The Hong Kong Privacy Commissioner has issued a document soliciting comments regarding a proposal to require a wide range of data users to submit information about their activities to the Office of the Privacy Commissioner for Personal Data. The proposal would be carried out pursuant to the Hong Kong Privacy Ordinance, which authorizes the Privacy Commissioner to require certain data users to submit data user returns. Under the Ordinance, a “data user return” is a form certain data users must submit to the Privacy Commissioner for purposes of maintaining a data user registration database. A “data user” is defined as “a person who, either alone or jointly or in common with other persons, controls the collection, holding, processing or use of [personal] data” (emphasis added).
If the proposal moves forward, data users could be required to provide information such as the kinds of personal data they control, and the purposes for which the data are used, in their data user return. The proposal would require data users in the public sector and in the banking, telecommunications and insurance industries, and data users with large databases, to prepare and submit data user returns. Assuming the Hong Kong Privacy Commissioner proceeds with the proposal, it is estimated that it would be implemented in 2013. Additional information can be found on the Hong Kong Privacy Commissioner’s website.
In a separate development, a bill to amend the Hong Kong Privacy Ordinance recently was introduced in the Legislative Council of Hong Kong. We will post an update when the final law has been passed.