In Hong Kong, the fallout from the Octopus data privacy scandal continued to linger through the end of 2010, as the Office of the Privacy Commissioner released its report on the incident as well as a set of proposals for amendments to the Personal Data (Privacy) Ordinance. This was followed shortly thereafter by a government report on the extensive public consultation on the review of the Personal Data (Privacy) Ordinance, or PDPO.
While the Privacy Commissioner's report neither shed any new light on the incident, nor actually called out any specific breach of the ordinance by Octopus (apart from a perhaps excessive collection of data), the government report on the other hand, at almost 200 pages long, proved a interesting reading. Covering both proposals for the ordinance that will be taken forward for further review as well as those that will not, it provided members of the Hong Kong Legislative Council (Legco) with some great ammunition for the lengthy debates that took place in public and behind closed doors through November and December. And there are clearly many views from the various political parties and from those members that occupy the functional constituency seats (like insurance for example) that could be impacted by any proposed changes.
Outside of Legco, it is clear that Allan Chiang, the recently appointed privacy commissioner for Personal Data, is on a mission to shake off the lame-duck image that his office has carried for many years, and is in favour of more draconian legislation with a push to 100 percent opt-in for data collection and elevated criminal and prosecutorial powers for his office. It must be said that it is admirable that someone has at last taken on the post with a strong vision and conviction; however his agenda seems to be driven by political desire rather than a true interest in making our already world-class ordinance work as it was intended – by not only protecting the right of the consumer to choose, but also protecting the rights of businesses to prosper in the free economic environment that Hong Kong is so proud of.
I am a firm believer that legislation is most definitely an important part of the overall solution to protecting personal data and consumer privacy; however it is not the entire solution. Those marketers that are belligerent in their abuse of the rights of consumers will continue to be so with or without more stringent regulations in place, and so enforcement of the existing legislation is just as important as looking to expand relevant legislation.
The existing ordinance that was drafted back in 1996 through consultation with industry associations, coupled with an adherence to globally accepted best practices around data privacy and, most importantly, a wide-reaching consumer education programme, is the best solution for not only protecting the consumers' right to choose, but also providing businesses, particularly in the SME sector, the right to do business in Hong Kong.
However, having sat through a number of Legco sessions where the pros and cons of opt-in vs. opt-out and increased legislation were debated, it is my own personal view that the one item that has been left off of the table is that of responsibility – who is ultimately responsible for data privacy?
As a board member of both the Hong Kong Direct Marketing Association and the Asia Digital Marketing Association I see clients and service providers everyday going above and beyond the letter of the law to ensure that the rights of the consumer are protected and that any activities that fall under the scope of the Personal Data (Privacy) Ordinance or the Unsolicited Electronic Message Ordinance are fully compliant. It is what legitimate businesses and marketers that care about customer relationships actually do. If they did not, their businesses would suffer.
However, what I don't see are consumers taking the same level of care and attention when they are signing up to reward programmes in super markets and department stores, or for credit cards along the elevated walkways of Central. Show them a free gift, or the prospect of cash back coupons for Park n' Shop or Wellcome and your everyday Hong Kong consumers will give you all the personal and financial data you want on themselves and their nearest and dearest and sign on the dotted line without a second look at the terms and conditions that accompany their signatures.
For the most part, the organisations that they enter into these agreements with are legitimate businesses, and there are no issues. They are relationships built around notice, transparency, and choice, with the consumer always enjoying the right to choose or to opt out. But it is unscrupulous organisations and marketers amongst us that collect data surreptitiously or use data for purposes other than for which it was collected that ultimately give us all a bad name.
Without a doubt, the consumer must play a pivotal role in the success of Hong Kong's PDPO and with it they must also take responsibility for their own data privacy. The problem is that most consumers could not even tell you where to get a copy of the ordinance from, let alone tell you what rights and obligations they have!
So clearly what Hong Kong needs is not more legislation and regulation, but a comprehensive and long-term awareness and education programme on data privacy. And for that I call on the government of the HKSAR, the Office of the Privacy Commissioner, and you the marketers and agencies to put the consumer front and centre and to work in partnership to ensure that our current legislation actually works for those that it is meant to protect – consumers and businesses alike; because ultimately we are all responsible.
Meet Your Favorite ClickZ Contributors
Many of ClickZ's leading expert contributors will be at ClickZ Live, the new online and digital marketing event kicking off in New York (March 31-April 3). Hear from the likes of: Jeremy Hull, Lisa Raehsler, Andrew Goodman, Bryan Eisenberg, Mathew Sweezey, Aaron Kahlow, Stephanie Miller, Simms Jenkins, Jeanne S. Jennings, Dave Hendricks and more!
Dominic Powers is the Senior Vice President and Managing Director of International Operations for Epsilon International - the international operating unit of Epsilon, a leading multi-channel marketing services company with a wide range of strategic data-driven solutions that provide a 360-degree view and interaction with customers. Based in Hong Kong, Dominic is responsible for leading the day-to-day operations of the business throughout the region, including offices in Australia, China, India, Japan, and Singapore. He joined DoubleClick in November 2002 as regional director of sales, responsible for new business generation across the region, and became part of the Epsilon Senior Leadership team through the 2005 acquisition of DoubleClick Email Solutions. From 1999 to 2002 he was a member of the senior management team of Chinadotcom’s Mezzo Marketing – formerly 24/7 Media Asia. His responsibilities included the strategic development and implementation of the email marketing and data business throughout the region, as well as the research of privacy legislation and its impact on marketing methodologies and technologies in Asia Pacific. Prior to Chinadotcom Corporation, Dominic was with The Economist Group in Hong Kong. In the early 90s he worked in publishing and event management, developing industrial road shows for the governments of emerging markets. A graduate of Modern Chinese from the University of Leeds in the UK, and Tianjin Normal University in the People’s Republic of China, he has lived, studied, and worked in various locations across Asia Pacific since 1995. He is currently a Board Member of the Hong Kong Direct Marketing Association (HKDMA), The China Direct Marketing Association, and the Asia Digital Marketing Association (ADMA) and a regular presenter and commentator on data-driven marketing and privacy issues throughout the region.
March 19, 2014