102 / 192
Commissioner recommends that data subjects should make written opt-out requests to
avoid any miscommunication or misunderstanding, and retain a copy of the written opt-
out request for reference which may be called for in case of a future dispute.
7.85
A data user must, without charge to the data subject, comply with the opt-out request
received from the data subject.
38
Non-compliance is an offence and the data user is
liable upon conviction to a fine up to HK$1,000,000 and imprisonment for five years if
provision of the personal data is for gain and in any other cases, a maximum fine of
HK$500,000 and imprisonment for three years.
39
When a request is received from a data
subject requiring the data user to notify a person to cease using the data subject’s
personal data in direct marketing, the Ordinance requires that the data user must so
notify the person in writing.
40
A person who receives such a written notification must
cease using the personal data in direct marketing in accordance with the notification.
41
7.86
For the purpose of facilitating compliance by the data users of the legal requirements
under part 6A of the Ordinance, as amended, regulating the use and the provision of
personal data in direct marketing, the Commissioner issued New Guidance on Direct
Marketing.
42
Practical advice with examples are given in this guidance note. An
information leaflet, Exercising your Right of Consent to and Opt-Out from Direct
Marketing Activities under the Personal Data (Privacy) Ordinance
43
was also issued by
the Commissioner to assist data subjects in exercising their rights under the Ordinance.
38
Sections 35G(3) and 35L(3).
39
Sections 35G(5) and 35L(6). On 9 September 2015, a telecommunications service provider was convicted, after trial, of
failing to comply with the requirement from a data subject to cease using his personal data in direct marketing, contrary
to section 35G(3), and was fined by the magistrate HK$30,000 (Case No. TWS 6311/2015). In this case, a staff member of
the telecommunications services provider left a voice message through the mobile phone of the customer (who had
already lodged an opt-out request in writing) informing him of the termination of his service contract and at the same
time promoting their services to him. In November 2015, a body check service company was convicted of failure to
comply with an opt-out request of its ex-customer, after pleading guilty to the charge. The company was fined
HK$10,000 (Case No. TMS 10294/2015).
40
Section 35L(4).
41
Section 35L(5).
42
Available on the Website
: https://www.pcpd.org.hk//english/resources_centre/publications/files/GN_DM_e.pdf43
Available on the Website
: https://www.pcpd.org.hk//english/resources_centre/publications/files/opt_out2015_e.pdf