Date: 10 September 2018
Response to Media Enquiry on PCPD’s Compliance Check on the Facebook Incident
Thank you very much for your enquiry. Our consolidated response follows:
-
In the course of our compliance check on the Facebook incident, as part of the ongoing measure to collaborate with overseas data protection authorities over cross-jurisdictional issues, the PCPD had communicated with overseas regulatory authorities. No external legal consultants or firms were engaged in this compliance check.
-
The Privacy Commissioner completed the compliance check based on the information gathered as follows:
-
The compliance check revealed that the data controller of Hong Kong Facebook users is an overseas corporation;
-
There is no evidence showing that Facebook Hong Kong controlled in or from Hong Kong the collection, retention, processing or use of users’ personal data. On this basis, the relevant regulatory provisions in the Ordinance are therefore not applicable as well; and
-
No Facebook account holders in Hong Kong complained to the PCPD that they have been affected. Therefore at this stage, there is no evidence showing that Facebook’s account holders in Hong Kong were involved in the incident.
-
The Privacy Commissioner will continue to act in strict accordance with the functions and powers stipulated by the Ordinance, and at the same time, will continue his efforts in promoting “protect, respect personal data” culture through education and promotion.
-
The office of the Privacy Commissioner for Personal Data, Hong Kong is an independent statutory body set up to oversee the enforcement of the Ordinance. In general, a compliance check is undertaken by his office when the Privacy Commissioner identifies practices in an organisation that appears to be inconsistent with the requirements under the Ordinance.
(The information can be attributed to the Privacy Commissioner for Personal Data, Mr Stephen Kai-yi Wong)