IV. Privacy on the Internet

Some people may have the view that privacy on the Internet is more of an IT issue than a legal issue. In practice, it is a combination of the two. The following questions and answers are given with reference to the PCPD’s publication: “Internet Surfing with Privacy in Mind – A Guide for Individual Net Users” .

More leaflets are available on the PCPD’s website which correspond to the rapid advancing Internet applications and services:

1. Are you asked to provide your personal data on-line?

If yes, you should do the following before you press the “submit” button to provide your personal data via an on-line form, or send an e-mail containing your personal data.

Look for identity details of the web site. It is possible that a site appears to be at an electronic address that does not belong to it. Visit the “About the Organization” page and check the organization’s identity details such as its name, physical location, and contact telephone/fax number. An organization may be considered as using unfair means to collect personal data if it does not disclose its identity (in which case it might have contravened Data Protection Principle 1 ).

Look for the site’s privacy policy notice. It is safer to know what the site’s personal data handling policy is before you provide them with your own. The Ordinance requires that organizations in Hong Kong should be open about their policy and practices with respect to the handling of personal data ( Data Protection Principle 5 ).

Search for an on-line notification of a Personal Information Collection (PIC) statement. The PIC statement is a means by which the site should inform you:

  1. how your data are to be used;
  2. to what other parties they may transfer your data;
  3. your right to request a copy of your personal data and correct any errors; and
  4. who should be contacted for such requests.

Under the Ordinance, organizations in Hong Kong must provide this information at or before the time they collect personal data from you.

2. Have you set your Internet browser to ask you before accepting a “cookie”?

Cookies are small files that can be stored in your computer when you visit a web page. When you visit a web site, the server of that site may request a unique ID from your Internet browser. If your browser does not have an ID, that server will deliver one to your computer and this is the process of “passing a cookie”. Sometimes when you visit a web site, you may be asked to fill in a form providing information such as your name and interests, and such information may also be stored in cookies. The host of that web site may then use cookies to track your behaviour and interests.

To enhance the degree of security of your browser, you may consider setting an option in your browser to ask your permission to accept a cookie each time one is presented. You may also use “anonymous cookies” software. You can search the Internet using the word “cookies” to find software that can keep your computer clear of cookies or make your cookies files ineffective for access. This would help to reduce your loss of privacy.

3. Are you annoyed about direct marketing e-mails addressed to you?

Under section 34 of the Ordinance, a company in Hong Kong that makes a direct marketing approach to you has an obligation to offer you an “opt-out” opportunity not to receive further marketing information from it. This gives you the right to request the sender to stop sending marketing e-mails to you.

You should also take precautions to avoid receiving unsolicited advertising e-mails. To reduce the chances of making yourself a marketing target, you should avoid registering with free e-mail services or e-mail directory services. If you use a “signature file” (note) in your e-mail correspondence , you should be careful not to provide unnecessary details about yourself in the signature file which may expose you as a marketing target.

(Note: A signature file is small text file that can be automatically attached to the end of e-mail messages. It may include the sender’s name, job title, company name, phone/fax number, etc.)