Private Sector Uses of 'Public Domain' Personal Data in Asia: What's Public May Still Be Private
(2014) 127 Privacy Laws & Business International Report, 13-15
5 Pages Posted: 19 May 2014 Last revised: 25 Jun 2014
Date Written: February 1, 2014
Some data privacy laws, particularly those outside Europe, have very wide exemptions from their data privacy legislation for personal data which is 'publicly available' in some way. Such information is often conveniently, but erroneously, called 'public domain' data. However, in Asian jurisdictions these exemptions vary a great deal in their scope. More important, in some jurisdictions, there are no such exemptions at all. This variation poses a considerable risk to any businesses or NGOs that intend to re-use personal data that is somehow 'publicly available' from one or more Asian jurisdictions.
These dangers were most clearly illustrated by a business that was in effect forced to close because Hong Kong's Personal Data (Privacy) Ordinance has no explicit exemption for publicly available information. The 'Do No Evil' app for mobile devices collated publicly available litigation, bankruptcy and company directors' data. Hong Kong's Privacy Commissioner found it in breach of the Ordinance.
As well as analysing this decision, this article considers 'Where else in Asia can you Do No Evil?', outlining the position of publicly available information under data privacy laws in other Asian jurisdictions.
It concludes that in many Asian jurisdictions, data users cannot regard information extracted from public registers as simply being in 'the public domain' and able to be used for any purpose. When personal data is involved, a more complex set of considerations come into play in order to protect data subjects against uncontrolled use of their personal data in ways that may harm them.
Keywords: Asia, Hong Kong, privacy, data protection, publicly available information, freedom of speech
Suggested Citation: Suggested Citation