PCPD Issues Guidance on Protecting Personal Data Privacy in the Use of Social Media and Instant Messaging Apps 

The use of social media and instant messaging apps is very much part of everyday life for Hong Kong people. However, the use of social media and instant messaging apps carries inherent yet non-negligible risks to users’ privacy in relation to personal data. In this regard, the PCPD issued the “Guidance on Protecting Personal Data Privacy in the Use of Social Media and Instant Messaging Apps” (Guidance) on 5 April 2021, which provides the public with some practical advice to mitigate the privacy risks involved in the use of social media.

The Guidance points out that the use of social media and instant messaging apps (collectively, “social media”) is not really “free” because users’ personal data is usually monetised upon registration or in the course of user activities. Users of social media often unwittingly reveal more information than they anticipate, and most materials shared online can leave a perpetual digital footprint that is hard to remove. Information shared online can also be misused by third parties, and provides the materials for identity thefts, cyberbullying or doxxing.

Here are some tips for users of social media:

• Take steps to understand how social media platforms handle personal data by examining the privacy policies. Whenever there are any changes in the privacy policies, the users should clearly understand the relevant changes before they accept the changes.
• Regularly review the privacy settings to retain control over what information and how widely information will be disclosed.
• Limit the permissions granted to social media platforms on how the personal data, such as facial images and location data, can be used.
• Think twice before sharing or sending any information on social media.
• Respect other people’s privacy and be cautious about tagging other people in photos or sharing information about other people.
• Be vigilant about online scams, such as malicious hyperlinks that request the users to “log-in” or provide personal data.

For more detailed advice on how to protect your personal data privacy in the use of social media and a “Step-by-Step Guide on Adjusting Privacy Settings”, check out the Guidance at the PCPD website.

"Use of Social Media and Instant Messaging Apps — A Personal Data Privacy Perspective " — Privacy Commissioner's Article Contribution in Hong Kong Lawyer  

Privacy Commissioner Ms Ada CHUNG Lai-ling contributed an article to Hong Kong Lawyer (April 2021 issue). The article looked at some of the risks to personal data privacy posed by the use of social media and the precautions that users may take to help mitigate the risks.

“Social Media Users Must Realise 'Free' Apps Have a Price” — Privacy Commissioner's Article in South China Morning Post  

Privacy Commissioner Ms Ada CHUNG Lai-ling contributed an op-ed article to South China Morning Post. She reminded the readers that while most social media platforms are free, users need to recognise that they are almost invariably giving up their personal data in exchange for using the service.

PRIVACY 101

Was my personal data on Facebook leaked?

Over the reported data breach incident relating to the users of the social media platform Facebook, the PCPD has commenced a compliance check.

After that, the PCPD noted that Facebook has provided an online contact form in its Help Centre for users to submit enquiries relating to the incident. Users may, among others, raise the following questions with Facebook:

• Was my information scraped?
• How do I delete my phone number from my Facebook account?
• How do I contact Facebook with an enquiry [regarding the incident]?

You may make enquiries with Facebook via the online contact form if you are concerned that your personal data have been leaked. You may also make enquiries/ complaints to the PCPD (telephone: 2827 2827; email: communications@pcpd.org.hk).

TECH TALK

Protecting your personal data when using Wi-Fi

Wi-Fi is ubiquitous in our daily lives. Yet it also presents risks to data security, as unencrypted Wi-Fi connection allows others in the same Wi-Fi network to intercept your communication. Fake Wi-Fi hotspots can be set up easily by malicious actors to steal your personal data.

Here are some tips to enhance the security of your own Wi-Fi connection to protect your personal data:

• Adapt up-to-date security protocol such as WPA3 or WPA2 to encrypt the data in transit and safeguard against other attacks;
• Set strong passwords for the Wi-Fi networks and change the passwords regularly; do not use the default login names and passwords of the Wi-Fi routers;
• Update the firmware of the Wi-Fi routers in a timely manner;
• Review the devices connected to the Wi-Fi networks regularly to identify and remove suspicious devices.

As public Wi-Fi is generally less secure than private one, avoid using public Wi-Fi if possible. Use the hotspot sharing function of mobile phones instead if internet connection is needed for other devices in public places. If using public Wi-Fi is inevitable, consider the precautions below to improve your personal data security:

• Check to ensure the authenticity of the public Wi-Fi;
• Turn off Wi-Fi service when it is not in use;
• “Forget” public Wi-Fi after use to avoid future automatic connection;
• Use a Virtual Private Network (VPN) to prevent hackers from reading or accessing any data by creating a privacy network through encrypting traffic between the mobile devices and the internet;
• Use a Secure Sockets Layer (https://) when accessing websites so that sensitive information such as e-banking accounts, emails and social networking accounts etc. could be encrypted without being intercepted;
• Ensure that mobile phones or other portable devices are protected by firewall and anti-malware software;
• Apply available software updates to mobile or other portable devices to address security vulnerabilities;
• Avoid transmitting sensitive personal data via public Wi-Fi.

WHAT'S ON

"Guardian．Privacy．25 Years" – PCPD 25th Anniversary Iconic Tramcar  

Have you seen the PCPD 25^th Anniversary tramcar on the street? From 27 March to 20 April 2021, a tramcar wrapped up with our 25^th anniversary-themed energetic images and the stylish logo of the inaugural Privacy- Friendly Awards which concluded successfully on 4 March was running up and down the tramway track in prime business and shopping areas on Hong Kong Island.

MTR Panels Featuring Awardees of Privacy Friendly Awards 2021

To showcase the achievements of the award-winning organisations of the Privacy Friendly Awards 2021, PCPD has placed lightbox panels in MTR stations from 27 March to 24 April 2021 featuring awardees receiving the recognition in the prize-presentation ceremony. Congratulations again to the award-winning organisations!

Privacy Commissioner Delivered Presentation on “Safe and Secure – Using Instant Messaging and Social Media Apps Properly”  

Privacy Commissioner Ms Ada CHUNG Lai-ling delivered a presentation on “Safe and Secure – Using instant messaging and social media apps properly” at a webinar held by the Federation of Hong Kong Industries on 31 March 2021. The presentation covered the public attitudes on the use of instant messaging and social media apps, and how organisations and the public can strengthen the protection of personal data privacy in the use of social media.

“Data Privacy Issues relating to COVID-19 Contact Tracing Apps” — Privacy Commissioner's Article in OneTrust DataGuidance 

Privacy Commissioner Ms Ada CHUNG Lai-ling published an article on the online international research platform OneTrust DataGuidance. In the article, the Privacy Commissioner examined the international trends and privacy best practices in the use of COVID-19 contact tracing apps. She also pointed out that the privacy design of “LeaveHomeSafe” is in line with the least privacy intrusive design advocated internationally by data protection authorities.

Global Privacy Assembly Published International Principles on the Use of Health Data for Travel Purposes During COVID-19 Pandemic 

The Executive Committee of the Global Privacy Assembly (GPA), of which the PCPD is a member, issued a Joint Statement urging governments and other organisations responsible for processing health data for the purposes of international travel during COVID-19 pandemic to consider and pay due regard to a set of common global data protection principles and practice advocated in the Joint Statement.

Adoption of Privacy Management Programme Included in the Newly Published Guide for Independent Non-Executive Directors 

The adoption of Privacy Management Programme (PMP) by companies has been included in the Guide for Independent Non-Executive Directors (the Guide) newly published by the Hong Kong Institute of Directors. Companies are encouraged to put in place PMP as one of the drivers for the adoption of “Environmental, Social and Governance” (ESG) management.

PCPD Websites Received “Gold Award” in the Web Accessibility Recognition Scheme 2020-2021 

The PCPD’s websites have been awarded “Gold Award” in the Web Accessibility Recognition Scheme 2020-2021, which is organised by the Hong Kong Internet Registration Corporation Limited and the Office of the Government Chief Information Officer. The thematic website “Be SMART Online” was also awarded “Triple Gold Award”, after having received the Gold Award for three consecutive years.

Webinar on the Protection of Personal Data Privacy in the Use of Information and Communications Technology (9 April) 

On 9 April 2021, PCPD organised a webinar on the “Protection of Personal Data Privacy in the Use of Information and Communications Technology” to provide practical advice on how to protect personal data privacy in the use of information and communications technology.

For more on this topic, check out the PCPD’s “Guidance for Data Users on the Collection and Use of Personal Data through the Internet”:

CHINA CORNER

Introduction to the Civil Code of China (《民法典》)

In this April issue of the PCPD e-Newsletter, this new column, ‘China Corner’, has made its first appearance. The debut article is a brief introduction to the Civil Code of China (《民法典》), which came into operation on 1 January 2021 and provides for protection of privacy rights and personal information.

RECOMMENDED ONLINE TRAINING

Free Online Seminar: Introduction to the Personal Data (Privacy) Ordinance

Check out our FREE public online seminars to deepen your understanding of the Ordinance.

Date: 20 April 2021 (Tue)

Time: 3:00pm - 4:30pm

Language: Cantonese

Key Takeaways:

• A general introduction to the PDPO
• The six Data Protection Principles
• Offences & compensation
• Direct marketing
• Q & A session

Online Professional Workshop on Data Protection in Insurance

This workshop is designed for insurance practitioners who wish to acquire the knowledge to protect customers’ personal data in providing insurance services to the public. The course will highlight the key features of "Guidance on the Proper Handling of Customers’ Personal Data for the Insurance Industry" and privacy issues specific to insurance institutions and insurance practitioners.

Date: 5 May 2021 (Wednesday)

Time: 2:15pm - 5:15pm

Fee: $750/$600*

(*Members of the Data Protection Officers' Club and the supporting organisations may enjoy the discounted fee)

Language: Cantonese

Who should attend: Insurance practitioners, data protection officers, compliance officers, solicitors, advisers and other personnel undertaking work relating to the insurance industry

Course outline:

• An overview of the data protection provisions
• Recent topical issues on data privacy
• Liabilities of insurance companies and insurance practitioners
• Useful pointers on Personal Information Collection Statement
• Collection of customers’ medical data
• Collection of Hong Kong identity card number and copy
• Engagement of private investigators in insurance claims
• Retention of customers’ personal data
• Use of customers’ data for internal training
• Security of customers’ personal data handled by staff and agents
• Handling of data access requests from customers
• Data Ethics

Online Practical Workshop on Data Ethics

This workshop aims to help organisations understand the data ethics stewardship management value and models, and how to implement data ethics in their daily operations. Ethical use of personal data can improve business reputation and enhance stakeholders’ confidence, thus enabling organisations to fully reap the benefits of the data-driven economy.

Date: 18 May 2021 (Tuesday)

Time: 2:15pm - 3:45pm

Fee: $375/$300*

(*Members of the Data Protection Officers' Club and the supporting organisations may enjoy the discounted fee)

Language: Cantonese

Who should attend: Data protection officers, compliance professionals, company secretaries, solicitors, executives from business and public sectors, and those who are interested in keeping abreast of the data protection trend and best practices

Course outline:

• Why data ethics is important in the digital era
• PCPD’s Ethical Accountability Framework
  • Data stewardship values
  • Guiding principles and organisatioal policies and procedures
  • When and how to conduct Ethical Data Impact Assessment
  • How to assess the effectiveness of an oganisation’s data stewardship programme　
  • The Process Oversight Model
• Global development on data ethics
• Scenario group exercise

Contact Us

Address: Room 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong

Tel: 2827 2827

If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
 

Copyright

Disclaimer

The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.

The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.

If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.