bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

helpersCheckIsPostiesArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

moreOnThisArticles

urlAlias

commentCount

authorLocations

authors

paywallTypes

corrections

sponsorType

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

socialHeadline

headline

flag

firstTopic

glossary

flattenTypeIds

publishedDate

additionalInfoBoxes

images

image

relatedLinks

relatedNewsletters

__typename

createdDate

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

A proposed revision of the privacy law fails to meet public expectations, according to the Privacy Commissioner and a lawmaker. 
The government moved to tighten the law after last year's Octopus Card controversy, when the card firm admitted selling the personal details of more than a million customers to business partners. 
 But the proposed amendment has backed away from an 'opt-in' approach, which would have forbidden the use of personal data without a customer's expressed consent. 
 Instead it has chosen an 'opt-out' approach, where a consumer's consent is taken for granted unless they state their objection, in a mailed letter, within 30 days. 
 In a paper submitted to the bill committee yesterday, the Privacy Commissioner says: 'The current proposal falls short of the strong public expectation revealed in the Octopus incident, and represents a retrograde step in tightening up control over the unauthorised sale of personal data by data users.'
His objection was echoed by Democratic lawmaker James To Kun-sun,  who said many customers do not read all the fine print when they sign a contract. Many people would forget to write the letter forbidding the sale of their personal data.  
 'Many people do not read their contract,' he said. 'If you take advantage of such  unclear consent, is it fair to people?'  
 Further, To said, it could be difficult to track down the company that originally obtained a customer's personal data, and by the time they were found the data might already have been passed to other companies. Customers would receive direct marketing information from those firms for a long time. 
Adeline Wong Ching-man,  the undersecretary for constitutional and mainland affairs, said the opt-out option was favoured by more than half the people that were heard during last year's public consultation. But To said residents had not focused on the opt-in and opt-out issue during the consultation, and most of the opinions submitted were from the direct-marketing sector. 
 Eugene Raitt,  chairman of the Hong Kong Direct Marketing Association,  said having an opt-in option would kill the business.  The industry should not be held responsible, he said, if customers did not read contracts carefully. 'It is our responsibility to provide a proper disclosure and it is a customers' responsibility to read the disclosure,' he said.



Tightening of law on sale of personal data 'falls short'