Hong Kong regulator to begin review of data privacy laws

HONG KONG (Reuters) - Hong Kong will begin a review of its data privacy rules over the next 18 months, with a view to potentially updating them in line with technological developments and changes in European regulation, the territory’s privacy regulator said.

Hong Kong Privacy Commissioner for Personal Data Stephen Wong Kai-yi poses at Reuters Financial Regulation Summit in Hong Kong, China May 20, 2016. REUTERS/Bobby Yip

Hong Kong’s data privacy legislation was drawn-up nearly 20 years ago and based at the time on European Union law, but recent changes to the EU framework and a technology-driven explosion in personal data may mean the current rules need to change, Stephen Wong Kai-yi, Privacy Commissioner for Personal Data, told the Reuters Financial Regulation Summit on Friday.

“Now you have all these developments we’d like to study the impact this might bring to our current legislation.”

The EU began an overhaul of its data privacy rules in 2012 to give citizens greater control over their personal data, and to simplify the rules for businesses. The new EU new regime is due to come into full effect in 2018.

“It’s not just a matter [of] protecting individuals, we would like to protect the interests of commercial enterprises,” said Wong, adding that the regulator would propose legislative changes if appropriate.

Hong Kong’s data privacy laws are relatively strict, but a review of the regime would help to account for changes in technology and developments in international data privacy law that have occurred since they were last tweaked in 2012.

Recent enforcement actions brought last year by the Office of the Privacy Commissioner for Personal Data, most notably against Hong Kong corporate governance activist David Webb, have prompted concerns that the law is being used to restrict media freedom in the territory.

Speaking at the summit, Wong denied that this case could have adverse implications for media freedoms. He said it had “no impact at all on the right to republish or to express a view” and that the law provided certain exemptions for media outlets.

“But I would like to stress that there is a misconception that the use of personal data from the public domain is free for all other sorts of uses, but that is not true,” he said.

Follow Reuters Summits on Twitter @Reuters_Summits

For more summit stories, see

Reporting by Michelle Price; additional reporting by Lisa Jucca and Clare Baldwin. Editing by Jane Merriman