Getting online while in Hong Kong is easy with our prepaid unlimited data plans. Once your plan is activated, all you have to do is scan the QR code provided and connect instantly. You can use your eSIM to access the fastest network in the city, for ordering taxis and getting directions, staying connected with friends and family, checking out local restaurants, doing online banking apps and emergencies.
The Personal Data (Privacy) Ordinance (“PDPO”) is the primary legal framework governing data protection in Hong Kong. It establishes a number of data subject rights and specific obligations for data users through six data protection principles.
A key element of the PDPO is that personal data cannot be collected unless it can reasonably be identified as being about an individual. The statutory definition of personal data includes name, identity card number, nationality, birth date, address, medical records, a photograph, an email address, bank account information, credit information, employment and education details, and information on criminal convictions or offences.
However, the PDPO makes an exception for special categories of personal data where there is a “lawful basis” for collecting it. These include data that is used for financial or credit scoring, marketing, public health and safety purposes, and information about a criminal offence committed by an individual.
As a result of the heightened awareness around the protection of personal data in Hong Kong, a number of new initiatives have been launched to help citizens understand and protect their privacy. These include a series of talks and workshops by the PCPD, which are available to the public. A new data protection tool has also been introduced to allow people to see how their personal data is being used by organisations.
While a lot of attention has been focused on the impact of the new law on social media and tech companies, there is also concern over government requests for information from local data holders. In the months leading up to the introduction of the new law, Google, Apple and Microsoft all said they would pause responding to government requests for user information as they reviewed the implications of the new rules.
However, in May 2019, the companies reported that they had complied with three out of 43 requests made by local authorities for user data over the past six months. Google said that two of those requests were for emergency disclosure involving threats to life, and the remaining request was in relation to human trafficking.
The other US tech giants have not yet published their transparency reports covering the six-month period since the enactment of the new data protection laws. They have, however, continued to process requests made by the Hong Kong authorities in accordance with their global policies. This includes notifying account holders about the request unless legally prohibited from doing so. The companies have also been pushing to narrow the scope of such requests.