The Personal Data (Privacy)
Ordinance and Its Language
Presented by Roderick B Woo
12 October 2013
All copyrights reserved
1
He who is not
acquainted with foreign
languages knows
nothing of his own.”
“
Gothe, Maximen und Reflexionen
2
Hong Kong’s Official Languages
基本法第九條 :
香港特別行政區的行政機關、立法機關和司法機
關，除使用中文外， 還可使用英文， 英文也是
正式語文
Article 9 of the Basic Law :
In addition to the Chinese language, English may
also be used as an official language by the
executive authorities, legislature and judiciary of
the Hong Kong Special Administrative Region
3
《個人資料(私隱) 條例》:
用詞及翻譯
現實:
香港的法例，全是英文草擬， 用中文翻譯。
但,《釋義及通則條例》第10B條文 :
「中文本和英文本同等真確, 解釋條例須以此為依據…..
均推定為具有同等意義….」
因此，將英文翻譯為中文的首要目的是真確同義
擬 以《個人資料(私隱)條例》為例子作討論
4
Chinese language




The most used language in the world because of
China’s vast population
No noticeable increase in number of words
characters) for a long time
(i.e.
Rich vocabulary to describe emotions, human
relationships and livelihood related matters
Less words (than English) to enable fine distinctions
to be made in technical and legal spheres
5
日源外來詞
法律, 法則, 法庭, 權限, 權益, 刑法, 憲法,
絕對, 制裁, 否決, 陪審員, 強制, 取締, 改編,
公立, 組織,自律, 原則, 主義, 主觀, 客觀, 理論,
身分,條件, 公訴, 分配, 具体, 機關, 經濟, 金融,
國際, 拘留, 警察, 資本, 手續, 科目, 內容
6
English language英語
Second comes the English which is the world’s most
popular language
A language of convenience, especially in science,
communication, business, trade and politics
A living language that continues to grow – countless
new words are born every year
80% existing vocabulary are derived from other
languages, mostly Germanic, Latin, Greek, French,
Dutch and Scandinavia.
7
近年英語的認同
Yes, No, OK, TV, CD, VCD, DVD,
Pizza, DNA, CD-ROM, Show,
Sales, Spare, Cool, E-mail, Blog, Daddy,
Mommy, Baby, Out, Log In, Log out,
Hello, Tango, IQ, IT, OL, WhatsApp,
卡拉OK, Disco, Pass, AIDS, SARS etc.
8
是次演講的內容
*
中英雙語化在香港
*
《個人資料（私隱）條例》的簡介
*
法律語文的應用 (legal language)
*
法律語文的翻譯 (legal translation)
9
個人資料 (私隱) 條例的簡介
Personal Data (Privacy) Ordinance,
Cap 486, Laws of Hong Kong (PDPO)
生效及修訂 ;
•
1996年12月20日生效
•
2012年10月1日部分修訂本生效， 餘下
修訂條文於2013年4月1日生效
10
條例旨在保障個人資料(的私隱)



個人資料 :
personal data (of)
屬在世人士的 : a living individual (contained)
資料存在的形式 : in a form in which access to
and processing of the data is practicable
條例並無明言是保障個人私隱
Ordinance does not purport to protect privacy
11
《個人資料(私隱) 條例》
載 有 70 項條文及6 附表
70 sections and 6 schedules. There is a Long
Title (詳題) but no Object provision
Originally “data” was treated as plural and always
followed by “are” or “have.”
In the Amendment Ordinance 2012, “data” is
always singular and followed by “is” and “has”
12
Data (資 料 ) vs Information (資訊)
Information is the interpretation that an observer
applies to the data.
Data becomes information only when it is
communicated, received and understood.
Where data consists of acts or signs which
require any meaning, they remain in that state of
pre-information until they are understood by
another.
13
資料使用者 vs 資料當事人
Data user vs data subject
Data user is he who controls the collection,
holding, processing or use of personal data
Data subject is the living individual who is the
subject of the personal data
14
保障資料六原則 Six DPPs


6 data protection principles (DPPs) form the
basis of the personal data law
All data users must abide by these DPPs
although a contravention of such principles
does not of itself constitute an offence, but
non-compliance of an enforcement notice
(執行通知) which follows a contravention is
an offence
15
保障資料原則
DPP1 : 資料的收集規矩
DPP2 : 資料的準確性及可保留期
DPP3 : 資料的合法使用
DPP4 : 適當地保障資料
DPP5 : 資料的政策及實務應眾所週知
DPP6 : 當事人可提出查閱及更正資料
16
第1原則 (DPP1)
第1原則 ─ 收集個人資料的目的及方式
(1) 除非 ─
(a) 個人資料是為了直接與將會使用該資料的資料
使用者的職能或活動有關的合法目的而收集；
(b) 在符合(c)段的規定下，資料的收集對該目的
是必需的或直接與該目的有關的；及
(c) 就該目的而言，資料屬足夠但不超乎適度，
否則不得收集資料。
(2) 個人資料須以 ─
(a) 合法；及
(b) 在有關個案的所有情況下屬公平的方法收集。
>>>>>>>
17
第1原則 (DPP1 ) （ 續 ）
(3) 凡從或將會從某人收集個人資料，而該人是資料當事人，須採取所有切實可行的步驟，
以
確保 ─
(a) 他在收集該資料之時或之前，以明確或暗喻方式而獲告知
(i) 他有責任提供該資料抑或是可自願提供該資料；及
(ii) (如他有責任提供該資料)他若不提供該資料便會承受的後果；及
(b) 他─
(i) 在該資料被收集之時或之前，獲明確告知─
(A) 該資料將會用於甚麼目的(須一般地或具體地說明該等目的)；及
(B) 該資料可能移轉予甚麼類別的人；及
(ii) 在該資料首次用於它們被收集的目的之時或之前，獲明確告知 ─
(A) 他要求查閱該資料及要求改正該資料的權利；
(B) 處理向有關資料使用者提出的該等要求的個人的姓名(或職銜)及
其地址， 但在以下情況屬例外︰該資料是為了在本條例第VIII部中指
明為個人資料就其而獲豁免而不受第6保障資料原則的條文所管限的
目的而收集，而遵守本款條文相當可能會損害該目的。
18
第2原則 (DPP2)
個人資料的準確性及保留期間 –
(1) 須採取所有切實可行的步驟，以 ─
(a) 確保在顧及有關的個人資料被使用於或會被使用於的目的(包 括任何
直接有關的目的)下，該個人資料是準確的；
(b) 若有合理理由相信在顧及有關的個人資料被使用於或會被使 用於的
目的(包括任何直接有關的目的)下，該個人資料是不準確
時，確保─
(i) 除非該等理由不再適用於該資料(不論是藉着更正該
資料或其他方式)及在此之前，該資料不得使用於該目的；或
(ii) 該資料被刪除；
(c) 在於有關個案的整體情況下知悉以下事項屬切實可行時─
(i) 在指定日當日或之後向第三者披露的個人資料，在顧
及該資 料被使用於或會被使用於的目的(包括任何直接
有關的目的)下，在要項
上是不準確的；及
(ii) 該資料在如此披露時是不準確的，
>>>>>>>>>>>>
19
第2原則 (DPP2) （ 續 ）
確保第三者─
(A) 獲告知該資料是不準確的；及
(B) 獲提供所需詳情，以令他能在顧及該目的下更正該資料。
(2) 須採取所有切實可行的步驟，以確保個人資料的保存時間不超
過將其保存以貫徹該資料被使用於或會被使用於的目的(包括任何
直接有關的目的)所需的時間
(3) 在不局限第(2)款的原則下，如資料使用者聘用(不論是在香港
或香港以外聘用)資料處理者，以代該資料使用者處理個人資料，
該資料使用者須採取合約規範方法或其他方法，以防止轉移予該
資料處理者的個人資料的保存時間超過處理該資料所需的時間。
(4) 在第(3)款中—
資料處理者 (data processor) 指符合以下兩項說明的人—
(a) 代另一人處理個人資料；及
(b) 並不為該人本身目的而處理該資料。
20
第3 原則 (DPP3)
個人資料的使用 –
(1) 如無有關的資料當事人的訂明同意，個人資料不得用於新目的。
(2) 資料當事人的有關人士可在以下條件獲符合的情況下，代該當事人
給予為新目的而使用其個人資料所規定的訂明同意—
(a) 該資料當事人—
(i) 是未成年人；
(ii) 無能力處理本身的事務；或
(iii) 屬《精神健康條例》(第136章)第2條所指的精
神上無行為能力；
(b) 該資料當事人無能力理解該新目的，亦無能力決定是否
給予該項訂明同意；及
(c) 該有關人士有合理理由相信，為該新目的而使用該資料
明顯是符合該資料當事人的利益。
>>>>>>>>>>>>
21
第3原則 (DPP3) （ 續 ）
(3) 即使資料使用者為新目的而使用資料當事人
的個人資料一事，已得到根據第(2)款給予的訂
明同意，除非該資料使用者有合理理由相信，如
此使用該資料明顯是符合該當事人的利益，否則
該資料使用者不得如此使用該資料。
(4) 在本條中—
新目的 (new purpose) 就使用個人資料而
言，
指下列目的以外的任何目的—
(a) 在收集該資料時擬將該資料用於的目的；
或
(b) 直接與(a)段提述的目的有關的目的。
22
第4 原則 (DPP4)
個人資料的保安 –
(1) 須採取所有切實可行的步驟，以確保由資料使用者持有的個人資料(包括採用不能切實
可行 地予以查閱或處理的形式的資料)受保障而不受未獲准許的或意外的查閱、處理、刪除、
喪 失或使用所影響，尤其須考慮─
(a) 該資料的種類及如該等事情發生便能做成的損害；
(b) 儲存該資料的地點；
(c) 儲存該資料的設備所包含(不論是藉自動化方法或其他方法)的保安措施；
(d) 為確保能查閱該資料的人的良好操守、審慎態度及辦事能力而採取的措施；
及
(e) 為確保在保安良好的情況下傳送該資料而採取的措施。
(2) 在不局限第(1)款的原則下，如資料使用者聘用(不論是在香港或香港以外聘用)資料處理
者， 以代該資料使用者處理個人資料，該資料使用者須採取合約規範方法或其他方法，以
防止 轉移予該資料處理者作處理的個人資料未獲准許或意外地被查閱、處理、刪除、喪失
或使用。
(3) 在第(2)款中—
資料處理者 (data processor) 具有第2保障資料原則第(4)款給予該詞的涵義。
23
第5 原則 (DPP5)
資訊須在一般情況下可提供 –
須採取所有切實可行的步驟，以確保任何人─
(a) 能確定資料使用者在個人資料方面的
政策及實務；
(b) 能獲告知資料使用者所持有的個人資
料的種類；
(c) 能獲告知資料使用者持有的個人資料
是為或將會為甚麼主要目的而使用的。
24
第 6 原則 (DPP6)
查閱個人資料 –
資料當事人有權─
(a) 確定資料使用者是否持有他屬其資料當事人的個人資料；
(b) 要求─
(i) 在合理時間內查閱；
(ii) 在支付並非超乎適度的費用(如有的話)下查閱；
(iii) 以合理方式查閱；及
(iv) 查閱採用清楚易明的形式的，
(c) 在(b)段所提述的要求被拒絕時獲提供理由；
(d) 反對(c)段所提述的拒絕；
(e) 要求改正個人資料；
(f) 在(e)段所提述的要求被拒絕時獲提供理由；及
(g) 反對(f)段所提述的拒絕。
25
Regulatory Role of Privacy Commissioner for
Personal Data (“PCPD”)
個人資料私隱專員的規管角色
He determines whether there is a breach of
any DPP. He is not tasked to investigate
any offence under the Ordinance. The job
belongs to the Police.
26
獨特的條文

涵蓋面極廣，包括日常生活所牽涉的處理
個人資料問題

科技世代的人權保衛者

管轄資料使用者如何處理個人資料
27
Legal language
“Like most judges and lawyers, I spend my life
puzzling over the meaning of words. The words may
exist in a national or sub-national constitution. They
may appear in local legislation. Or they may emerge
from judicial reasons, written over the centuries, in
the exposition of the common law.”
The Hon Justice Michael Kirby (Australia)
28
法例的語文的應用


香港法例第1章 :《 釋 義 及 通 則 條 例 》
第5 條: 「在任何條例中凡對任何字或詞句下
有定義，該定義的適用範圍即擴及該字或詞
句的文法變體及同語族詞。」
Where any word or expression is defined
in any Ordinance, such definition shall
extend to the grammatical variations and
cognate expressions of such word or
expression.
29
《 釋 義 及 通 則 條 例 》(1)


第9 條 : 條例英文本內的中文字和詞句，按
中國語文和風俗解釋，而條例中文本內的英
文字和詞句，則按英國語文和風俗解釋。
Chinese words and expressions in the English
text of an Ordinance shall be construed
according to Chinese language
and
custom and English words and expressions
in the Chinese text of an Ordinance shall
be construed according to English language
and custom.
30
《 釋 義 及 通 則 條 例 》(2)

第10B 條 : (1) 條例的中文本和英文本同等真
確，解釋條例須以此為依據。 (2) 條例的兩種
真確本所載條文，均推定為具有同等意義。
(3) 凡條例的兩種真確本在比較之下，出現意
義分歧，而引用通常適用的法例釋義規則亦
不能解決，則須在考慮條例的目的和作用後，
採用最能兼顧及協調兩文本的意義。
31
《 釋 義 及 通 則 條 例 》(3)
(1) The English language text and the Chinese language text
of an Ordinance shall be equally authentic, and the
Ordinance
shall
be
construed
accordingly.
(2) The provisions of an Ordinance are presumed to have
the
same
meaning
in
each
authentic
text.
(3) Where a comparison of the authentic texts of an
Ordinance discloses a difference of meaning which the
rules of statutory interpretation ordinarily applicable do not
resolve, the meaning which best reconciles the texts, having
regard to the object and purposes of the Ordinance, shall be
adopted.
32
《 釋 義 及 通 則 條 例 》(4)
第19 條 : 條例必須當作有補缺去弊的作用，按其真正用意、
涵義及精神，並為了最能確保達致其目的而作出公正、廣
泛及靈活的釋疑及釋義。
An Ordinance shall be deemed to be remedial and shall
receive such fair, large and liberal construction and
interpretation as will best ensure the attainment of the
object of the Ordinance according to its true intent, meaning
and spirit.
33
例子 : 《 個 人 資 料 (私 隱 ) 條 例 》
如何發揮補缺去弊的作用 ？
條例並沒有列明其目的， 但它的詳題 : 「 本 條 例 旨 在 在 個 人 資 料 方 面 保
障 個 人 的 私 隱 」 可以當作是條例的目的
條例的條文內並無解 釋 「 私 隱 」 一詞 ， 亦無重提「 私 隱 」兩字
條例的精神列於附表一 (Schedule 1) -- 六項保障資料原則
條例內有46項個別用詞，其釋義是放在第2條內，但另外有41項個別用詞，其釋
義則分佈在ss.3, 13,17A, 20, 25, 32, 35A, 35D, 42, 46, 51A, 55, 57,58A, 61 63B,
63C, 66A, 66B, DPP2, DPP3, DPP4 ， 在組織上來說， 應該有改進的空間
條例將某些行為（但不包括違反保障資料原則的行為）列作罪行
條例只要求資 料 使 用 者 需採 取 所 有 切 實 可 行 的 措 施 (all practicable steps)
來遵從條例
34
法律的語文
除了清楚的釐定語文， 法律的用詞可以引至岐義
(confusion), 或 含糊 (ambiguity), 或 模 糊 (vagueness)
大致上, 普通法會盡量避免岐義或含糊, 但常常會用模 糊
的語文，例 子 :
adequate, due diligence, excessive, fair, unfair,
necessary, practicable, prejudicial, proper, public
interest,
reasonable, serious, sufficient
在《 個 人 資 料 (私 隱 ) 條 例 》 內， 就 有訐多模糊語
文， 容許執 法 和 司 法 機構就個別情況作出合法的演
譯
35
S.28(4) plain and clear ?
“(4) Where pursuant to section 19(3)(c)(iv) or
(v) or (4)(ii)(B)(II) a data user may comply with
a data
access request by supplying a copy
of
the personal
data to which
the
request
relates in one of 2 or more forms, the
data user shall not, and
irrespective of the form
in which the data user complies with the request,
impose a fee for complying with the request
which is
higher than the lowest fee the data user
imposes for complying with the request in any
of those forms.”
36
S.20(2) plain and clear?
“(2) Subsection (1)(b) shall not operate –
(a) so that the reference in that
subsection to personal data of which any
other individual is the data subject
includes a reference to information
identifying that individual as the source of
the personal data to which the data
access
request concerned relates unless
that
information names or otherwise
explicitly
identifies that individual;”
37
S.64(10) original version
“(10) A data user who, without reasonable
excuse, contravenes any requirement
under this Ordinance (other than a
contravention of a data protection
principle) for which no other penalty is
specified in this section commits an
offence and is liable on conviction to a
fine at level 3.”
>>>>>>>>>>>>>
38
S.64A (Effective 1 Oct 2012)
S.64A :
“(1) A data user who, without reasonable
excuse, contravenes any requirement
under this Ordinance commits an offence
and is liable on conviction to a fine at level
3.
(2) Subsection (1) does not apply in relation to (a) a contravention of a data protection
principle;”
39
Why not call a spade a spade?
Both the original and the revised versions of the
afore-mentioned provisions come to mean the
same thing –
a mere contravention of the data protection
principles is not an offence
Why does the Ordinance not say that plainly and
directly ?
40
Legislative drafting
In choosing the proper legislative language, it
is desirable to determine the readership.
Should the law be written for :
(a) the people ? or
(b) the legal professionals who
interprets for the people ?
41
The case for the people
The law applies to people and their conduct
Ignorance of the law is no excuse. Put another
way, everyone is expected to know the law, and
can read the law
Lawyers should not be needed in the general
understanding of the law
42
The case for the professionals
The law is and has to be a specialist subject
and requires a special language. Lawyers are
trained to use that language while lay people
are not
Any language improvement should aim at
making it easier for lawyers to use but not
necessarily for lay people to understand
43
The middle ground
A statue should aim to address several
audiences. It should aim to achieve maximum
certainty. In all cases, general principles
should be clear to lay people while skilled
professionals can assist them in more
complex issues
44
Falling between two stools
What if the legal language is not only unclear
to lay people, but also unclear to
professionals?
Time wasted
interpretation
in
getting
authoritative
Costs to the public and the litigants
45
“shall” and “may”
Two of the most often used words in the Personal
Data (Privacy) Ordinance
Not defined there nor in other ordinances
Capable of many meanings and a favourite point
of argument in many disputes inside and outside
of a courtroom
Should they not be replaced by other words
wherever practicable?
46
The use of “shall”
For a long time, “shall” has been used to :
(a)
(b)
(c)
(d)
(e)
impose a duty – a data user shall do such…
prohibit conduct – no person shall do such…
create conditions precedent – to achieve xxx, a person
shall do such…
make a declaration – the data user shall be deemed….
denote future tense
Most modern jurists suggest that the word should not be a
part of the legal language due to its myriad and ambiguous
meanings.
47
What does “shall” mean? (1)
S.33(1) : This section shall not apply to
personal data …
S.33(2) : A data user shall not transfer
personal data …
S.33(4) : Where the Commissioner has
reasonable grounds … he shall cause that
place to cease to be specified …
48
What does “shall” mean? (2)
S.47(1) : where the Commissioner has completed
an investigation, he shall inform the relevant data
user
S.66(1)(c) : an individual who suffers damage
shall be entitled to compensation
S.68 : A notice shall be deemed to be so served
49
Modern avoidance of “shall” (1)
Deuteronomy, Chapter 5
17. Thou shall not kill.
18. Neither shall thou commit adultery.
19. Neither shall thou bear false witness
against thy neighbour
Bible - Authorised King James Version
50
Modern avoidance of “shall” (2)
Deuteronomy, Chapter 5:
17. You must not kill.
18. You must not commit adultery.
19. You must not steal.
The New Jerusalem Bible (most used
Roman Catholic Bible outside of USA)
51
Modern avoidance of “shall” (3)
Corinthians I, Chapter 14:11
Therefore if I know not the meaning of the
voice, I shall be unto him that speaketh a
barbarian, and he that speaketh shall be a
barbarian unto me.
Bible – Authorised King James Version
52
Modern avoidance of “shall” (4)
Corinthians I, Chapter 14:11
If then I do not grasp the meaning of what
someone is saying, I am a foreigner to the
speaker, and the speaker is a foreigner to me
New English Translation, NET Bible
53
Amendments to the PDPO
The Ordinance was first enacted in 1995.
Substantial amendments were made by Personal
Data (Privacy) (Amendment) Ordinance 2012
There is a Note in the Amendment that “The
format of the whole Ordinance has been updated
to the current legislative styles.” This is not
entirely true.
54
Section 64(8) : original version
“(8) It shall be a defence for a relevant data
user charged with an offence under
subsection (7) to show that the data
user exercised all due diligence to
comply
the
enforcement
notice
concerned.”
55
S.50A(2) (effective 1 Oct 2012)
“(2) In any proceedings for an offence under
subsection (1), it is a defence for the
data user charged to show that the
data user exercised all due diligence to
comply with the enforcement notice.”
56
Ss.35B – 35M on direct marketing
(effective 1 Apr 2013)
In these sections, “must” and “must not” have made their
first appearance and replaced “shall” and “shall not”
Examples :
35C (2) The data user must …
(a) inform the data subject …
35E (1) A data user …. must not use …
35F (1) A data user must …
57
Inconsistencies in the revised Ordinance
Examples
DPP4(1) All practicable steps shall be taken to ensure that
personal data …..are protected.
DPP2(2) All practicable steps must be taken to ensure that
personal data is not kept longer than is necessary….
However instances like DPP5, the same treatment should
have been adopted, e.g. “All practicable steps shall be taken
to ensure…” be changed to “All practicable steps must be
taken….”
58
Inconsistencies in the revised Ordinance
The Amendment produces two styles of writing
S. 50A(2) (effective Oct 2012) adopts the new term “it is a
defence …”.
Whereas the new s.65(3) (effective April 2013) continues with
the old term “it shall be a defence”, viz.
“In proceedings brought under this Ordinance against any
person in respect of an act or practice alleged to have been
done or engaged in, as the case may be, by an employee of his
it shall be a defence for that person to prove that he took such
steps as were practicable to prevent the employee from doing
that act…….”
59
The replacement words:
“must” and “must not”
For obvious reasons, it is undesirable for
“must” “must not” and “shall” “shall not” to be
used alternately in the same Ordinance if they
are intended to carry the same meaning
60
The use of “may” in PDPO (1)
One of the most used words apart from “shall” in
the Ordinance
Example:
Section 7 (2) A person appointed to act as the
Commissioner
(a) shall perform the functions; and
(b) may exercise the powers of the Commissioner
under the Ordinance
61
The use of “may” in PDPO (2)
Heading of section 20 Circumstances in which data user shall
or may refuse to comply with data
access request
62
Multiple functions of “may”
(a)
(b)
(c)
(d)
(e)
to confer an authority : a data user may …
to confer a right : a data user may claim
certain privileges
to impose conditions on the exercise of the
authority or right
to impose procedural limitations : data user
may do something provided such procedures
are followed
to denote a future tense
63
A case for change
In legislative drafting, there is a strong case for
the over-worked “may” to be replaced by more
suitable words to serve different purposes.
Ambiguity and unnecessary arguments could
be avoided. Clarity must be the paramount
objective
64
Resistance to change
Words and phrases have been defined by successive
courts
Old and worn words and phrases are convenient to use
by lawyers
Courts have got accustomed to well established words
Vested interest of the legal profession
65
You
謝謝
Thank
66