Hong Kong Privacy Legislation Overhaul.

10 March, 2020

The Constitutional and Mainland Affairs Bureau and the Privacy Commissioner for Personal Data in Hong Kong have released a discussion paper on proposed changes to the Personal Data (Privacy) Ordinance (“PDPO”). Any future reform will be the first since 2013, when direct marketing controls were introduced. Key proposed amendments include:

Introduction of a data breach notification mechanism.
The discussion paper suggests that data subjects are notified of a breach “within a specified timeframe (e.g. as soon as practicable and, under all circumstances, in not more than five business days)” and that a threshold is imposed on any notification mechanism, whereby only those breaches which have “a real risk of significant harm” are to be reported.
Increased levels of fines.
Currently, only criminal sanctioning powers (i.e. fines and/or imprisonment) are available under the PDPO. The discussion paper outlines the fact that data protection authorities in other countries are empowered to directly impose administrative fines, and references the maximum fines which can be imposed under the GDPR (i.e. EUR 20m or 4% of the company’s annual global turnover) with the suggestion that they also explore the feasibility of introducing an administrative fine linked to annual turnover.
Amendment to the definition of personal data
In view of the wide and increasing use of tracking and data analytics technology, the proposal is to widen the definition of “personal data” under the PDPO, which currently covers information that relates to an “identified” person to information relating to an “identifiable” natural person.
Regulation of data processors.
Again echoing the application of the GDPR, the proposal here is to subject processors (and sub-contractors) to direct regulation, making them directly accountable for data breach notification and data security.

A copy of the full discussion paper can be found here.

For further information, please contact:

Andrew Rigden Green , Partner, Stephenson Harwood

andrew.rigdengreen@shlegal.com

Hong Kong Privacy Legislation Overhaul.

Employer Sponsorship And Work Permits In Indonesia.

- Stephen Igor Warokka - SSEK,

Labor And Employment Law Updates From Indonesia And The World.

Gross Split Production Sharing Contracts: Commercial Insights From Indonesia’s MEMR Regulation No. 13 Of 2024.

- Fitriana Mahiddin - SSEK, SSEK

UK – Shifts Workers – A New Right To Reasonable Notice.

Hong Kong – Keepwell Deeds: A Workable Solution To PRC’s Foreign Exchange Control?

The Catch And Kill Of Non-Disclosure Agreements? New UK Guidance.

EU – Tightening The European Union’s Powers To Review Foreign Direct Investments.

Malaysia – General Average And Salvage.

- Philip Teoh - Azmi & Associates, Azmi & Associates

Role Of Technology In Legal Service Delivery.

Process Optimisation In Legal Teams: Improving Workflow Efficiency.

CONVENTUS LAW

OTHERS

Hong Kong Privacy Legislation Overhaul.

Register for your monthly Asia legal updates from Conventus Law

- Manisha Singh - Lex Orbis,

Footer

CONVENTUS LAW

OTHERS