Media Statements

Privacy Commissioner Publishes “A Brief Summary on the Regulations in the Mainland of China Concerning Personal Information and Cybersecurity Involved in Civil and Commercial Affairs”
To Promote Understanding of Personal Data Protection Regulations in the Mainland of China for Business Sector to Grab Business Opportunity in Greater Bay Area’s Massive Online Market

The Privacy Commissioner for Personal Data, Hong Kong (Privacy Commissioner) Mr Stephen Kai-yi WONG today published a Chinese booklet entitled “A Brief Summary on to the Regulations in the Mainland of China Concerning Personal Information and Cybersecurity Involved in Civil and Commercial Affairs” (the Booklet), which provides an overview of related regulations regarding personal data protection in the mainland of China. The Booklet attempts to serve as a handy kit to help the business sector better understand the relevant regulatory regime, so that they could expand their online business smoothly in the Greater Bay Area and maximize business benefits. The Booklet also aims to improve global interoperability of data protection regulatory frameworks, so as to promote cross-border data flow and development of data economy. 

"To take full advantage of the vast online market in the mainland of China, one should not ignore its network supervision policies and related regulatory restriction. I hope that organisations and enterprises having connections or business relationships with the mainland of China, including individual development in online marketing would benefit from the Booklet, which helps them master relevant laws and regulations, thereby boost the development of the Greater Bay Area. I also hope that the Booklet can be a directional guide for innovative technology companies to understand the major updates when developing and applying big data, cloud computing, artificial intelligence and other technologies”, the Privacy Commissioner said. 

At present, the regulations concerning the protection of personal information in the mainland of China are covered by an assortment of normative instruments, such as laws, administrative regulations, departmental rules and guidelines, and the relevant regulatory framework is ever-expanding. In addition, the mainland of China is moving towards treating the right to privacy and personal information as an independent moral right with the introduction of civil protection.

With the promulgation of various regulations, the privacy and personal information of the general public are protected in a greater and more extensive extent. However, owing to the multiplicity of regulations on the protection of personal information in the mainland of China, enterprises looking for business ventures in this emerging market are encountering compliance challenges. 

In light of this, the Booklet consolidates and introduces current relevant regulations and cases in the mainland of China, and also sets out and compares the privacy laws of Hong Kong and the mainland of China. For instance, China’s Cybersecurity Law requires that personal information and important data collected and generated by operators within the mainland of China should be stored locally. The Administrative Measures for Data Security (Consultation Draft) stipulates that network operators should register with the cyberspace administration and appoint a person responsible for data security, if the network operators intend to collect sensitive personal information. Concerning sanctions for violating personal information regulations, they are more stringent in the mainland of China than in Hong Kong.

This afternoon, the Privacy Commissioner also held “China Cybersecurity Law Conference - New Legal and Regulatory Updates, Practical Implications and Challenges”. Adjunct Professor Jason Lau, Regional Lead and Co-Chair of the International Association of Privacy Professionals (IAPP) was MC and moderator of the conference. The Privacy Commissioner Mr Stephen Kai-yi WONG and Attorney Barbara Li, Partner of Norton Rose Fulbright, Beijing from Beijing were keynote speakers. Mr Allen Ting, Senior Legal Counsel of Huawei, and Mr Bernard Tan, Chief Counsel, Cybersecurity of SAP took part in an in-depth panel discussion with the two keynote speakers, sharing the latest development and impact of personal data protection in the mainland of China with over 100 attendees, including management executives of banking, insurance, legal and other sectors, and legal and compliance practitioners.  

The Privacy Commissioner said, “Broadly speaking, the data protection regime of the mainland of China is in a decentralised state. However, it should be noted that authority in the mainland of China has put personal information protection on its legislative agenda. In other words, a comprehensive personal information protection law in the mainland of China is expected to be in place in the near future.”

“A Brief Summary on the Regulations in the Mainland of China Concerning Personal Information and Cybersecurity Involved in Civil and Commercial Affairs” (in Chinese) is now available to be downloaded at PCPD website: 
https://www.pcpd.org.hk/tc_chi/resources_centre/publications/books/files/pcpd_china_law_book2019.pdf