Yang Chongwei
The Office for Personal Data Protection (GPDP) concluded only 187 from the 408 cases handled by the Office in 2017. Of those, only eight cases resulted in sanctions being applied to the offenders, the GPDP coordinator Yang Chongwei said yesterday at a press conference. The presentation aimed to publish last year’s activity report, as well as developments related with the activities of this year’s “Privacy Week,” among other topics.
Yang noted that the office was only able to treat 45.8 percent of cases, although from 2016 to 2017, it registered a drop in all the figures related to solicitations of work to the office, with the most significant figure relating to the number of notifications, which dropped year-on- year to 50.4 percent (599 cases) instead of the 1,207 cases reported in the previous year.
Another figure that also dropped significantly was the one related to “authorization requests,” which fell by 34.3 percent in 2017.
On the topic, Yang explained that both the figures were related to and justified by the same fact: “Back in 2013, we had the applications for the Small and Medium-size Enterprises related to the CCTV [Closed Circuit Television] cameras installation for security purposes, and those authorizations are valid for a period of three years and that is why in 2016 we had so many notifications and authorization requests, since it was the time to renew such licenses,” he said, noting that all the other figures from 2017 have registered “normal” drops between 1.8 and 9 percent. He related these minor drops to the fact that “people are more informed” about the Personal Data Protection Law as a result of information sessions and cooperation with institutions regarding information disclosure.
Questioned by the media as to details on the cases that led to the only eight sanctions from the Office, the coordinator noted that of those, “the majority (five cases) of the offenders were individual people and these cases are related [to] the publication of personal data from third-parties in the internet,” he said, clarifying at a later stage.
“We have been noticing this tendency [of disclosing of private information of social net-
works] due to revenge or bullying reasons.” Yang added that in all the five cases reported, “a person (due to personal reasons) may have revenged or [emotion] had revealed personal data that includes images and or photographs [of other people],” remarking that these cases “having nothing to do with cases of public interests or freedom of expression” that could justify the unveiling of such information, promising that the Office will be alert to this kind of privacy breach.
The Office head further disclosed that from the 217 cases investigated in 2017, a total of 36 cases (16.8 percent) are related to situations involving social networks and the Internet.
Questioned also about the low rate of cases concluded, which was less than half of the number of cases treated, the coordinator of the GPDP said, “we do have [a] lack of Human Resources and a great volume of work. This is not a problem of our office alone but of several [public] services,” he said, adding that “with the current number of staff and the added difficulties, to respond to many different types of treatment of personal data is not an easy task.”
Nevertheless, Yang also remarked that the low rate of conclusion is not only related to the lack of human resources but also with processing aspects, as he noted, “many of the cases are related to administrative infractions and we need to collect evidence and proof of such infractions. This has been a difficulty [for] our services,” he noted.
In the statistic of the cases treated by the GPDP, it is also possible to note that a total of 60 cases (32.1 percent) were closed on account of a lack of evidence.
Regarding the other three cases sanctioned by the Office, one involves a public department and the other two involve private companies.
Questioned as to the case related to the public department, the coordinator also noted that the case has been noticed before and that it is related to a public opinion consultation done by the Transportation Infrastructure Office, which the department assigned to a private company.
When the presentation of the results took place, due to what Yang called a “technical mistake,” some data “had been covered using some color masking which was not sufficient to avoid [being] seen by the public and [it was possible] to identify some respondents,” an infraction considered by the coordinator as “not too serious.” This occurrence was targeted with a fine of an undisclosed amount.
The coordinator noted that all five cases were sanctioned with fines ranging from MOP8,000 to MOP16,000, applied in a case that involved a private company that was using data illegally to perform some form of promotion to the people whose personal data they had allowed others to access.
‘Privacy Week’ to pay close attention to new EU data protection law
This year’s “Privacy Week,” an event organized annually by the Office for Personal Data Protection, will aim to provide information on several topics related to data protection and privacy, with a special focus on the European Union’s (EU) new General Data Protection Regulation (GDPR). The new European regulation will be in force from May 25 this year and will replace the EU’s Data Protection Directive 95/46/EC in order to “harmonize data privacy laws across Europe,” and to “protect and empower all EU citizens data privacy,” as well as to “reshape the way organizations across the region approach data privacy.”
The assistant coordinator of the GPDP, Iao Hin Chit, said that due to the entry into force of the regulation, it will apply not only to EU citizens and companies but also to other regions that have commercial or personal relations with the EU.
The week, which started on May 7 and will run until May 13, includes several activities as well as a clarification session dedicated to Macau companies and entrepreneurs.
On the topic, the coordinator of the GPDP, Yang Chongwei, noted: “The major impact in Macau is that the [local] companies are not based in the EU but have business with EU, being in this way included [in such law] and they might not have a good knowledge about this law.” Yang noted that for this reason the GPDP had partnered with the Macau Trade and Investment Promotion Institute and the Macau Chamber of Commerce in order to provide to local businessmen with the updated information regarding the new and stricter rules from the EU.
As the Coordinator recalled, “In Macau, we also follow the European system of the Data Protection Rules, which is stricter than the American one.”
No Comments