Date: 7 April 2019
“Grooving Privacy Evolution with Law Reform and Data Ethics”
Privacy Commissioner Delivered a Presentation in Panel Session
“Reshaping Privacy Regulations – Compliance and Consequences” at
67th American Bar Association Antitrust Law Spring Meeting 2019 and Participated in International Hearings on
“Competition and Consumer Protection in the 21st Century”
by Federal Trade Commission in Washington DC, the United States
The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Mr Stephen Kai-yi WONG was invited to speak in a panel session titled “Reshaping Privacy Regulations – Compliance and Consequences” at the 67th American Bar Association (ABA) Antitrust Law Spring Meeting 2019 held in Washington DC, the United States on 28 March 2019. The event was attended by more than 3,400 legal practitioners from over 60 countries and regions.
In the panel session, the Privacy Commissioner delivered a presentation titled “
Grooving Privacy Evolution with Law Reform and Data Ethics”. As the rapid development of technological innovation invariably outpaced regulatory efforts despite relentless attempts to revamp data protection laws, Mr Wong stressed the importance of data ethics to bridge the gap between legal requirements and increasing public expectation in privacy protection. Mr Wong also informed the audience that the office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD) has been advocating data ethics to complement compliance with the law, which could serve as the bedrock for nurturing and flourishing personal data protection in times of change.
Mr. Wong addressed the following issues in the presentation:
-
Various regulatory frameworks have been modified in response to the challenges of the digital revolution. For instance, the newly enforced GDPR aims at returning control of personal data to data subjects and imposing accountability on data controllers. As for the mainland of China, legislation on personal information protection is likely to be introduced within the current 5-year term of the Standing Committee of the National People’s Congress. In Macao, cybersecurity law will enter into force in mid-2019.
-
The PCPD has conducted a review of the Personal Data (Privacy) Ordinance in view of rapid development in technology, data breach incidents and global privacy normative framework. Issues include mandatory breach notification, power to impose administrative sanctions including monetary penalties, direct regulation of data processors and data retention period.
The Privacy Commissioner stated that with the unique and irreplaceable attributes of Hong Kong under the “One Country, Two Systems” such as free flow of information, English as one of the official languages, comprehensive data protection law and protection of personal data privacy right as a fundamental human right, Hong Kong can become an ideal data hub or centre not only for China but for the region. As a regional data hub, Hong Kong can boost the development as centres for international finance, innovation and dispute resolution, as envisaged in the Greater Bay Area initiatives.
In the panel session, the Privacy Commissioner stressed that the PCPD would continue to strengthen its roles as enforcer, educator and facilitator, by enforcing the law fairly and educating all stakeholders to remain vigilant for the privacy concerns about the use of ICT and Big Data. The PCPD would stand ready to facilitate legitimate trade, ICT growth and administrative efficiency in the interest of the public.
The PCPD would also continue to work closely with multi-stakeholders at domestic, regional and international levels by engaging and incentivising organisations, so as to nourish a culture and environment that respects privacy.
The Privacy Commissioner’s views can be found in his ABA course material paper titled “Grooving Privacy Evolution with Law Reform and Data Ethics”, which can be
downloaded here.
Separately, the Privacy Commissioner was invited to participate in the International Hearings on “Competition and Consumer Protection in the 21st Century” organised by the Federal Trade Commission (FTC) on 26 March 2019. The discussion, chaired by Ms Elizabeth Kraus, FTC’s Deputy Director for Antitrust, was held at the FTC Headquarters in Washington DC. Together with delegates from other jurisdictions, the Privacy Commissioner participated in a lively discussion on “Effective International Engagement: Foreign Agency Perspectives”.
Speaking at the hearings, the Privacy Commissioner expressed that the various data privacy regulations among jurisdictions have created difficulties in enforcement, not only for Hong Kong but regulators around the world. There is a pressing need for regulators to work together to bring about fair enforcement outcomes, especially in relation to cases involving multinational organisations. To avoid reinventing the wheel, the PCPD is engaging privacy regulators across the globe to seek solutions on how information is shared.
The Privacy Commissioner also called for collaboration among regulators across jurisdictions in the form of an international agreement to deal with cross-border data breaches effectively. The Privacy Commissioner said that given the global nature of data breaches, every data protection authority affected would have to conduct its own investigation, leading to a waste of resources and possibly divergent results.
The Privacy Commissioner identified interim measures before an international agreement can be reached in the long run, such as establishing a depository of best practices that regulators could access as required. Model clauses for international engagement acceptable by jurisdictions could also be inserted in bilateral or regional agreements.
-End-