标题    全文    标题或全文  |   精确查询    模糊查询
标题:
全文:
期刊名称:
全部
作者:
作者单位:
关键词:
期刊年份:
全部
期号:
学科分类:
全部
搜索 清空
PERSONAL DATA PROTECTION IN DIRECT MARKETING PRACTICES IN THE MACAO SAR
属性标签
Yang Chongwei
《China Legal Science》2013年1期
PERSONAL DATA PROTECTION IN DIRECT MARKETING PRACTICES IN THE MACAO SAR

Yang Chongwei

PERSONAL DATA PROTECTION IN DIRECT MARKETING PRACTICES IN THE MACAO SAR
  According to the Federation of European Direct Marketing (FEDMA), Direct Marketing is “The communication by whatever means (including but not limited to mail, fax, telephone, on-line services and so forth) of any advertising or marketing material, which is carried out by the Direct Marketer itself or on its behalf and which is directed to particular individuals”?{1}It is very important for businesses in this modern world, helping them to identify and reach its potential customers directly, reducing the cost and increasing the effectiveness of marketing. With the rapid development in technology, means for direct marketing are increasing, for example, emails, SMS, messages by instant messaging tools, messages by social networking sites, and many others. However, many direct marketing practices involve the use of customers' personal data, processing of which can easily lead to disputes between the marketer and the customers. These disputes were not easily resolved in Macao before the enactment of Personal Data Protection Act (hereinafter “PDPA”). Now, all marketers are obliged to observe and comply with the legal provisions on personal data protection when they use personal data in their direct marketing, and violation of the PDPA may constitute administrative offences or even crimes.

  I. The PERSONAL DATA PROTECTION ACT IN MACAO

  The Personal Data Protection Act (Law 8/2005) in the Macao Special Administrative Region (hereinafter “Macao SAR”)was passed by the Legislative Assembly on August 4, 2005, and was signed by the Chief Executive, Mr. Ho Hau Wah, on August 10, 2005. This Law was later published in the Official Gazette (Boletim Oficial) of Macao SAR on August 22, 2005, and came into effect on February 19, 2006. It establishes the legal system on the processing and protection of personal data. Since then, Macao SAR has entered into a global community with specialized personal data protection regimes.

  The PDPA was proposed by some legislators, utilizing the Personal Data Protection Act in Portugal as a reference, given that Macao was under the Portuguese administration before its handover to the People's Republic of China and establishment of Macao SAR. As Portugal is a member of the European Union, its legal regime of personal data protection is an implementation of the Data Protection Directive (Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data), the PDPA in Macao SAR is therefore strongly related to this EU Directive, which is a leading international legal instrument of vital importance on personal data protection. According to Prof. Greenleaf in 2008. the PDPA in Macao SAR is potentially one of the strongest data protection laws in Asia, having one of the most comprehensive enforcement pyramids of data protection laws in Asia-Pacific.{2}

  “Personal data” is defined as “any information of any type, irrespective of the type of medium involved, including sound and image, relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an indication number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”.{3}the PDPA applies to the processing of personal data wholly or partly by automatic means, and to the processing other than by automatic means of personal data which forms part of manual filing systems or which are intended to form part of manual filing systems.{4}It applies to both public and private sectors.

  In the PDPA, a considerable amount of principles in personal data processing have been defined One of the most important aspects is that personal data may be processed only if the data subject has unambiguously given his consent or if processing is necessary for some reasons defined by this Law, including:{5}

  (1)for the performance of a contract or contracts to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract or a declaration of his will to negotiate;

  (2)for compliance with a legal obligation to which the controller is subject;

  (3)in order to protect the vital interests of the data subject if the latter is physically or legally incapable of giving his consent;

  (4)for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed;

  (5)for pursuing the legitimate interests of the controller or the third party to whom the data are disclosed, except where such interests should be overridden by the interests for fundamental rights, freedoms and guarantees of the data subject.

  The PDPA also defines some rights of the data subject, including the right to information, right of access, and right to object, among others.{6}

  The Office for Personal Data Protection (Gabinete para a Protecga o de Dados Pessoais, or GPDP) was established in 2007, based on the public authority referred in Article 79(3) of the Civil Code and the PDPA, operating independently under the supervision of the Chief Executive. As the public authority of personal data protection, GPDP exercises the powers invested in it to supervise and coordinate the public implementation of and compliance with the PDPA. Its main functions, among others, include handling complaints or reports about personal data protection issues and penalizing administrative offences against the PDPA. It is currently a member of the Asia Pacific Privacy Authorities (APPA) and the Global Privacy Enforcement Network (GPEN) and an observer of the International Conference of Data Protection and Privacy Commissioners.

  II. DEFINITION OF DIRECT MARKETING IN the LEGAL SYSTEM OF MACAO

  Although direct marketing is important for business, there is no direct single definition of this term in Macao's legal systems. This is quite different from Hong Kong, where there is a clear single definition on direct marketing in section 34 of Personal Data Privacy Ordinance, stating that:

  (a)The offering of goods, facilities or services;

  (b)The advertising of the availability of goods, facilities or services; or

  (c)The solicitation of donations or contributions for charitable, cultural, philanthropic, recreational, political or other purposes, by means of-

  (i)information or goods sent to any person by mail, facsimile transmission, electronic wail, or other similar means of communication, where the information or goods are addressed to a specific person or specific persons by means; or

  (ii)telephone calls made to specific persons.

  In the PDPA of Macao, there is only one reference to this term in article 12(2), which is with regard to the right to object:

  The data subject also has the right to object, on request and free of charge, to the processing of personal data relating to him which the controller anticipates being processed for the purposes of direct marketing or any other form of commercial research, or to be informed before personal data are disclosed for the first time to third parties for the purposes of direct marketing or for use on behalf of third parties, and to be expressly offered the right to object free of charge to such disclosure or uses

  However, this does not mean that the regulation on direct marketing in the personal data protection sphere is vague and weak. By contrast, it is believed that this may be a common flexible approach adopted by legislators in the Roman Law system, in which the term can be interpreted according to the most up-to-date situation in reality aimed at the maximum protection of citizens' rights, and the room for interpretation is vested to the Court by law and the supervising authority in their practices.

  Currently, the GPDP is adopting an EU approach, in which the FEDMAs definition is widely adopted, to interpret this term. Therefore, a call from a non-governmental organization (NGO) offering feasibility of counseling services to an individual with great suicidal risk may not be simply considered as a direct marketing call. For ordinary business practices aiming at profit making, the term of direct marketing in Macao seems to be almost the same as that in Hong Kong.

微信“扫一扫”
法信App“扫一扫”
操作提示
对不起,您尚未登录,不能进行此操作!
关联法条X