Enhanced guidance on sharing of personal data with third parties for direct marketing purposes

Authored by: Simon Deane and Natalie Chan

The HKMA issued guidance to AIs in November 2021 to strengthen the protection of personal data of banking customers. When sharing customers’ personal data collected through online channels (including mobile apps) with third parties for the purposes of direct marketing by the third parties, AIs should either (i) ask customers to approach the third parties directly so that the customers can provide their personal data and/or consent directly to the third parties; or (ii) redirect the customers from the AIs’ websites / mobile apps to the websites / mobile apps of the third parties so as to provide their personal data and/or consent for direct marketing by such third parties directly.

For the avoidance of doubt, third parties include group companies of AIs.

Under the redirection approach, apart from complying with the relevant provisions of the Personal Data (Privacy) Ordinance and the data protection principles, AIs should also be mindful of the following:

Provision of reminder message before the redirection is performed to alert customers to the fact that there will be a redirection and explain the purpose(s) of the redirection.
Reminder messages should be clear and readily readable (e.g. with a reasonable font size and layout).
AIs should not bundle the redirection and/or any transfer of personal data of customers to third parties in the process of bank account opening or provision of banking services.
AIs should carefully assess what kinds of data the third parties require, and only share a minimum amount of customer personal data on a “need-to-know” basis.
Explicit consent for sharing the customers’ personal data to third parties should be obtained by the AIs before the redirection and additional consent is required for using the personal data for direct marketing purposes by the third parties.

To access a full version of the Guidance, please see here.

Key Contacts

Simon Deane

Consultant | Banking and Finance

Email or call +852 2825 9209

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Enhanced guidance on sharing of personal data with third parties for direct marketing purposes

Key Contacts

Simon Deane

Related Services and Sectors:

Filter News & Insights

Search News & Insights

Follow

Popular Insights

Solicitors’ Hourly Rates for Party and Party Taxations to increase

New corporate governance requirements for HK listed companies/listing applicants will come into effect in January 2022

Closing the operations of a solvent company in Hong Kong

Hong Kong

Beijing

Guangzhou

Shanghai

Search

Menu