GPDP’s coordinator Vasco Fong (center)
The Office for Personal Data Protection (GPDP) launched a total of 194 probes into data privacy violations last year, representing a 37.6 percent growth year-on-year, according to the bureau’s annual report published yesterday.
A total of 63.4 percent of the GPDP’s investigations focused on potential reasons for illegally processing personal data. 26.8 percent of the cases featured a breach of data processing principles.
GPDP said that 74.2 percent of their investigations were launched after complaints had been filed over possible violations of data privacy.
Private entities topped the list of investigation targets, accounting for 59.6 percent of the probes launched last year. GPDP said that these included gaming operators, retailers, personal services and telecommunication sectors.
GPDP handled a total of 291 cases over the past year, 97 of which rolled over from the previous year. The office finalized 143 probes, and applied penalties to 16.8 percent of cases. Furthermore, it provided suggestions for improvements to entities involved in the 37.1 percent of completed probes.
In its 2014 report, GPDP provided an insight into cases that it has investigated. These featured mainly illegal promotional mobile messages issued by apps or online shops.
Among the investigated cases, GPDP applied a MOP8,000 fine to a store for installing CCTV systems in the fitting rooms. In another case, GPDP applied a MOP4,000 fine to a bank that had sent several promotional emails to a client who had previously filed a complaint. A similar case was reported involving promotional mobile messages issued by a local health center. This time, however, the GPDP decided to discard the case after learning that the complainant was indeed a patient of the health center, and the messages sent had not breached any privacy laws.
Among the shelved cases is one of a kindergarten that was requested by a statistics institute to fill in questionnaires, providing information including names and salaries of employees. The kindergarten filed a complaint, in which it claimed that the institute had been asking for excessive personal data. GPDP found that the institute did not breach Macau’s data protection law, although it acknowledged that the questionnaires could be improved upon.
Meanwhile, in another case, GPDP applied a MOP12,000 fine to a store that had published the personal data of a potential client on its website. The client did not go through with an online order, having not paid for the product as he/she decided not go through with the purchase. In addition to releasing personal data of the client, the store also published a file titled “Apology Requested,” to release data of other clients who had also given up on their orders.
GPDP’s coordinator, Vasco Fong, said that the office acknowledges how crucial the relationship between new technologies and data privacy is. He also recalled that there are flaws and controversies surrounding personal data processing, entailing greater challenges for data protection authorities. CP
No Comments