Clear the fog away from fine-print agreements

PUBLISHED : Friday, 22 October, 2010, 12:00am
UPDATED : Friday, 22 October, 2010, 12:00am

The troubled Octopus Card's tentacles have entangled the entire direct marketing industry. Following the scandal over the sale of personal details of more than a million Octopus clients to business partners, the government proposes making such abuse of privacy a criminal offence and holding businesses more accountable for use of consumers' data.

A maximum fine of HK$1 million and up to five years' jail for unauthorised sale of private information, plus a maximum fine of HK$500,000 and up to three years' jail for breaching rules of disclosure and consumer consent would certainly provide meaningful deterrents.

It is good that the direct marketing industry broadly welcomes the proposals. But it is a worry that it is not comfortable with the government's views on the need for more transparency in sales and service agreements, and has flagged a campaign to water them down during a public consultation. Heavy penalties make good headlines, but they will have more bark than bite unless disclosure and consent is brought out of the fog of fine print in agreements that consumers sign but rarely spend much time reading.

Officials hailed the proposals as making Hong Kong a front-runner with these consumer laws. The secretary for constitutional and mainland affairs singled out the proposed rules for regulation of the collection and use of personal data. 'Users [of personal data] must reasonably specify the intended marketing activities or the transferee in personal information collection statements,' Stephen Lam Sui-lung said. The issue lies in the meaning of the word 'reasonably'. Direct Marketing Association chairman Eugene Raitt was quick to jump in. He took issue with the Privacy Commissioner's guideline that consumer consent for the use of data for marketing purposes should not be 'bundled' with other terms of a sales or service deal that he or she signs, but be subject to separate consent. 'All the terms should be written on the same agreement,' Raitt said. 'Shouldn't it be the consumers' responsibility to read the terms before signing it?'

The issue is that many people do not. Perhaps that is evidence of trust in good faith, or lack of diligence - or that the forms are so complicated that no reasonable person could be expected to read them. We do not need ever-more involved forms and procedures, we just need to be clear what we are and are not signing away.

Industry fears that an 'opt-in' provision would result in few people agreeing to disclosure of their data for further marketing promotions have been dispelled by the government's insistence on the 'opt-out' alternative - to the dismay of human and consumer rights advocates. Again, this should be as simple a matter as making sure it is clear to consumers by, for example, ensuring the box signifying an opt-out is prominently displayed. Officials have not explained why it is important for the police to continue prosecuting privacy breaches instead of agreeing to the commissioner's request for that power, raising fears he is a toothless tiger.

Much of the digital economy operates on the easy passage of information - at its best we find goods, services and people we want quickly and painlessly. Even Octopus' scheme provided benefits for many consumers, who would be loath to give them up. The question is balance and openness. Without full transparency and a robust discussion and debate about the benefits and pitfalls of the sharing of information, consumers will always find themselves suspecting that they have been given the short end of any deal.