personal data privacy and the internet by stephen lau privacy commissioner for personal data, hong...
TRANSCRIPT
Personal Data Privacy and The InternetPersonal Data Privacy and The Internetby
Stephen LauPrivacy Commissioner for Personal Data, Hong Kong SAR
at theJoint Conference of the OECD, HCOPIL, ICC
“Building Trust in the Online Environment:Business to Consumer Dispute Resolution”
The Crowne Plaza Promenade HotelThe Hague, The Netherlands
11 - 12 December 2000
1
Electronic CommerceElectronic Commerce
Consumer TRUST & CONFIDENCE
Identity of suppliers ?Integrity of information ?Electronic contract ?Payment reliability ?Errors/frauds ?DATA PRIVACY ?
2
Forrester Research, October 1999, USForrester Research, October 1999, US
• 90% of online consumers want to have control over how their personal data is used once it has been collected
• two out of three people say that they have reservations about giving out personal information online
• consumers who have moderate privacy concerns spend 21% less online than those who have less than moderate concerns
3
4
2000 Community Opinion Survey Importance of social policy issues in Hong Kong .
8.75
7.58 7.407.37 7.25
6.44
7.647.95
6.80
7.467.63
8.42
6.66
8.30
6.797.26
7.638.108.21
0
1
2
3
4
5
6
7
8
9
10
air pollution unemployment privacy food hygiene health services care for theelderly
sexdiscrimination
Mea
n va
lue
of re
spon
ses
1997
1998
1999
2000
0 = not important at all10 = very important
5
The basic premise isThe basic premise is
“What is illegal off-line is also illegal on-line”
6
Personal Data (Privacy) OrdinancePersonal Data (Privacy) OrdinanceData Protection PrinciplesData Protection Principles
Principle 1 - Purpose and manner of collection -• this provides for the lawful and fair collection of personal
data and sets out the information a data user must give to a data subject when collecting personal data from the subject.
Principle 2 - Accuracy and duration of retention -• this provides that personal data should be accurate, up-to-
date and kept no longer than necessary.
7
Personal Data (Privacy) OrdinancePersonal Data (Privacy) OrdinanceData Protection PrinciplesData Protection Principles
Principle 3 - Use of personal data -• this provides that unless the data subject gives consent
otherwise personal data should be used for the purposes for which they were collected or a directly related purpose.
Principle 4 - Security of personal data -• this requires appropriate security measures to be applied to
personal data (including data in a form in which access to or processing of the data is not practicable).
8
Personal Data (Privacy) OrdinancePersonal Data (Privacy) OrdinanceData Protection PrinciplesData Protection Principles
Principle 5 - Information to be generally available -• this provides for openness by data users about the kinds of
personal data they hold and the main purposes for which personal data are used.
Principle 6 - Access to personal data - • this provides for data subjects to have rights of access to
and correction of their personal data.
9
Data Privacy Issues on InternetData Privacy Issues on Internet• no personal information collection (PIC) statement with on-
line data collection by websites• no display of data privacy policy statement with websites• data collection without consent (e-mail address, cookies,
etc.)• unfair collection (e.g. from children)• interception of data during transmission• use of data different from original purpose of collection• security of data held in websites• spamming• identity theft
10
Sample Survey of Hong Kong - Sample Survey of Hong Kong - Based Web SitesBased Web Sites
• Conducted between July to October 1998• Visited 531 sites from both public and
private sectors
11
ObjectivesObjectives• To assess the extent to which Hong Kong-based web sites
are operated in a manner that meets:
- the requirements of the Personal Data (Privacy) Ordinance
- standards of good and reasonable personal information handling
12
Provision of Personal Information Provision of Personal Information Collection (PIC) StatementCollection (PIC) Statement
339 sites had personal data collection forms
231 forms(68.1%)
108 forms(31.9%)
With PICStatement
WithoutPICStatement
13
Provision of Privacy Policy StatementProvision of Privacy Policy Statement
Only 21 sites had Privacy Policy Statements
318 sites(93.8%)
21 sites(6.2%)
WithPrivacyPolicyStatement
WithoutPrivacyPolicyStatement
14
Results of Compliance Check ExerciseResults of Compliance Check Exercise• 59 sites (25%) of 236 sites which have online personal data
collection form displayed a PPS
1999 Results
75%without
PPS
25%with PPS
1998 Results6.2%
with PPS
93.8%without
PPS
15
Results of Compliance Check ExerciseResults of Compliance Check Exercise• 220 sites (93%) of the 236 sites which have online personal
data collection forms displayed a PICS• Formal investigations being carried out into 16 sites (7%)
1999 Results
93%
7%
With PICS
Without PICS
236 sites have online personal data collection forms
1998 Results
68%
32%
WithPICSWithoutPICS
339 sites had online personal data collection forms
16
Guidelines on the Protection ofGuidelines on the Protection ofPersonal Data Privacy on the InternetPersonal Data Privacy on the Internet
• “Internet Surfing with Privacy in Mind” - A Guide for Individual Net users
• “Personal Data Privacy and the Internet” - A Guide for Data Users
• “Preparing On-line - Personal Information Collection Statements and Privacy Policy Statements”
17
Launching in 2001
A Series on “E-Privacy”
18
Privacy Commissioner for Personal DataPrivacy Commissioner for Personal DataHong KongHong Kong
Website: http://www.pco.org.hkHotline: (852) 2827 2827
`19