Complaint Case Notes

編號: 0021/2014/IP

標題: Former building management committee publicized in the building entrance hall the information of the resident with pending payment

立案原因: Complaint


    The complainant reported to the Office for Personal Data Protection (GPDP) that he was dissatisfied with the unclear transactions made by the Management Committee for the maintenance of the building that he is living in.  Therefore, he refused to make the apportioned payment.  The dispute continued even after the committee’s term of office has ended.  Afterwards, he found out that a declaration, signed by the members of the former committee, was put up in the entrance hall of the building, stating that all the flat owners should apportion the accrued payment of resident of Flat Y of Block X, in addition that the maintenance fund would also be used for the settlement, unless this resident settled his overdue payment.  In addition, the complainant also found out that copies of this declaration were placed on the safety door of each flat.
  The complainant was in the opinion that since the former committee’s term of office has ended, it did not have the rights to publicize his information.  Moreover, sending the declaration copies to each flat was an intention to defame the resident and had no relation to specify account transactions.


    As the residential address of the complainant was found in the declaration, this should be considered as personal data according to Article 4(1)(1) of the Personal Data Protection Act (PDPA).  On the other hand, the former committee has established a database, according to its regulations, for the account transactions of the building management, processing of information as such should be regulated by the PDPA according to its Article 3.  
  The GPDP’s investigation revealed that the new building management committee had subsequently endorsed the decision to put up the declaration which the former committee made, as a consequence this should not be regarded as the personal behaviour of the committee members.  
  Under Article 1327 of the Civil Code, et seq., a condominium administration organ has the duties to manage the condominium, collect income of the committee and defray the costs.  Considering that the general reserve fund involves the common interests of all the flat owners, to whom the former committee was obliged to specify its account transactions.  As such, the committee was acting for the preceding, lawful interests of the data controller (management committee) and the third parties that were informed (all the flat owners), which achieved the legitimacy as governed by Article 6(5) of the PDPA.  
  In fact, the former committee only used the expression “Flat Y of Block X” in its declaration, and excluded any other personal data of the complainant.  This justified that the committee only intended to inform the owners the overdue payment and the transactions, and also reduced the disclosure of personal data to the minimum.  With regard the declaration copies put on the safety doors of each flat by the former committee members, it should be regarded as a way to disseminate information, which is within the ambit of internal policies.  Moreover, the former committee did not reveal the information to individuals who were not residents.  All these showed that the principle of proportionality was not violated.  


    The GPDP has already informed the investigation outcome to the complainant and the building management committee.  This case was closed.  

Please refer to Article 3, 4 and 6 of the Personal Data Protection Act.