Data Privacy and the Special Administrative Region of Hong Kong

Hong Kong has developed its unique economic model around a transparent business environment where data plays a central role. Yet with so much personal information being generated daily in Hong Kong’s Special Administrative Region (SAR), data privacy becomes of utmost importance for continued success of this global financial center.

The SAR’s laws, such as the Personal Data Protection Ordinance (PDPO), aim to provide everyone with adequate levels of data protection. This ordinance regulates collection, processing, storage and use of personal information through six data protection principles that cover collection, processing, storage and use; it’s regularly amended in response to emerging challenges and is always up-to-date with international standards; its most recent amendments came into force in 2021 with criminal penalties being applied on acts that violate data privacy such as disclosing someone else’s information without their consent – also known as “doxxing”.

Hong Kong’s Privacy and Data Protection Ordinance (PDPO) serves as the cornerstone of data privacy regulation; however, its scope falls short in protecting all personal data. SAR laws only cover data pertaining to individuals; corporate information or sensitive data that could have negative implications on reputation and competitiveness are left uncovered by this Act. Therefore, its strengthening is vital.

As such, the PDPO has undergone various amendments over time, beginning in 2012 to introduce new regulations on direct marketing, and most recently in 2021 to address cyber attacks and other privacy threats. Furthermore, recent amendments strengthen PDPO by providing criminal penalties for violations committed online.

Not only must SAR legislature invest resources to keep PDPO compliant with international standards, but it is equally essential that it invests resources to bolstering data protection regime. This is especially crucial given the ongoing development of Guangdong-Hong Kong-Macao Greater Bay Area which demands cooperation among data regulators from both jurisdictions.

In his 2022 Policy Address, the SAR’s chief executive announced that their government will work actively to open up data and promote innovative industry applications while exploring with mainland counterparts arrangements for smoother data exchange between both sides. This will enable the full realization of “one country, two systems”, ensuring both countries enjoy optimal data protection standards. The author is a solicitor and research assistant of City University of Hong Kong as well as doctorate candidate at Tsinghua University; his views do not necessarily represent those of Chinese Academy of Social Sciences or Tsinghua University. Furthermore, he co-authored a book on legal research methodologies which can be found here and can be reached via email: jma@sydney.com.hk for contact.