個人資料保護辦公室

Gabinete para a Protecção de Dados Pessoais

Office for Personal Data Protection

Enquiry Case Notes
Print

No: 0460/C/2011

Title: Personal data on membership cards

Content:

    When Resident X entered a public facility of Department A, it staff asked X to leave his membership card, issued by the same Department, on the counter and to pick it up when he finished. X found that many other membership cards were also lying on the counter, and the personal data thereon are eligible when taking a closer look at them.
  X inquired whether such practice of Department A was in accordance with Personal Data Protection Act (Law 8/2005).

Result:

    In the absence of detailed information, the GPDP could only provide a general remark on the processing of personal data therein.
  Under Articles 4(1)(1) and 3(1) of the Law last mentioned, the data processing found in this case is regulated by the same Law.
  According to Article 6 of this Law, the personal data could only be processed with the consent of Resident X or in other situations provided by laws (such as to perform a contract, or to discharge legal obligations). Moreover, such processing shall be in accordance with principles stipulated in Article 5 of the said Law, including the principles of legitimacy and proportionality. In addition, Article 15 therein provides that a data controller shall take the security measures to protect personal data from unauthorized alteration, dissemination or access.
  In general, the conditions and procedures of using public facilities are decided by the public authority with the relevant statutory duties, according to the regulations and departmental policies to which apply. And whether the mentioned arrangement caused any improper disclosure of personal data depends upon the specific circumstances of the case. But in the current case, analyzing the specific laws, regulations or provisions apply to the said membership card system is particularly important.
  X may first consult the laws, regulations or provisions that apply to the said membership cards. Alternatively, he may inform Department A of the current arrangement, and to enquire the purposes and reasons why memberships are kept and displayed in this way. If any violations of the Personal Data Protection Act are found, he may file a complaint with the GPDP.

Reference:
Please refer to "Personal Data Protection Act", articles 3,4,5,6,15 .

Back

Avenida da Praia Grande, N.º 804, Edif. China Plaza, 17.º andar, Macau Tel:(853) 2871 6006 Fax:(853) 2871 6116