or interest in the topics.
I cannot thank enough all of the contributors who helped to make the publication of this book a reality, but special thanks must go to the Honourable Mr. Justice BHARWANEY for his Lordship’s support in writing the most inspirational foreword to this book, Professor Guobin ZHU for being the co-editor with me, and the editorial team in my office. I would also like to record my appreciation to City University of Hong Kong Press for its dedicated efforts in providing valued assistance and publishing this book.
Guobin ZHU, PhD
Over 125 years ago, Samuel Warren and Louis Brandeis first published “The Right to Privacy” in the Harvard Law Review (4 Harvard L.R. 193, Dec. 15, 1890), in which they articulated that right primarily as a “right to be let alone”. This article, widely regarded as the first publication in the United States (and indeed the world) to advocate a right to privacy, opened a new page in the history of citizens’ rights protection, and its influence, together with the concept of privacy, quickly travelled far beyond the American borders.
Although there is no uniform definition of the notion of privacy, it remains commonly understood as the “right to be let alone”. Privacy certainly has a wider coverage in comparison to personal data privacy, the theme of the present guide. The Law Reform Commission of Australia, cited by many as an authority, has identified four categories of privacy interests requiring legal protection, namely: (i) the interest in controlling entry to a personal place (territorial privacy); (ii) the interest in freedom from interference with one’s person and personal space (privacy of the person); (iii) the interest of the person in controlling the information held by others about him (information privacy); and (iv) the interest in freedom from surveillance and from interception of one’s communications (communications and surveillance privacy). According to this categorisation, personal data privacy falls under information privacy.
The right to privacy has been gradually established as one of the fundamental rights of the citizen and is widely recognised as such by international and regional human rights bodies as well as in the domestic legislation of many nations.
Article 17 of the International Covenant on Civil and Political Rightswhich directly derives from Article 12 of the Universal Declaration of Human Rights (1948), provides:
1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
2. Everyone has the right to the protection of the law against such interference or attacks.
Article 8 (1) “Right to respect for private and family life” of the European Convention on Human Rights (1950) also guarantees that “Everyone has the right to respect for his private and family life, his home and his correspondence”.
In Hong Kong, the right to privacy as stipulated in the ICCPR was incorporated into law before the handover by way of the Hong Kong Bill of Rights Ordinance (Cap 383, 1991). Actually, Article 14 in this document, stipulating the protection of privacy, family, home, correspondence, honour and reputation, is simply a replica of the above quoted Article 17 of the ICCPR. Since the handover of Hong Kong, the right to privacy has acquired a constitutional status by virtue of Article 39 of the Basic Law of the Hong Kong and this has been compounded by the subsequent case law as well. Suffice to say that a constitutional framework of privacy law is already in place in Hong Kong.
Personal records have been with us for as long as the written word has, but computerisation of them has become widespread only since the second half of the twentieth century. This development has revolutionised personal record-keeping, because of the ease of storing, retrieving, combining and transferring data. On the one hand, technology has significantly enhanced the quality of human life, but on the other public concern has arisen about the privacy implications of the resulting large-scale dissemination of personal data. This situation has called for increased lawmaking on information privacy.
Hong Kong has taken the lead in the field of data protection. In 1995, the Personal Data (Privacy) Ordinance (Cap 486) was adopted to implement information privacy protection. The introduction of this law has imposed security safeguards on the keeping of personal data by a “data user” and granted the individual (as “data subject”) the right to obtain copies of, and correct, personal data which relates to him. Most significantly for Hong Kong, the Office of the Privacy Commissioner for Personal Data, an independent statutory body, was set up to oversee the enforcement of the Ordinance in 1996.
Since the enactment of the law and the establishment of the Office of the Privacy Commissioner for Personal Data, Hong Kong has made great achievements in the protection of the right to privacy in general, and of personal data (privacy) in particular. The Hong Kong experience deserves praise along with wider dissemination and recognition.
From a law professor’s perspective, the primary purpose of printing this book, Personal Data (Privacy) Law in Hong Kong: A Practical Guide on Compliance, is three-fold: firstly, to provide an easy reference to legal professionals, governmental officials, and corporate staff, who are the major data users; secondly, to provide the general public with quick and direct access to the personal data (privacy) law of Hong Kong; and thirdly, to disseminate Hong Kong’s experience to a wider international audience through international publication distribution channels.
City University of Hong Kong Press is proud to be part of this significant enterprise. Personally, I am honored to be invited to co-edit this important work. For this, I am particularly grateful to Mr. Stephen Kai-yi WONG, the Privacy Commissioner for Personal Data, for his kind and friendly invitation, and also to his dedicated colleagues whose professionalism and efficiency has greatly impressed me. Last but not least, I wish to record my sincere thanks to my colleagues from the Press and in particular, to Edmund CHAN and Joanna PIERCE. I cherish this experience of collaboration between the two institutions very much.
Stephen Kai-yi WONG
In 1996, Hong Kong enforced the Personal Data (Privacy) Ordinance, Cap 486, Laws of Hong Kong (“the Ordinance”) and became the first jurisdiction in Asia operating with a dedicated piece of legislation on personal data privacy protection. The Privacy Commissioner for Personal Data (“the PCPD”) was created in the same year, being the statutory body independent of the Government to oversee the compliance of the Ordinance.
The publication of this book coincides with the twentieth anniversary of the founding of the regulatory framework of personal data privacy in Hong Kong, reflecting on the changes which its two decades of life and growth have seen.
The origin of the law is attributable to the 1995 EU Directive which aimed to protect the fundamental rights and freedoms of natural persons, in particular their right to privacy with respect to the processing of personal data without restricting or prohibiting the free flow of personal data.
PDP (Personal data privacy) was an acronym of which few had any understanding at that time. The first decade of the operation, amid the Information Age, was one of slow growth, until 2009 when there was a marked increase in the transfer and sale of customers’ personal data by enterprises for direct marketing purposes.
>In 2012, the Ordinance was substantially amended as a result of a comprehensive review of the regulatory regime on direct marketing and the impact of information and communications technology on privacy protection.
As revealed in the findings of a surveyundertaken in 2014, personal data privacy has become a popular issue on both social agendas and those of senior management. An in-depth understanding of the Ordinance is considered an asset by individuals, organisations and practitioners alike.
It is not surprising that there are not many judicial decisions on the law as twenty years is not a lengthy period for the development of a new area of law. There are however hundreds of decisions made by the Administrative Appeals Board which is a quasi-judicial body established by statute to determine appeals lodged against the decisions made by the Commissioner in relation to complaints. Many of these quasi-judicial decisions are also published by the PCPD to ensure transparency of the reasoning and application of the law. The PCPD has the benefit of twenty years of experience as the regulator, receiving in the region of 20,000 enquiries and determining about 2,000 complaints on a yearly basis. With the start of the third decade of the operation of the PCPD amid this Age of Artificial Intelligence, this book is offered as a practical guide on compliance to all stakeholders, as well as those who are interested in the personal data privacy landscape in Hong Kong.
My learned predecessors published the first and second editions of a handbook entitled Data Protection Principles in the Personal Data (Privacy) Ordinance — from the Privacy Commissioner’s perspective in 2006 and 2010 respectively. Expanding on the commendable initiative of my predecessors, I attempt to roll out an all-in-one guide on personal data privacy law in Hong Kong, which also offers updates on the 2012 legislative amendments as well as other selected texts, cases and materials up to February 2016. Case notes of significant court judgments and Administrative Appeals Board decisions, as well as the three Codes of Practice issued by the PCPD are annexed.
This book is organised and written with a view to explaining the conceptual, legal and practical frameworks of the personal data privacy protection in Hong Kong, in the hope that readers, individuals or organisations; professionals or otherwise, will find it easy and user-friendly to delve into the most relevant statutory provisions for their need or interest in the topics.
I cannot thank enough all of the contributors who helped to make the publication of this book a reality, but special thanks must go to the Honourable Mr. Justice BHARWANEY for his Lordship’s support in writing the most inspirational foreword to this book, Professor Guobin ZHU for being the co-editor with me, and the editorial team in my office. I would also like to record my appreciation to City University of Hong Kong Press for its dedicated efforts in providing valued assistance and publishing this book.
Guobin ZHU, PhD
Over 125 years ago, Samuel Warren and Louis Brandeis first published “The Right to Privacy” in the Harvard Law Review (4 Harvard L.R. 193, Dec. 15, 1890), in which they articulated that right primarily as a “right to be let alone”. This article, widely regarded as the first publication in the United States (and indeed the world) to advocate a right to privacy, opened a new page in the history of citizens’ rights protection, and its influence, together with the concept of privacy, quickly travelled far beyond the American borders.
Although there is no uniform definition of the notion of privacy, it remains commonly understood as the “right to be let alone”. Privacy certainly has a wider coverage in comparison to personal data privacy, the theme of the present guide. The Law Reform Commission of Australia, cited by many as an authority, has identified four categories of privacy interests requiring legal protection, namely: (i) the interest in controlling entry to a personal place (territorial privacy); (ii) the interest in freedom from interference with one’s person and personal space (privacy of the person); (iii) the interest of the person in controlling the information held by others about him (information privacy); and (iv) the interest in freedom from surveillance and from interception of one’s communications (communications and surveillance privacy). According to this categorisation, personal data privacy falls under information privacy.
The right to privacy has been gradually established as one of the fundamental rights of the citizen and is widely recognised as such by international and regional human rights bodies as well as in the domestic legislation of many nations.
Article 17 of the International Covenant on Civil and Political Rightswhich directly derives from Article 12 of the Universal Declaration of Human Rights (1948), provides:
1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
2. Everyone has the right to the protection of the law against such interference or attacks.
Article 8 (1) “Right to respect for private and family life” of the European Convention on Human Rights (1950) also guarantees that “Everyone has the right to respect for his private and family life, his home and his correspondence”.
In Hong Kong, the right to privacy as stipulated in the ICCPR was incorporated into law before the handover by way of the Hong Kong Bill of Rights Ordinance (Cap 383, 1991). Actually, Article 14 in this document, stipulating the protection of privacy, family, home, correspondence, honour and reputation, is simply a replica of the above quoted Article 17 of the ICCPR. Since the handover of Hong Kong, the right to privacy has acquired a constitutional status by virtue of Article 39 of the Basic Law of the Hong Kong and this has been compounded by the subsequent case law as well. Suffice to say that a constitutional framework of privacy law is already in place in Hong Kong.
Personal records have been with us for as long as the written word has, but computerisation of them has become widespread only since the second half of the twentieth century. This development has revolutionised personal record-keeping, because of the ease of storing, retrieving, combining and transferring data. On the one hand, technology has significantly enhanced the quality of human life, but on the other public concern has arisen about the privacy implications of the resulting large-scale dissemination of personal data. This situation has called for increased lawmaking on information privacy.
Hong Kong has taken the lead in the field of data protection. In 1995, the Personal Data (Privacy) Ordinance (Cap 486) was adopted to implement information privacy protection. The introduction of this law has imposed security safeguards on the keeping of personal data by a “data user” and granted the individual (as “data subject”) the right to obtain copies of, and correct, personal data which relates to him. Most significantly for Hong Kong, the Office of the Privacy Commissioner for Personal Data, an independent statutory body, was set up to oversee the enforcement of the Ordinance in 1996.
Since the enactment of the law and the establishment of the Office of the Privacy Commissioner for Personal Data, Hong Kong has made great achievements in the protection of the right to privacy in general, and of personal data (privacy) in particular. The Hong Kong experience deserves praise along with wider dissemination and recognition.
From a law professor’s perspective, the primary purpose of printing this book, Personal Data (Privacy) Law in Hong Kong: A Practical Guide on Compliance, is three-fold: firstly, to provide an easy reference to legal professionals, governmental officials, and corporate staff, who are the major data users; secondly, to provide the general public with quick and direct access to the personal data (privacy) law of Hong Kong; and thirdly, to disseminate Hong Kong’s experience to a wider international audience through international publication distribution channels.
City University of Hong Kong Press is proud to be part of this significant enterprise. Personally, I am honored to be invited to co-edit this important work. For this, I am particularly grateful to Mr. Stephen Kai-yi WONG, the Privacy Commissioner for Personal Data, for his kind and friendly invitation, and also to his dedicated colleagues whose professionalism and efficiency has greatly impressed me. Last but not least, I wish to record my sincere thanks to my colleagues from the Press and in particular, to Edmund CHAN and Joanna PIERCE. I cherish this experience of collaboration between the two institutions very much.
圖書試讀
用戶評價
评分
我是一名在香港工作的颱灣律師,主要從事商業訴訟和閤規谘詢。在為客戶提供法律服務時,我經常會遇到涉及個人資料保護的問題。香港的《個人資料(私隱)條例》是我的工作重點之一。我發現,很多颱灣企業在進入香港市場時,對香港的PDPO缺乏足夠的瞭解,導緻在閤規方麵存在很多問題。例如,有些企業在收集客戶的個人資料時,沒有明確告知客戶收集的目的和使用方式,或者沒有獲得客戶的明確同意。有些企業在處理個人資料時,沒有采取足夠的數據安全措施,導緻個人資料泄露。這些行為都可能違反香港的PDPO,並麵臨法律風險。為瞭幫助颱灣企業避免這些風險,我經常會舉辦一些法律講座和培訓課程,嚮他們介紹香港的PDPO,並提供閤規建議。我發現,颱灣企業普遍對香港PDPO的“六項原則”比較陌生,這六項原則是香港PDPO的核心內容,包括收集目的的明確性、資料的準確性、資料的保密性、資料的使用限製、資料的保存期限和資料的訪問權。我建議颱灣企業在進入香港市場之前,務必認真學習這六項原則,並將其融入到企業的日常運營中。此外,我還建議颱灣企業聘請專業的法律顧問,定期進行閤規審查,及時發現和解決潛在的法律風險。總而言之,香港的個人資料保護法律是一個復雜而重要的領域,對於颱灣企業來說,瞭解和遵守香港的PDPO至關重要。
评分身為一名在颱灣的法律係學生,我最近在研究比較不同地區的隱私法,香港的個人資料保護條例自然是重點之一。坦白說,一開始我以為香港的法規會和颱灣的非常相似,畢竟地理位置近,文化背景也相近。但深入研究後,我發現兩者之間存在著微妙但重要的差異。香港的PDPO更強調“自律”,鼓勵企業通過製定內部政策和程序來保護個人資料,而不是完全依賴政府的強製執行。這種自律的方式,在一定程度上體現瞭香港自由經濟的理念。然而,這種自律也存在一定的局限性,因為並非所有企業都會主動遵守相關規定。此外,香港的PDPO在“直接營銷”方麵也有一些特殊的規定,例如,企業在嚮客戶發送營銷信息之前,必須獲得客戶的明確同意,並且提供客戶選擇退訂的機製。這些規定對於颱灣的營銷人員來說,可能需要重新調整策略。我特彆感興趣的是香港的“數據轉移”規定,香港允許將個人資料轉移到其他國傢或地區,但前提是這些國傢或地區必須提供與香港同等的個人資料保護水平。這對於颱灣企業來說,意味著在嚮香港齣口個人資料時,需要確保颱灣的個人資料保護法符閤香港的要求。總而言之,香港的個人資料保護條例是一個值得深入研究的法律體係,它不僅可以幫助我們瞭解香港的法律環境,還可以為我們完善颱灣的個人資料保護法提供藉鑒。
评分作為一名長期關注科技倫理的媒體工作者,我一直對不同國傢和地區的個人資料保護法律保持著高度的關注。香港的《個人資料(私隱)條例》在我看來,是一個兼具實用性和前瞻性的法律體係。它不僅充分藉鑒瞭國際上的先進經驗,例如歐盟的GDPR,而且結閤瞭香港的實際情況,製定瞭一係列具有針對性的規定。我特彆欣賞香港PDPO對“數據可攜性”的規定,允許個人要求企業將自己的個人資料轉移到其他企業,這對於促進市場競爭和保護消費者權益具有重要意義。然而,香港PDPO也存在一些不足之處,例如,對“算法透明度”的關注不夠,沒有明確要求企業公開算法的運作機製,這可能會導緻算法歧視等問題。此外,香港PDPO的執行力度也需要加強,目前PCP的處罰力度相對較輕,難以對違規行為形成有效的震懾。我曾經采訪過一位香港的隱私保護專傢,他告訴我,香港PDPO的修訂已經提上議程,未來可能會對算法透明度、數據可攜性等方麵進行進一步的完善。我認為,香港PDPO的修訂是一個積極的信號,它錶明香港政府正在認真對待個人資料保護問題,並努力構建一個更加安全、透明和公正的數字環境。對於颱灣來說,香港PDPO的經驗和教訓都具有重要的參考價值,我們可以藉鑒香港PDPO的優點,並避免其不足之處,從而完善颱灣的個人資料保護法。
评分我是一傢小型科技新創公司的創始人,我們最近開始拓展香港市場。在進入香港之前,我花瞭很多時間研究當地的法律法規,其中最讓我頭疼的就是個人資料保護問題。我發現香港的PDPO對“個人資料”的定義非常廣泛,幾乎涵蓋瞭所有能識彆個人的信息,這讓我感到有些措手不及。更讓我擔心的是,香港的PDPO對“數據安全”的要求非常高,要求企業采取各種技術和組織措施來保護個人資料,防止未經授權的訪問、使用、披露、復製、修改或銷毀。作為一傢小型公司,我們並沒有足夠的資源來建立一個完善的數據安全體係。為瞭解決這個問題,我谘詢瞭一傢專業的法律顧問公司,他們建議我們采取一些切實可行的措施,例如,對員工進行數據安全培訓,定期進行安全漏洞掃描,使用加密技術保護敏感數據等等。此外,我們還製定瞭一份詳細的隱私政策,明確告知客戶我們如何收集、使用、保存和保護他們的個人資料。在實際操作中,我們發現香港的PDPO對“同意”的要求非常嚴格,要求企業在收集個人資料之前,必須獲得客戶的明確同意,並且告知客戶收集的目的、使用方式和保存期限。這對於我們來說,是一個很大的挑戰,因為我們經常需要收集客戶的個人資料纔能提供服務。但是,我們最終還是通過一些巧妙的設計,例如,在注冊頁麵上添加一個明確的同意條款,並在服務條款中詳細說明我們的隱私政策,成功地獲得瞭客戶的同意。
评分香港的個人資料(隱私)法,對於颱灣的我們來說,一直是個既熟悉又陌生的領域。熟悉是因為兩地在法律體係上都有共通之處,畢竟都深受英美法律的影響;陌生則在於香港的《個人資料(私隱)條例》(PDPO)在具體實施和解釋上,與颱灣的《個人資料保護法》存在不少差異。我從事跨境電商已經五年,經常需要處理來自香港的客戶資料,一開始真的摸不著頭腦,生怕一不小心就觸犯瞭當地的法律。後來,我開始有意識地去瞭解香港的PDPO,發現它對“個人資料”的定義比颱灣更廣泛,涵蓋瞭所有能識彆個人的信息,即使這些信息本身看似無害。而且,香港的PDPO強調“資料使用者”的責任,要求企業在收集、使用、保存個人資料時,必須遵循六項原則,包括收集目的的明確性、資料的準確性、資料的保密性等等。這些原則看似簡單,但實際操作起來卻有很多細節需要注意。例如,在收集客戶的信用卡信息時,必須確保數據傳輸的安全性,並告知客戶信息將被用於何處。另外,香港的PDPO還設立瞭私隱專員公署(PCP),負責監督和執行PDPO,PCP的權力相當大,可以對違規行為進行調查和處罰。所以,對於經常與香港市場打交道的颱灣企業來說,瞭解香港的個人資料保護法律至關重要,否則很容易陷入法律風險。
相關圖書
本站所有內容均為互聯網搜尋引擎提供的公開搜索信息,本站不存儲任何數據與內容,任何內容與數據均與本站無關,如有需要請聯繫相關搜索引擎包括但不限於百度,google,bing,sogou 等
© 2025 ttbooks.qciss.net All Rights Reserved. 小特书站 版權所有