Chapter 11

Data Protection Principle 6(e) to (g) and the

Data Correction Provisions in Part 5

The main questions:

• What is the relationship between a data correction request and a data access

request?

• Who can make and how to make a data correction request?

• How can a data user comply with a data correction request?

• When shall, or may, a data user refuse to comply with a data correction request?

•What steps must a data user take in refusing to comply with a data correction request?

The questions discussed in this Chapter concerning data correction requests, DPP6 and Part 5

of the Ordinance have been selected on the basis of their practical importance in light of the

Commissioner’s own experience. Before reading this Chapter, readers should read paragraphs

1.7 to 1.11 in Chapter 1 —

Introduction, which contain important general information on using

this Book.

The Relationship between a Data Correction Request and a Data Access Request

11.1

Paragraphs (e) to (g) of Data Protection Principle 6 provide for the exercise of the data

subject’s data correction rights as follows:

Principle 6 – access to personal data

A data subject shall be entitled to –

. . .

(e) request the correction of personal data;

(f) be given reasons if a request referred to in paragraph (e) is refused; and

(g) object to a refusal referred to in paragraph (f).

11.2

“Data correction request” is defined in section 2(1) as “a request under section 22(1)”.

Section 22(1) provides as follows:

(1) Subject to subsections (1A) and (2), where –

(a) a copy of personal data has been supplied by a data user in compliance with a