The use of personal data in direct marketing without the customer’s consent and without fulfilling legal prerequisites has resulted fines issued by the Hong Kong Office of the Privacy Commissioner of Personal Data (“PCPD”). First, the September 9, 2015 conviction of Hong Kong Broadband Network Limited (“HK Broadband”) conveyed a strong message to organisations engaging in direct marketing activities that requests from consumers must be complied with and the use of consumers’ personal data be respected. HK Broadband was convicted of failure to comply with the requirement from a data subject to cease to use his personal data in direct marketing, in violation of section 35G(3) of the Personal Data (Privacy) Ordinance (the Ordinance). The conviction resulted in a fine of HK $30,000 to HK Broadband, which was the first such fine imposed since the Ordinance was amended to allow for fines of up to HK $30,000 (fines had been limited to HK $10,000; as amended, violations may also give rise to a term of imprisonment of up to 3 years). The action arose when an individual complained that although the complainant had opted out receiving direct marketing from HK Broadband – and HK Broadband had acknowledged that opt-out – an HK Broadband employee nonetheless left a voicemail for the complainant that included promotion of services. This conviction underscores the importance of maintaining comprehensive processes, not just to receive individual’s opt-out requests, but also to effectively preclude employee attempts to provide individuals having opted out with direct marketing.
Second, and just five days after the HK Broadband conviction, a storage service provider, Links International Relocation Limited, was fined HK $10,000 for its failure to take specified steps under the Ordinance, including obtaining the customer’s consent before using his personal data for the purposes of direct marketing. Under the law, it is an offence for organizations to fail to take specified action to notify individual consumers before using personal data in direct marketing.
The past few months have seen important appointments in the public sector on privacy. Stephen Kai-yi Wong was appointed the new Privacy Commissioner for Personal Data. Mr. Wong succeeded Allan Yam-wang Chiang, who completed his five-year term on 3 August 2015. In addition, on September 25, the government announced the appointment of two new members and the re-appointment of six incumbent members to the Personal Data (Privacy) Advisory Committee for a term of two years with effect from 1 October 2015.