The PDPO Review Paper represents the first proposal for reform of the PDPO since the consultation in 2009-10 that led to the introduction of Hong Kong’s direct marketing controls in 2013. From a global perspective, data protection regulation has moved forward significantly since that time, so a review of the PDPO is timely. As detailed in the briefing, the areas tabled for further review include important topics which have gained traction globally, such as a mandatory data breach notification obligation, the regulation of data processors and stiffer fines for non-compliance.
The PDPO Review Paper also addresses Hong Kong’s particular challenges with “doxxing”, the unauthorized publication of personal data with the intent to intimidate or encourage vigilantism. The PCPD has logged close to 5,000 complaints and enquiries relating to doxxing since Hong Kong’s unrest began in the summer of 2019. A key part of the review will be looking at means of addressing doxxing under the PDPO, a move which runs some risk of politicization of the broader basket of PDPO reforms, to the extent legislative debate may turn to the rights and wrongs of past protest action rather than the merits of upgrading Hong Kong’s increasingly important data protection legislation. The strength of the PDPO is key to Hong Kong’s continued success as an advanced regional business hub. The rapid pace of legislative development in Asia and beyond makes this review important and we would be very interested in receiving feedback on these proposals for reform.
To read the full article, click here.
Authored by Mark Parsons, Tommy Liu and Anthony Liu.