Personal Data (Privacy) Law in Hong Kong: A Practical Guide on Compliance (Third Edition)

Hong Kong is positioned as a pivotal hub where the East delicately intertwines with the West. It is evident that digital globalisation and technological advances have brought about an unprecedented flow of data across borders, presenting unique challenges to privacy and data protection. Data security threats have grown in sophistication, with cyberattacks based on phishing, ransomware and malware happening from time to time.

This third edition of Personal Data (Privacy) Law in Hong Kong: A Practical Guide on Compliance seeks to provide legal practitioners, students and privacy enthusiasts with a comprehensive understanding of Hong Kong’s personal data privacy law, serving as a reliable resource for navigating the intricacies of our evolving landscape in this difficult area of the law.

Included in this edition are updates on recent Administrative Appeals Board and Court decisions, and investigation reports and materials such as guidance on ethical development and use of AI, the collection and use of personal data by employers during COVID-19, the protection of personal data under work-from-home arrangements, data security measures for information and communications technology systems, the implementation guidelines on doxxing offences and the guideline on data breach handling and data breach notifications.

Another highlight is that the book features three entirely new chapters that delve into the pivotal developments in the law since the last edition. These chapters explain the two-tier doxxing offences and the Commissioner’s investigation and prosecution powers under the provisions in the new Part 9A of the PDPO (Chapter 16), cross-boundary transfers of personal data from Hong Kong (Chapter 17) and the Mainland’s personal data protection regime (Chapter 18). A comprehensive comparison table is included to highlight the similarities and differences among the PDPO, the GDPR and the PIPL, enabling readers to better navigate the multifaceted regulatory frameworks governing personal data privacy.

This book will no doubt be a trustworthy companion for anyone interested in the law of privacy and personal data protection, with each chapter providing a thorough discussion of the law, offering compliance solutions and practical insights. It is hoped that the book will go beyond the boundaries of a legal manual and reach a wider community of privacy professionals to serve the bigger purpose of charting a course towards a future where society at large recognises that the protection of personal data privacy is not merely a checklist for fulfilling legal obligations, but rather a collective social responsibility and the cornerstone of the continuous success of Hong Kong.