New Hong Kong Privacy Chief Ready to Assist China

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Murray Griffin

Aug. 31 — Hong Kong's newly-appointed Privacy Commissioner for Personal Data Stephen Kai-yi Wong told Bloomberg BNA in an interview that his office stands ready to assist any efforts by the mainland China to strengthen privacy protections.

Wong, an attorney, has had a career well-suited to dealing with the multi-faceted issue of privacy. He was involved in the legislative process for the 1991 Hong Kong Bill of Rights Ordinance, and he has expertise in World Trade Organization law and resolving legal disputes between Hong Kong and mainland China.

Wong was appointed in July.

His work history also includes a stint with the Hong Kong Department of Justice, where he was “tasked to go to the mainland and promote the concept of two legal systems,” he said.

(Click image to enlarge.)

Wong photo

Wong said that the flow of data between Hong Kong and the mainland “is becoming a significant consideration.”

Mainland China doesn't have laws that similar to those in Hong Kong, Wong said.

“But the other fact is, because of the interaction with Hong Kong perhaps, that people in China are becoming more and more outspoken or aware of the need to provide such a mechanism or such a piece of legislation,” he said.

Rising Awareness

This rising awareness is evident, for example, in discussion forums in the neighboring mainland city of Shenzhen, he said.

People in these forums are talking about whether now is right time for the mainland to consider adopting privacy protections, Wong said.

The issue is gaining further prominence because of telephone scams involving the misuse of the personal data of Hong Kong residents by operations based on the mainland.

“They know that if they misuse the data in Hong Kong they will be caught by our legislation, so they move their bases out of Hong Kong to the neighboring regions,” he said.

Legislation, Local Administrative Measures?

If the mainland government or particular provinces or economic zones decide to introduce privacy controls, “I believe that we in this office might have a role to play, as in the past we did play a certain role in updating the laws of China, in particular in the areas of civil and commercial law,” Wong said.

“There is no reason why we should be slow to share our experience,” he said.

Possible ways forward for mainland China might include legislation or local administrative measures, potentially through a pilot scheme in a province or special economic zone, Wong said.

For example, a new economic zone in neighboring Shenzhen—called Qianhai—aims to promote trade in services and might potentially provide an opportunity for the mainland and Hong Kong to work together on testing a mechanism that could then be adopted more widely, he said.

However, Wong said he won't impose himself if the assistance isn't requested.

“I should not be too ambitious or aggressive in pushing our system, our regulatory framework,” he said. “But if I am invited, if I am asked to do some briefings, I'll be more than happy to do so.”

Cross-Border Data Flows

Hong Kong's Personal Data (Privacy) Ordinance dates from 1995, but its Section 33 provision on cross-border data flows isn't yet in force—a situation that Wong's predecessor, Allan Chiang , described as “embarrassing”.

However, Wong said now isn't the time for him to weigh in with his opinion because the Hong Kong government has commissioned a consultant to conduct a business impact assessment on activating Section 33.

“I believe it will be completed in a few months,” he said.

Wong said the government has listened to the views of his predecessors. Before he took up the post, the privacy office had prepared guidance on Section 33 as well as a “white list” of countries automatically deemed to have satisfied the section's requirements, he said. The white list hasn't been made public.

The guidance has provided a “starting point” for business and the government, he said.

As previous commissioners have already given their views on Section 33, Wong said his role for the moment is “to remain an open mind.”

Once the impact assessment is complete, Wong said he could contribute advice, ranging from implementation guidance to suggestions on “new measures or new ways.”

Privacy, Human Rights

Privacy is a fundamental human right, but not an absolute one, Wong said.

“Privacy or personal data privacy has some limitations or qualifications,” he said. “That is why we have exemptions in our law, like many other jurisdictions.”

In considering privacy as a human rights issue, “we have to consider the international standards or the international practices, but also our local situation, our own culture,” he said. “This is very important.”

It is also crucial to consider the business ramifications of steps taken to protect privacy, Wong said.

“There is a balance to be struck,” he said.

Care must be taken not to provide privacy protection in a way that arbitrarily stifles economic development, he said.

Proposed EU Regulation

Wong added that he would take a close interest in the data protection reform efforts in the European Union.

The EU's proposed data protection regulation, which is being negotiated in a trialogue between the European Parliament, the Council of the European Union and European Commission, aims to unify data protection rules for the 28 EU member states.

The Hong Kong Personal Data (Privacy) Ordinance was reviewed about three years ago, so there is no great urgency for further changes, Wong said. But the EU data protection reform efforts “will certainly be of great assistance” as Hong Kong considers the need for any changes to its law or policies, he said.

To contact the reporter on this story: Murray Griffin in Melbourne at

To contact the editor responsible for this story: Katie W. Johnson at

Request Bloomberg Law: Privacy & Data Security