HKSAR v. Hong Kong Broadband Network Ltd
Court of First Instance
Magistracy Appeal No 624 of 2015
Albert Wong J
16 March, 16 December 2016, 26 January 2017

Criminal law and procedure — personal data privacy offences — elements of offence — proof of mens rea not required — offence of strict liability — whether communication “direct marketing” — whether statutory defence made out — Personal Data (Privacy) Ordinance (Cap.486) ss.35A, 35G

Words and phrases — “direct marketing” — “offering” — “advertising” — Personal Data (Privacy) Ordinance (Cap.486) ss.35A, 35G

[Personal Data (Privacy) Ordinance (Cap.486) ss.35A, 35G, s.35G(4), s.35G(5)]

D, a broadband service provider, was convicted of being a data user, failing to comply with a data subject’s request requiring it to cease using his personal data in direct marketing contrary to s.35G(4) of the Personal Data (Privacy) Ordinance (Cap.486). D received an application under s.35G(1) from X, a subscriber, to opt out of direct marketing. B, an employee of D, left a voice message on X’s mobile telephone reminding him that his existing contract would expire “soon” and suggesting he renew it before a fee increase took effect (the Message). This deviated from the script supplied by D to employees such as B. D appealed against conviction. D’s defence was that it had an honest and reasonable belief that B only contacted X as an after-sales service to provide an important reminder and avoid complaints. D submitted, inter alia, that the prosecution was required to prove mens rea, namely an intention to engage in direct marketing; and also that the voice mail in question did not constitute direct marketing. Under s.35G(5), it was a defence if the data user took all reasonable precautions and exercised all due diligence to avoid committing the offence. “Direct marketing” was defined under s.35A as “(a) the offering, or advertising of the availability, of goods, facilities or services ... through direct marketing means.”

Held, dismissing the appeal, that:

1) Given that the s.35G offence was a regulatory one, its language and the defence provided for, the clear legislative intent was that proof of mens rea was not necessary (Reynolds v Austin & Sons Ltd [1951] 2 KB 135, Hin Lin Yee v HKSAR (2010) 13 HKCFAR 142 applied). (See paras.29, 31–33, 39.)

2) The offence was one of strict liability. Its elements were: (a) there was a data subject who had required a data user to cease to use his personal data in direct marketing; (b) the data user had received that request; and (c) the data user failed to comply with the request. Where the prosecution proved these three elements beyond reasonable doubt, unless the accused could rely on the defence under s.35G(5), he or she must be convicted as charged (Kulemesin v HKSAR (2013) 16 HKCFAR 195 considered). (See paras.40, 50–51.)

3) While this partly reversed the burden of proof and thereby derogated from the presumption of innocence, the offence was rationally connected to a legitimate societal aim and proportionate. D bore only an evidential burden of proof. The statutory defence required a positive act by the accused and excluded one based only on belief. Thus, it was the only defence available to a defendant (Hin Lin Yee v HKSAR (2010) 13 HKCFAR 142 applied). (See paras.40–45, 49.)

4) Given s.19 of the Interpretation and General Clauses Ordinance (Cap.1), the meaning of “offering” in the Ordinance should not be confined to that in contract law, but include proffering the provision of goods, facilities or services. The so-called reminder call was made not only to X, but to all customers like him. Such conduct constituted advertising for the purpose of promoting services (HKSAR v Cheung Kwun Yin (2009) 12 HKCFAR 568 applied). (See paras.63, 72–74, 77.)

5) The Message constituted an offer to provide services, specifically, the same service at a concessionary fee or to advertise the availability of that service. It went beyond being a reminder and was direct marketing. Accordingly, the prosecution had proved all the elements of the offence as it was obliged to prove. (See paras.93, 96, 126.)

6) D could not rely on the statutory defence. On receiving X’s s.35G(1) request, D failed, as required, to take all reasonable measures and exercise all due diligence to avoid non-compliance with it. Even if D’s script was followed, employees could take the initiative to propose or introduce renewal plans, which constituted direct marketing; and, if the customer declined, to ask about contacting the customer again. To satisfy s.35G(5), D could give customers a written reminder in unambiguous terms to avoid the risk of a breach by staff in telephone communications with customers. (See paras.111, 117, 119–124.)


This was an appeal against conviction for being a data user, failed to comply with a data subject’s request to cease using his personal data in direct marketing contrary to s.35G of the Personal Data (Privacy) Ordinance (Cap.486). The facts are set out in the judgment.


Thomson Reuters – Sweet & Maxwell are the publishers of the Authorised Hong Kong Law Reports & Digest ("HKLRD") and the Authorised Hong Kong Court of Final Appeal Reports ("HKCFAR"), and providers of Westlaw HK ( /