5 June 1998
Information Technology & Broadcasting Bureau
26/F, Wanchai Tower
12 Harbour Road
Wanchai, Hong Kong
Dear Sir,
The 1998 Review of Fixed Telecommunications
Please find below the comments of this Office in response to the consultation paper of above-title dated 30 April 1998 ("the consultation paper").
There are two main areas of concern in relation to personal data privacy with respect to the provision of telecommunication service. These are : firstly, the interception of communications; and secondly, the protection of customer information. Our views on legislative reform in relation to the former issue have been expressed to the Secretary for Security who is taking the leading role on this matter.
The relevance of our second area of interest, the protection of customer information, to the consultation paper derives from the fact that the operation of market forces in a competitive environment will tend to put pressure on market players to find new and innovative ways of gaining an edge over their competitors, including innovative uses of customer information. The more open and competitive that market is, the greater this pressure will tend to be.
We are pleased to note that this Office enjoys a good understanding and close working relationship with the Office of the Telecommunication Authority ("OFTA"). As a result, we have together arrived at satisfactory conclusions on a number of issues of concern that have arisen in relation to the use of customer information by telecommunication service providers, including the introduction of Caller Number Display ("CND") and taking of steps to prevent the possible production of "reverse" telephone directories for commercial use.
So far, we have not encountered any resistance from telecommunication licencees ("the licensees") to the approaches to such issues agreed between ourselves and OFTA. Their future co-operation should, however, not be taken for granted. To the extent that the customer information they collect, hold, process or use amounts to personal data, they are of course subject to the requirements of the Personal Data (Privacy) Ordinance ("the Ordinance") in relation to such information. However, the core requirements of the Ordinance in the data protection principles in Schedule 1 are somewhat broad and open to interpretation. Accordingly, the confidentiality requirements in the relevant licences, e.g. SC 12 in the PTNS licence, are a very useful supplementary means of protecting the privacy interests of individual customers.
Given that the pressure to use customer information in innovative ways is likely to increase, we suggest that consideration be given to strengthening the said requirements. In particular, it is noted that S.C. 12 of PTNS licence requires that customer information should be used only for the provision of the licensee's service. However, there is room for argument as to what this might include. Accordingly, we suggest that consideration be given to making express provision in the licences for the TA to be able, in consultation with the Privacy Commissioner in relation to the personal data involved :
We suggest that such provisions should be included in licences for the provision of telecommunications services as and when such licences are issued or revised. In this regard, we note from paragraphs 27, 32 and 33 of the consultation paper that there are various proposals to issue a new licence and revise existing ones. These could provide opportunities for introducing such a change.
We have no objection to our comments being quoted with appropriate attribution in any document arising from the consultation paper. Any queries concerning the comments should be addressed to the undersigned.
Yours sincerely,
( Robin McLeish )
for Privacy Commissioner
for Personal Data
c.c. SHA (Attn: Mr Ng Hon-wah)