Tightening of law on sale of personal data 'falls short'
A proposed revision of the privacy law fails to meet public expectations, according to the Privacy Commissioner and a lawmaker.
The government moved to tighten the law after last year's Octopus Card controversy, when the card firm admitted selling the personal details of more than a million customers to business partners.
But the proposed amendment has backed away from an 'opt-in' approach, which would have forbidden the use of personal data without a customer's expressed consent.
Instead it has chosen an 'opt-out' approach, where a consumer's consent is taken for granted unless they state their objection, in a mailed letter, within 30 days.
In a paper submitted to the bill committee yesterday, the Privacy Commissioner says: 'The current proposal falls short of the strong public expectation revealed in the Octopus incident, and represents a retrograde step in tightening up control over the unauthorised sale of personal data by data users.'
His objection was echoed by Democratic lawmaker James To Kun-sun, who said many customers do not read all the fine print when they sign a contract. Many people would forget to write the letter forbidding the sale of their personal data.
