Almost MOP1 mln issued in fines for data privacy infractions in 2019

The Office for Personal Data Protection (GPDP) has handed out almost MOP1 million (MOP125,272) in fines in 2019 for data privacy infractions, 244 per cent more than in the year prior, with direct beauty product direct marketing services the most targetted by the department.

In total, six fines involving four beauty product marketing entities were issued, amounting to some MOP715,000, according to the department’s annual work report.

Last year the GPDP initiated a total of 155 cases, of which most concerned the lack of legitimacy to deal with personal data and lack of protection provided to the data holder.

In total, the department handled 277 data privacy investigations in 2019, and concluded 149.

Some 83 per cent of all investigations conducted involved private entities, with consultancy and promotion service companies the sector most targetted by the GPDP investigations, with some 93 entities involved.

Local residents are frequently the target of unauthorised promotional or sales calls or messages from beauty product businesses, with several complaints submitted to the department.

As ane example the GPDP mentioned a case of a company who filed a complaint against a beauty products telemarketing company named Hoi Sheung Sociedade Unipessoal Limitada which telemarketing activities were considered to have not followed conditions of legitimacy and not guaranteeing the information and opposition rights of the data holder in refusing to receive promotional messages.

Therefore the GPDP fined the company for MOP1.08 million and applied an
accessory penalty to ‘temporary or permanent prohibit the treatment, blocking,
erasure or total or partial destruction of data’.

Some three gaming sector and three hotel entities were the targets of data privacy investigations last year.

The department only issued sanctions in 26.8 per cent of all cases concluded, with most cases, or about 31 per cent, ending up closed for lack of evidence, and with 22 per cent ending with suggestions on how to improve data protection.

The GPDP was also asked to conduct a total of 2,904 consultancy works in 2019, 60 per cent more than the year prior, with most involving data holder rights.