Click here to listen the audio.
An Asian hub for digital services between East and West
One country, two systems – that’s the 50-year agreement that led to Hong Kong’s becoming part of China in 1997. This remains an evolution in progress. Hong Kong retains many of its systems independent of the PRC and yet is part of China. What does this mean for data privacy and the rules that apply to business in this powerhouse commercial center?
Padraig Walsh, a privacy leader at the prominent Hong Kong law firm of Tanner De Witt, provides insight into how multinational firms should view Hong Kong for digital services. Hong Kong’s 1996 data privacy law was a pioneer at the time in establishing a legal framework for protecting personal data and regulating companies that handle data flows as controllers or processors. If one asks is it like China’s or the EU’s or the USA’s approach to data privacy, the answer is that it is much more like the EU or USA approach than China’s. It was adopted in the final months of British sovereignty.
This makes Hong Kong’s regulatory system comfortable for multinational firms with data centers and other operations in the territory. The law system remains common law with an English cultural background. The Privacy Commissioner for Personal Data works to enforce the rules without authority to levy large fines or other penalties. The Commissioner has called for additional enforcement powers, but it is highly unlikely that Hong Kong would take the approach of the EU and USA that rely on threats and examples of severe punitive action to encourage companies to protect personal data as required by law. Tune in for a 13-minute tour of Hong Kong’s approach to data privacy.