Hong Kong is one of the first jurisdictions outside Europe to pass a data protection law [the Personal Data (Privacy) Ordinance (PDPO)]. The PDPO protects identifiable personal data about a living individual, for example, a person's name, address, age, or other more sensitive data like medical and health records. The advancement of technology and the prevalence of online activities have undoubtedly raised a number of issues concerning data protection. Behavioural tracking or the use of 'cookies' is so commonplace and very often data is being collected without the consent or knowledge of the relevant individual. However, such collection of data may not necessarily fall within the ambit of the PDPO if the data in question is not personal data. Even if such data is regarded as personal data, the PDPO may not be providing adequate safeguards for the collection and use of such data This article looks into the scope of the meaning of personal data, the legality of such activities under the direct marketing provisions in the PDPO as well as the role of processors and other third parties in the context of online behavioural tracking.
Scopus Subject Areas