protecting consumers and competition international ... · eu general data protection regulation...
TRANSCRIPT
![Page 1: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/1.jpg)
Stephen Kai-yi Wong, Barrister Privacy Commissioner for Personal Data, Hong Kong, China
66th ABA Section of Antitrust Law Spring Meeting Wednesday, April 11, 2018
Protecting Consumers and Competition – International Emerging Technologies
Engineering Privacy Through Accountability
![Page 2: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/2.jpg)
2
Presentation Outline
Privacy Risks and Challenges in the ICT Age
Hong Kong Personal Data (Privacy) Ordinance
Accountability
1
2
3
![Page 3: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/3.jpg)
Privacy Risks and Challenges in the ICT Age 1
3
![Page 4: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/4.jpg)
Privacy Risks and Challenges
4
![Page 5: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/5.jpg)
Ubiquitous and Covert Data Collection
✘ Data Minimisation
✘Adequate Notification Erodes Individuals’ Control Over Data
5
✘ Data Transparency
![Page 6: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/6.jpg)
Unpredictable Analytics
6
✘ Notice & Consent
✘ Purpose & Use Limitations
![Page 7: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/7.jpg)
✘ Distinction between Personal Data & Non-Personal Data
Re-identification
7
Profiling
![Page 8: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/8.jpg)
8
Inaccurate Inferences and Predictions
![Page 9: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/9.jpg)
Hong Kong Personal Data (Privacy) Ordinance 2
9
![Page 10: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/10.jpg)
Definition of “Personal Data”
Phone Number Email Address
IP Address
10
Whether an individual is identified or identifiable should not come into play
![Page 11: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/11.jpg)
Meaning of “Collect”: Eastweek Publisher Limited & Another v
Privacy Commissioner for Personal Data (CACV 331/1999)
11
![Page 12: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/12.jpg)
Privacy Protection and Profiling
12
![Page 13: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/13.jpg)
Accountability 3
13
![Page 14: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/14.jpg)
Responsibility-based framework
encapsulating principles Built-in policies,
procedures, controls,
oversights & review
mechanisms
Data controllers/ processors to take appropriate steps
to safeguard personal data and prevent harm to
data subjects
E.g. appoint data protection
officers, privacy impact
assessment, privacy by design
Accountability
14
![Page 15: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/15.jpg)
Why Accountability?
Regulator Company
15
![Page 16: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/16.jpg)
Mechanics of Accountability
Voluntary/Self-Regulatory or
Mandatory Accountability?
Education Incentivise
16
![Page 17: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/17.jpg)
Hong Kong – Privacy Management Programme (PMP)
Launched in 2014
Encourages organisations to embrace personal data privacy
protection as part of their corporate governance responsibilities
To apply as a top-down business imperative throughout the
organisation
To put in place appropriate policies and procedures that
enhance data protection
17
![Page 18: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/18.jpg)
EU General Data Protection Regulation (GDPR)
demonstrate compliance with principles of processing personal data [Art 5]
implement technical and organisational measures to ensure compliance [Art 24]
adopt data protection by design and by default [Art 25]
conduct data protection impact assessment for high-risk processing [Art 35]
(for certain types of organisations) designate Data Protection Officers [Art 37]
18
Risk-based approach to accountability
Data controllers are required to:
![Page 19: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/19.jpg)
Data Ethics and Trust
19
Data
Ethical Obligations
• No Surprise to Consumers • No Harm to Consumers
![Page 20: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/20.jpg)
Culture
Compliance
Accountability
Trust/ Ethics/ Respect
Engaging
Incentivising
The Way Forward
20
![Page 21: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/21.jpg)
21
![Page 22: Protecting Consumers and Competition International ... · EU General Data Protection Regulation (GDPR) demonstrate compliance with principles of processing personal data [Art 5] implement](https://reader043.vdocuments.net/reader043/viewer/2022022016/5b71838f7f8b9a0c418b6b6a/html5/page/22.jpg)
22