[1299] Adopted on April 4, 1990 by the Seventh National People's Congress of the People's Republic of China at its Third Session. The authority of the Congress to establish a special administrative region and decide on the systems to be implemented there is given by Arts. 31 and 62 (13) of the Constitutionof the PRC. See Y. Ghai, Hong Kong's New Constitutional Order: The Resumption of Chinese Sovereignty and the Basic Law56 (Hong Kong University Press 1997). Legally, the Basic Law should not be considered as the constitution of Hong Kong, although it may have certain constitutional functions. The relationship between the Chinese central government and the Hong Kong SAR government is not the one between the federal government and a state. Although the Hong Kong SAR is a highly autonomous administrative region of China, it has no independent sovereignty. The power over Hong Kong absolutely belongs to China and the central government delegates certain powers to the Hong Kong SAR through the Basic Law. The powers not delegated to the Hong Kong SAR remain vested with the central government.
[1300] Hong Kong Law Reform Commission, 1994 Report on the Law Relating To The Protection Of Personal Data (1994).
[1301] Personal Data (Privacy) Ordinance, chapter 486, (June 30, 1997). See generally, M. Berthold & R. Wacks, Data Privacy Law in Hong Kong (FT Law & Tax, 1997).
[1302] Personal Data (Privacy) Ordinance, Chap. 486, § 33 (June 30, 1997).
[1303] Id., §§ 30-32. The provisions relating to data-matching subsequently came into force on August 1, 1997.
[1304] Id. § 3.2.
[1305] R. Denny and P. Yung, "Hong Kong" 3, in C. Millard and M. Ford, Data Protection Laws of the World, looseleaf (London: Sweet & Maxwell, 2002), no statutory amendment has been made to this effect.
[1306] Personal Data (Privacy) Ordinance, (Hong Kong), 1996, Chap. 486, § 2, "data".
[1307] Id. § 35.
[1308] Interpretation and General Clauses Ordinance, Chap. 1.
[1309] See J. Holvast et al. The Global Encyclopedia of Data Protection Regulation Hong Kong 4.B (Kluwer 2000).
[1310] 2001 United States State Department. Report on Human Rights Practices in Hong Kong SAR, 2002 http://www.state.gov/www/global/human_rights/hrp_reports_mainhp.html.
[1311] Personal Data (Privacy) Ordinance, (Hong Kong), 1996, c. 486, § 5.
[1312] Data Protection Act 1998(United Kingdom), 1998, c. 29.
[1313] As an example, a notice was issued in 2002 against a former telemarketer who had improperly collected and subsequently used personal information of hotel guests. See Privacy Commissioner for Personal Data, Annual Report 2001-2002, 26-27 (Hong Kong, PCO, 2002).
[1314] Privacy Commissioner for Personal Data, Code of Practice on the Identity Card Number and other Personal Identifiers,(Hong Kong, PCO, 1997).
[1315] Privacy Commissioner for Personal Data, Code of Practice on Consumer Credit Data, (Hong Kong, PCO, 2002). Issued on 27 February 1998, effective as of 27 November 1998; see also Privacy Commissioner for Personal Data, Consultation Paper on Amendments.
[1316] Privacy Commissioner for Personal Data, Code of Practice on Human Resource Management,(Hong Kong, PCO, 2000).
[1317] Press Release, Office of the Privacy Commissioner for Personal Data, New Code Launched for Fixed and Mobile Service Operators to Protection Customer Information (June 17, 2002), http://www.pco.org.hk/english/infocentre/; see also Privacy Commissioner for Personal Data, Code of Practice on Protection of Customer Information for Fixed and Mobile Service Operators, (Hong Kong, PCO, 2002).
[1318] Privacy Commissioner for Personal Data, Code of Practice on Monitoring and Personal Data Privacy at Work, (Hong Kong, PCO, 2002).
[1319] Privacy Commissioner for Personal Data, Consultation Paper on Amendments to the Consumer Credit Data Code(May 25, 2001).
[1320] Privacy Commissioner for Personal Data, Press Release, "Privacy Commissioner Approves Amendments to the Consumer Credit Data Code," February 8, 2002 http://www.pco.org.hk/english/infocentre/press.html.
[1321] Privacy Commissioner for Personal Data, Code of Practice on Consumer Credit Data, (Hong Kong, PCO, 1998), § 3.1.
[1322] Id. §§ 2.2, 2.4-2.5.
[1323] See, e.g. E. Yiu, "Bankruptcies Triple in First Five Months," South China Morning Post, (June 12, 2002), 1; E. Yiu, "WebTrust Seal of Approval still Awaits First Client," South China Morning Post(January 30, 2002), at 2.
[1324] See, e.g. L. Leung, "HKMA Pushes Banks to Share Loan Histories," South China Morning Post, September 21, 2001) at4, Hong Kong's Monetary Authority Urged Banks to Share Data on Consumer Credit to Reduce Default Loans; L. Beckerling, "Sharing Credit Data Offers Benefits all Round, Says HSBC," South China Morning Post, May 21, 2002 at 3, Hong Kong's Biggest Lender Supports Sacrificing Privacy for the Good of Hong Kong; "MAS Bars Visa's New Outsourced Service for Banks," The Straits Times, June 17, 2002, naming Hong Kong as an adoptee of a new "Verified by VISA" which Singapore's Monetary Authority rejected for privacy reasons.
[1325] Privacy Commissioner for Personal Data, Privacy, Security and Transborder Data Flows - Observations from Hong Kong, May 20, 2002 at 5.
[1326] Section 33 would prescribe several conditions for transborder transfer of personal data: "1) reasonable grounds for believing the country has in place a law which is "substantially similar" to Hong Kong's; 2) where 1 is not true, the data subject must give explicit consent to the transfer; 3) alternatively, the data user must have reasonable grounds to believe that the transfer is "for the avoidance or mitigation of adverse action against the data subject," it is not practicable to obtain consent and if it were, the data subject would give it; 4) the data transferred is exempt under the PD(P)O; or 5) the data user has taken all reasonable precautions to ensure the data will not be used in contravention to Hong Kong law."
[1327] Fourth Annual Report by the European Commission on the Hong Kong SAR: Report from the Commission to the Council and the European Parliament, COM (2002) 450 final at 9.
[1328] Data Protection Working Party - Article 29, Fourth Annual Report on the Situation Regarding the Protection of Individuals with regard to the Processing of Personal Data and Privacy in the Community and in Third Countries Covering the Year 1999: Part II, May 17, 2001, 5019/EN/WP 46, 20. The Working Party entered into preliminary discussions on the level of protection in Hong Kong, but has not yet reported back.
[1329] Data Protection Working Party Opinion 7/2001 on the Draft Commission Decision (version August 31, 2001) on Standard Contractual Clauses for the Transfer of Personal Data to Data Processors Established in Third Countries under Article 26(4) of Directive, September 13, 2001, 95/465061/01/EN/Final WP 47, 3, describing the general principle that the data importer is bound by the data exporter's legislation. See also C. Raab et al. Application of a Methodology Designed to Assess the Adequacy of the Level of Protection of Individuals with regard to Processing Personal Data: Test of the Method on Several Categories of Transfer: Final Report, European Commission Tender No. XV/97/18/D, 17-22, 57-65, 103-107,142-148,178-181.
[1330] Law Reform Commission, Consultation Paper on Civil Liability for Invasion of Privacy (August 1999) http://www.info.gov.hk/hkreform/reports/index.htm.
[1331] Privacy Commissioner for Personal Data, Draft Code of Practice on Monitoring and Personal Data Privacy at Work, (Hong Kong, PCO, 2002).
[1332] E-mail from Stephen Lau, Privacy Commissioner for Personal Data, Hong-Kong to Sarah Andrews, Research Director, Electronic Privacy Information Center (EPIC), June 11, 2001 (on file with EPIC).
[1333] University of Hong Kong, Social Sciences Research Centre, 2001 Opinion Survey: Personal Data (Privacy) Ordinance: Attitudes and Implementation - Key Findings, 16 (April 2002), the percentage reporting use of the enumerated surveillance types did not appreciate in 2001.
[1334] Id. 17 (April 2002), compared to approximately eighteen percent in 2000.
[1335] C. Buddle, "Keeping Orwell out of the office," South China Morning Post, March 15, 2002, at 18; A. Li and P. Moy, "Unclear code for workplace rejected," South China Morning Post, April 13, 2002, at 6. See also Privacy Commissioner for Personal Data, Draft Code of Practice on Monitoring and Personal Data Privacy at Work, (Hong Kong, PCO, 2002), 22-23: e.g. the draft code differentiates between inbound and outbound e-mail, stating that "monitoring of inbound e-mails can rarely be justified."
[1336] M. Landler, "Fine-tuning for privacy, Hong Kong plans digital ID," New York Times, February 18, 2002, at C1.
[1337] M. Benitez, "ID card contract awarded" South China Morning Post, February 27, 2002.
[1338] C. Yau, Letter to the Editor, South China MorningPost, January 25, 2002, at 13.
[1339] Id.
[1340] A. Lo, "New ID cards may get extra functions" South China Morning Post, April 24, 2002, at 2, quoting Raymond Wong Wai-main, assistant immigration director.
[1341] PCO Press Release, "Privacy Commissioner for Personal Data expresses views on ID Card Scheme," October 20, 2000.
[1342] Landler, supra.
[1343] S. Chung Kai, Cyber Office Legislative Councillor (Information Technology), Cyber 2005 (Issue No. 7), December 14, 2000.
[1344] Security Bureau, Inter-departmental Working Group on Computer Related Crime Report, (Hong Kong, 2000).
[1345] Id. para. 5.14.
[1346] Id. para. 8.22.
[1347] A. Creed, "Hong Kong Mulls Measures To Fight Computer Crime," Newsbytes, July 18, 2001.
[1348] L. Beckerling, "Public Gets Say on Credit Bureau," South China Morning Post, May 4, 2002.
[1349] J. Moir & L. Beckerling, "Privacy Goes Plastic," South China Morning Post, June 13, 2002.
[1350] L. Beckerling, "First Look at Sample Credit Risks Report," South China Morning Post, March 29, 2002.
[1351] See L. Leung, "HKMA Pushes Banks to Share Loan Histories," South China Morning Post, September 21, 2001, at 4; L. Beckerling, "Public Gets Say on Credit Bureau," South China Morning Post,May 4, 2002, at 1; E. Yiu, "Democrats to Consider Proposal for Credit Information Sharing," South China Morning Post, June 24, 2002, at 3, quoting Democratic Party financial affairs spokesman, Sin Chung-kai arguing that banks would only use credit sharing to boost profitability.
[1352] L. Beckerling, "Public Gets Say on Credit Bureau," South China Morning Post,May 4, 2002, at 1, quoting Anna Borzi of HSBC Securities stating "Privacy is over. There are already more things being recorded, coded and monitored than we can poke a stick at. If anybody seriously believes privacy can still be protected they are seriously deluded. That battle has been fought and lost."
[1353] See Privacy Commissioner for Personal Data,Code of Practice on Consumer Credit Data(Hong Kong, PCO, 2002); see also Privacy Commissioner for Personal Data, Consultation Paper on Amendments to the Consumer Credit Data Code,May 25, 2001.
[1354] Sebastian Tong, "Revised Privacy Code Comes Into Effect," The Standard, June 3, 2003.
[1355] When asked for a specific example of the need for video surveillance in Lan Kwai Fong, Deputy Police Commissioner Dick Lee Ming-kwai cited a stampede in 1993 when twenty people were crushed to death on New Year's Eve.
[1356] S. Lau, "Business Backs Push for Video Surveillance," South China Morning Post, February 19, 2002, at 5.
[1357] C. Yeung and R. Ma, "Police Drop Spy Camera Scheme," South China Morning Post,May 14, 2002, at 2.
[1358] S. Lee, "Closed-circuit Television Cameras to Monitor Inmates' Evening Activities," South China Morning Post, May 17, 2002, at 6.
[1359] Niall Fraser and Stella Lee, "Come Clean on Video Surveillance, Prison Chiefs Told," South China Morning Post, November 24, 2002, at 4.
[1360] Carolyn Ong, "Businesses Ban Camera Phones; Fitness Clubs Lead Way in Curbing Use of Mobiles amid Fears over Locker-room Privacy," South China Morning Post, July 8, 2003, at 1.
[1361] S. Schwartz, "Phone Firms Urged to Adopt Pioneering Data Privacy Code," South China Morning Post, June 18, 2002, at 4. The type of data contemplated by the Codeincludes a customer's name, identity document number, residential address, etc., as well as service plan details, usage details, billing details, payment details.
[1362] "Four Hong Kong Government Agencies Issue New Privacy Guidelines for Telecom Industry," BNA Privacy Law Watch, June 21, 2002.
[1363] Privacy Commissioner for Personal Data, Press Release, "New Code Launched for Fixed and Mobile Service Operators to Protection Customer Information," June 17, 2002.
[1364] Privacy Commissioner for Personal Data, Code of Practice on Protection of Customer Information for Fixed and Mobile Service Operators, (Hong Kong, PCO, 2002), 3-4.
[1365] Telecommunications licensees have a license condition which provides that the licensee shall not disclose information of a customer except with the consent of the customer and that the licensee shall not use information provided by its customers or obtained in the course of provision of service to its customers for purposes other than those related to the provision of service by the licensees.
[1366] Telecommunications Ordinance, Chap. 106, § 33.
[1367] Post Office Ordinance, Chap. 98, § 13.
[1368] United States Department of State, Country Report on Human Rights Practices 2001, March 2002, available at http://www.state.gov/g/drl/hrrpt/2001/.
[1369] "Phone tap figures to remain secret," South China Morning Post, October 1, 1998.
[1370] Bill of Rights Ordinance Chap. 383, § 8, art 14, June 30, 1997, http://www.justice.gov.hk.
[1371] Id. § 23.
[1372] Security Bureau, Proposals to Implement Article 23 of the Basic Law, September 2002 http://www.info.gov.hk/sb/eng/23/content.html.
[1373] Ian Buruma, "Real Lives: Watch Out - Extra Government Powers Granted as Security Measures Have a Nasty Habit of Sticking around," The Guardian (UK), November 19, 2002, at 7.
[1374] Human Rights Watch, "Open Letter to Hong Kong Chief Executive C.H. Tung," December 23, 2002 http://www.hrw.org/press/2002/12/hongkong1223.htm.
[1375] Keith Bradsher, "Hong Kong Security Laws Are Softened After Criticism," New York Times, January 29, 2003, at A7.
[1376] Cannix Yau, "Victory for Pressure Groups on Article 23," The Standard, January 29, 2003.
[1377] "The People's Right to Know," South China Morning Post, July 9, 2003, at 13.
[1378] Matthew Saltmarsh & Kelvin Chan, "US, Europe Support Delaying Legislation," South China Morning Post, July 9, 2003, at 2.
[1379] News release, "Hong Kong Security Chief Details Anti-terrorism Efforts," Hong Kong Economic and Trade Office, May 14, 2002 http://www.hongkong.org/press/sf_051402.htm.
[1380] "Hong Kong Official Says Government to Consider Amending Anti-terrorism Bill," RTHK Radio 3 (Hong Kong) by BBC Worldwide Monitoring, June 15, 2002.
[1381] "Chinese Spokeswoman Says Beijing Backs Hong Kong's Anti-terrorism Efforts," Xinhua News Agency, September 26, 2002.
[1382] Verna Yu, "Concerns over Privacy as the Quarantine Measures Kick In; A Legislator Fears that People May Be Discouraged from Attending the Clinics," South China Morning Post, March 31, 2003, at 3.