Gabriela Kennedy delivered a seminar titled, “Data Protection and Direct Marketing Activities” to a watch and optical shop retailer on 10 November 2017.

Gabriela began her presentation with a brief overview of the core concepts and principles of data privacy and protection. She explored the current legal data privacy regime in Hong Kong, including the six data protection principles of the Personal Data (Privacy) Ordinance (PDPO) and discussed the legal responsibilities and risks that are presented when businesses collect, use and retain data from customers, employees or business partners. Gabriela went through the consequences of non-compliance with the PDPO and powers of the Privacy Commissioner, explaining that the scope for criminal enforcement has recently been broadened and the penalties for non-compliance have been increased. Gabriela discussed direct marketing activities, defining what constitutes as direct marketing and what does not. In 2012, Hong Kong introduced the Personal Data (Privacy) (Amendment) Ordinance which strengthens restrictions on the use of personal data for direct marketing purposes, including the provision that prohibits a company’s ability to engage in direct marketing activities without an opt-in consent from the data subject. Gabriela also explained the procedures for selling or transferring personal data for marketing purposes and touched upon issues relating to compliance with a Data Access Request and erasure of personal data. She briefly talked about the growing restrictions on cross-border data transfers and privacy considerations of online behaviour tracking.