Data protection and privacy—Hong Kong—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Data protection and privacy—Hong Kong—Q&A guide
  • 1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?
  • 2. Which authority is responsible for overseeing the data protection law? Describe the investigative powers of the authority.
  • 3. Are there legal obligations on the data protection authority to cooperate with other data protection authorities, or is there a mechanism to resolve different approaches?
  • 4. Can breaches of data protection law lead to administrative sanctions or orders, or criminal penalties? How would such breaches be handled?
  • 5. Does the data protection law cover all sectors and types of organisation or are some areas of activity outside its scope?
  • 6. Does the data protection law cover interception of communications, electronic marketing or monitoring and surveillance of individuals? If not, list other relevant laws in this regard.
  • 7. Identify any further laws or regulations that provide specific data protection rules for related areas.
  • 8. What forms of PII are covered by the law?
  • 9. Is the reach of the law limited to PII owners and processors of PII established or operating in the jurisdiction?
  • More...

Data protection and privacy—Hong Kong—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to data protection and privacy in Hong Kong published as part of the Lexology Getting the Deal Through series by Law Business Research (published: May 2020).

Authors: Mayer Brown—Gabriela Kennedy; Karen H. F. Lee; Cheng Hau Yeo

1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?

The Personal Data (Privacy) Ordinance (PDPO) (Cap. 486) is the main legislation in Hong Kong that regulates the collection, use, transfer, processing and storage of personal data.

The drafting of the PDPO was based on the International Covenant on Civil and Political Rights, the European Convention on the Protection of Human Rights and Fundamental Freedoms, the Organisation for Economic Cooperation and Development Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, and the Directive 95/46/EC.

2. Which authority is responsible for overseeing the data protection law? Describe the investigative powers of the authority.

The Office of the Privacy Commissioner for Personal Data (PCPD) is the main body responsible for overseeing the enforcement of the PDPO and is headed by the Privacy Commissioner for Personal Data (PCPD).

The PCPD has various investigative powers, including the right to:

  1. undertake investigations

Popular documents