Honourable Guests, Ladies and Gentlemen, In April 1995, the Personal Data (Privacy) Bill was introduced into the Legislative Council.

Similar documents
Hong Kong Personal Data Protection Regulatory Framework From Compliance to Accountability

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

March 27, The Information Technology Industry Council (ITI) appreciates this opportunity

The 26 th APEC Economic Leaders Meeting

Session 1, Part 2: Emerging issues in e-commerce Australian experiences of privacy and consumer protection regulation

24 May Committee Secretariat Justice Committee Parliament Buildings Wellington. Dear Justice Select Committee member,

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: Safeguarding Policy Data Protection Policy

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: T:Drive. Safeguarding Policy Data Protection Policy

Public Sector Future Scenarios

Robert Bond Partner, Commercial/IP/IT

Statement by Ms. Shamika N. Sirimanne Director Division on Technology and Logistics and Head CSTD Secretariat

12 April Fifth World Congress for Freedom of Scientific research. Speech by. Giovanni Buttarelli

Technology Platforms: champions to leverage knowledge for growth

E Distr. LIMITED E/ESCWA/TDD/2017/IG.1/6 31 January 2017 ENGLISH ORIGINAL: ARABIC

What does the revision of the OECD Privacy Guidelines mean for businesses?

Committee on the Internal Market and Consumer Protection. of the Committee on the Internal Market and Consumer Protection

APEC Internet and Digital Economy Roadmap

Seminar on Consultation on. Review of the Personal Data (Privacy) Ordinance. Why the review is being conducted and what this means to you

Pan-Canadian Trust Framework Overview

Second APEC Ministers' Conference on Regional Science & Technology Cooperation (Seoul, Korea, Nov 13-14, 1996) JOINT COMMUNIQUÉ

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

The Fourth Industrial Revolution in Major Countries and Its Implications of Korea: U.S., Germany and Japan Cases

Japan s FinTech Vision

Framework Programme 7

Comments from CEN CENELEC on COM(2010) 245 of 19 May 2010 on "A Digital Agenda for Europe"

Directions in Auditing & Assurance: Challenges and Opportunities Clarified ISAs

Commonwealth Data Forum. Giovanni Buttarelli

2018/TEL58/PLEN/002 Agenda Item: 1. Opening Remarks. Purpose: Information Submitted by: TEL Chair

Global Standards Symposium. Security, privacy and trust in standardisation. ICDPPC Chair John Edwards. 24 October 2016

Children s rights in the digital environment: Challenges, tensions and opportunities

CONSENT IN THE TIME OF BIG DATA. Richard Austin February 1, 2017

Privacy. New technologies, same responsibilities. Carole Fleeman Office of the Victorian Privacy Commissioner

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION

Big Data & AI Governance: The Laws and Ethics

Does your company know about IP rights and use them effectively to achieve business growth and protection?

Malcolm Crompton. Future trends in consumer credit and privacy. Cockle Bay Wharf Sydney

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

Karmenu Vella. 8th edition of the Monaco Blue Initiative event on "Ocean management and conservation", in Monaco

Self regulation applied to interactive games : success and challenges

Discussion Paper on the EBA s approach to financial technology (FinTech) Public hearing, 4 October 2017

School of Informatics Director of Commercialisation and Industry Engagement

About the Office of the Australian Information Commissioner

FOODINTEGRITY Ensuring the Integrity of the European food chain

EFRAG s Draft letter to the European Commission regarding endorsement of Definition of Material (Amendments to IAS 1 and IAS 8)

Submission to the Productivity Commission inquiry into Intellectual Property Arrangements

The 21 st APEC Small and Medium Enterprises Ministerial Meeting Joint Ministerial Statement. Nanjing, China September 5, 2014

What is Digital Literacy and Why is it Important?

ICO submission to the inquiry of the House of Lords Select Committee on Communications - The Internet : To Regulate or not to Regulate?

Digital Economy, Telecommunication and AI Network Policy in Japan

RBI Working Group report on FinTech: Key themes

A Research and Innovation Agenda for a global Europe: Priorities and Opportunities for the 9 th Framework Programme

CAPACITIES. 7FRDP Specific Programme ECTRI INPUT. 14 June REPORT ECTRI number

Doing, supporting and using public health research. The Public Health England strategy for research, development and innovation

Regulatory Challenges and Opportunities in the new ICT Ecosystem. Mario Maniewicz

UNITED NATIONS EDUCATIONAL, SCIENTIFIC AND CULTURAL ORGANIZATION

15890/14 MVG/cb 1 DG G 3 C

Ten Principles for a Revised US Privacy Framework

REPORT OF DIRECTOR OF CITY OPERATIONS AGENDA ITEM: 7 PORTFOLIO: TRANSPORT, PLANNING & SUSTAINABILITY (COUNCILLOR RAMESH PATEL)

FP7 ICT Work Programme

COMMISSION OF THE EUROPEAN COMMUNITIES

Global Trade and Personal Data Flows Are the Rules of Engagement Incompatible with Privacy?

Hamburg, 25 March nd International Science 2.0 Conference Keynote. (does not represent an official point of view of the EC)

Dear Secretary of State Parreira, Dear President Aires-Barros, Dear ALLEA delegates, esteemed faculty of today s workshop,

An ecosystem to accelerate the uptake of innovation in materials technology

Technology Trends for Government

Disruption. The INDIAECM DELL EMC UNVEILS VXBLOCK SYSTEM /06

IPEG Convenor Report to CTI

Taking Joint Technology Initiatives forward a vital partner for innovation and growth

eco Report: M2M Future Trends 2015

Whatever Happened to the. Fair Information Practices?

IoT governance roadmap

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

Share Information Resources To Bridge the Digital Divide

Copyright: Conference website: Date deposited:

Legal Aspects of Identity Management and Trust Services

Media Literacy Policy

Joint Declaration of Intent. of the Ministry of Economy, Trade and Industry of Japan, the Ministry of Internal Affairs and Communications of Japan

WSIS+10 REVIEW: NON-PAPER 1

Intergovernmental Group of Experts on E-Commerce and the Digital Economy First session. 4-6 October 2017 Geneva. Statement by SINGAPORE

Conclusions concerning various issues related to the development of the European Research Area

Distinguished guests Ladies and gentlemen Swasdee krub,

Encouraging Economic Growth in the Digital Age A POLICY CHECKLIST FOR THE GLOBAL DIGITAL ECONOMY

7656/18 CF/MI/nj 1 DG G 3 C

MOSTI-APCTT Fourth Industrial Revolution Conference 2018

ICC POSITION ON LEGITIMATE INTERESTS

Personal Data Protection Competency Framework for School Students. Intended to help Educators

ITI Comment Submission to USTR Negotiating Objectives for a U.S.-Japan Trade Agreement

EU businesses go digital: Opportunities, outcomes and uptake

Effective Societal engagement in Horizon 2020

Outdoing Huxley: Forging a high level of data protection for Europe in the brave new digital world

NEMO POLICY STATEMENT

Spring Conference of European Data Protection Authorities (Budapest, May 2016)

UNIVERSAL SERVICE PRINCIPLES IN E-COMMUNICATIONS

Internet 2020: The Next Billion Users

ISACA Privacy Principles and Program Management Guide. Yves LE ROUX CISM, CISSP ISACA Privacy TF Chairman. Insert Date Here

OECD-ASEAN Business Statement

PROGRAM CONCEPT NOTE Theme: Identity Ecosystems for Service Delivery

STOA Workshop State of the art Machine Translation - Current challenges and future opportunities 3 December Report

ACTIVITY REPORT OF THE NATIONAL INDUSTRIAL COMPETITIVENESS COMMISSION PRAMONĖ 4.0 OF 2017

Transcription:

The 20th Anniversary of the Establishment of the PCPD Reception Welcome Address Mr Stephen Kai-yi Wong Privacy Commissioner for Personal Data, Hong Kong 9 September 2016, City University of Hong Kong Honourable Guests, Ladies and Gentlemen, In April 1995, the Personal Data (Privacy) Bill was introduced into the Legislative Council. Many thanks to Mr. Mark Parsons, who accounted for the development of our law in details at the Symposium this morning. Let me try to summarise what the position then was. Members of the LegCo were then briefed that the Bill, based on the recommendation of the Law Reform Commission (LRC), proposed a new law of general application to protect privacy with respect to personal data based on internationally recognized data protection principles. These principles provided for the fair collection, use, holding and disclosure of personal data, and for the subject of personal data to have rights of access and correction. It was also recognised that there were competing interests to personal data privacy, such as the prevention and detection of crime and freedom of the press, calling for a variety of narrowly defined exemptions. 1

To oversee enforcement of the law, it was recommended that an independent regulatory body with suitable powers of inspection and investigation be set up. The LRC attributed the need for the protection of personal data in Hong Kong to the pressing international trade considerations and the developing trend in that countries or places lacking laws incorporating the internationally agreed data protection principles would be denied general access to personal data held by those with such laws, as specifically envisaged by the European Communities Commission draft Directive scheduled for implementation in 1996. The inadequacy of the then existing statutory protection of information privacy being scattered and incidental in nature was also identified. It was against this background that: A piece of comprehensive, holistic and stand-alone legislation was enacted in 1995 and put in force in 1996 The Personal Data (Privacy) Ordinance; and An authority with powers of enforcement covering both the public and private sectors but independent of the Government was established in 1996 The Privacy Commissioner for Personal Data. Over the last 20 years, we in Hong Kong have seen the evolution of the protection of this fundamental right of personal data privacy protection and the transformation of the privacy landscape in line with the global one. 20 years ago, people in Hong Kong generally did not have much knowledge about privacy, let alone understanding their 2

rights. They were concerned about whether and why they should provide their names, addresses and identity card numbers when they filled in a form. Today, they are concerned that their personal data stored in one device is being shared, misused or disclosed even though they simply agree or accept, or give their consent unmeaningfully, without reading or thinking through, an overly long and legalistic data collection or privacy statement provided by a data user or processor. 20 years ago, we tried to understand what the Internet of Information and Digital Data were all about. Today, a person in the streets of Causeway Bay would have to start to learn what the impact of Internet of Things, Big Data, Augmented Reality, Virtual Reality, Ransom Ware and Artificial Intelligence would be on his daily life. 20 years ago, enterprises and organisations, commercial ones in particular, took protecting or respecting data they collected as an onerous liability and no more than a compliance job undertaken by a member of their general staff. Today, they begin to accept that data protection and respect is an asset and would lead to secure trust and reputation, hence should be undertaken as part of corporate governance and committed by the top management. With rapid ICT development and booming of e-social networking, e-commerce, e-banking, e-payment, fintech, and even e-election engineering nowadays, it would not be 3

exaggerating when one says data privacy becomes part and parcel of one s daily life. It will do nobody s justice if I try to account for the impact of the ICT developments on data privacy or summarise what my office has or has not done over the last 20 years this evening, suffice to say that awareness of data protection has increased, expectation of the data subjects or individuals has changed, attitude and methodologies of data users or organisations have up-shifted in a data driven economy and a smart city like Hong Kong. This afternoon at the Symposium Professor Bacon-Shone gave us a comprehensive analysis of what the changes have been over the last 20 years or so. I am going to give you some of the findings helpfully revealed by the Baseline Survey of Public Attitudes on Privacy and Data Protection 2015 (the Survey) conducted by him. These findings may help remind you of what members of the public now have in their social agenda: The public, probably including you and me, often sacrifice privacy for the sake of convenience; Not many people are concerned about providing details of occupation or full date of birth, but not in the case of providing HKID card number or personal income; There is a growing expectation that immediate notification of data leakage be given to the individuals concerned, the media and my office; 4

Many people are aware that an instant messaging app accesses all contact information on their smartphones and a significant proportion think the law should stop this; and Many people are wary that their personal data is shared even with their knowledge or consent, but when asked whether they would be willing to pay HK$20 per month for email services without advertising, most people say no. In relation to the work of my office, let me give you some empirical data of what the changes are, as enshrined in our latest annual report published today: During the report period (i.e. the year from April 2015 ending March 2016), over 20,000 enquiries and complaints were received, representing an annual increase of 15%, and a 50% increase compared to the 1997-98 figures. During the year, a record high of 104 data leakage incidents reported to my office involved the personal data of more than 854,000 individuals in Hong Kong, as compared with 66 incidents involving 77,409 individual in 2014-15. These incidents included loss of documents or devices, inadvertent disclosure by electronic means or post, system failure, malware attack and hacking. My office also carried out a new annual record of 286 compliance checks last year, registering a 26% year-onyear increase, and was up nearly three-fold since 1997. 5

After the revised provisions on direct marketing had taken effect on 1 April 2013, the first four conviction cases were determined in the Magistrates Courts last year. So as you can see, my office and our work have transformed and matured over the last 20 years, so has the world of privacy issues. New information and communication technologies are generating potent and novel contribution to the community at large, trade and commerce included, but at the same time generating the risks to personal data protection as well. Increasing work load is obvious, although it seems unlikely that our resources will grow at the same rate or at the same pace. Challenges you may sympathetically agree. But quantitative pressure is not really the issue, the crux is a qualitative one the enduring complexity of the matters and the ever growing expectation of the stakeholders. One of the challenges that we as a regulator have to meet nowadays is where data collected, and sensory ability, cognition and robotics etc. are enabled by Cloud and settled by Blockchain in the midst of merger and acquisition of multinational corporations, how we could help unlock and share the data within the existing protection framework, with a view to maximizing the benefits of data in a sustainable way, but minimising risks and harms, creating healthy synergy with 6

economic growth, identifying and securing the innovative use of data in this data driven economy. I am privileged that I have a team of most competent and dedicated members of the two advisory committees and colleagues in my office, with whom I join hands in embracing these new challenges, or in our view, opportunities rather. What we intend to do in the days to come include: A fair, not merely legal, enforcement of our law will remain a priority of our work. Certainly that is not the only effective means to protect data privacy. We will reallocate more resources to the education and promotion of data privacy protection within the confines of the law and regulatory framework. We will promote privacy statement transparency and data literacy, amongst the SMEs, the young and the elderly in particular. We will continue to advocate a paradigm shift through a privacy management programme by which the law and good practices could be entrenched, and compliance transforms to accountability alongside the commitment of the top management in corporate governance. We will also keep abreast with the global personal data privacy development, especially the new EU General Data Protection Regulation upon which our Ordinance was 7

partially modelled 20 years ago. We will seek to play a constructive role in the international arena relating to personal data privacy, including organisations like APEC Cross-border Privacy Enforcement Arrangement, and Asia Pacific Privacy Authority and Global Privacy Enforcement Network. We believe personal data privacy should not be a barrier to innovation and trade. To enable unlocking and sharing data legitimately, my job is necessarily to seek to, in the interest of all stakeholders, balance data protection off against the free flow of information, which is one of the irreplaceable attributes of Hong Kong widely acclaimed as the most suitable location for setting up data centres in the Asia Pacific region, as well as the freest economy in the world. We will continue to engage all stakeholders with a view not only to protecting one s personal data privacy, but also fostering a culture of respecting the others. Ladies and gentlemen, please also allow me to seize this special occasion to announce that the 39th International Conference of Data Protection and Privacy Commissioners will be hosted in Hong Kong again next year, from 25 29 September 2017. Last hosted in Hong Kong in 1999, the Conference has been the premium global forum for 110 data protection authorities, professionals and representatives of the related trade and industries around the world, attracting 700-800 participants each year. The year 2017 is also special for us in Hong Kong as we will be celebrating the 20th anniversary of establishment of the Hong 8

Kong Special Administrative Region of the People s Republic of China. So mark your diary and join us next year! Finally, and this is most important, I would like to register my gratitude to all of you present here tonight, not merely for your gracing this special occasion, but also for your tolerance for our not doing what we should have done, and for your staunch support over the last two decades for what we sought to do. Thank you very much indeed! End 9

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback