How Multinational Corporations and Tech Companies Cope with HK and International Privacy Protection Laws

Course Valid period: 60 days after success payment

In the era of big data, the urgent need to grasp the understanding of privacy laws become more and more imminent, as mastering consumers’ personal data in a legal way becomes the competitive edge of all businesses and organizations. For instance, using customers’ personal data can help identifying potential customers, locating the consumption needs of existing customers, enabling price discrimination and etc.

Lawyers who are consultants and legal advisors to corporate customers with the needs to collect and use personal data must be familiar with privacy laws, not just the laws applicable in Hong Kong, but also applicable to jurisdictions where the corporate customers have operation and businesses.

In addition to the economic values of collecting and using personal data, employment and human resource management for general corporates, consumer credit data for money lending business, or even announcement of exam result by educational organizations are all relevant to privacy.

Jurisdictions around the World share similar privacy protection principles, but having significant difference in details. In this course, we will use Hong Kong’s Personal Data (Privacy) Ordinance (“PDPO”) as an introduction to present the privacy protection principles, and then comparing the principles with the European Union’s General Data Protection Regulation (“GDPR”) and the latest China’s Personal Information Law (“PIPL”) 《个人信息保护法》.

In particular, both the GDPR and PIPL add significant legal and practical risks to cross-border data transfers. Given the prevalence of China business, this seminar brings together specialists on the compliance with GDPR and PIPL and will be highly practical. 

What is personal data?

• Some information is not regarded as personal data and hence not protected in Hong Kong
• “Sensitive personal data” needs special care in the EU and China

Collection of clients’ personal data

• Does the use of fingerprint reader breaching data protection rules?
• Google fined €50 million for collecting personal data inappropriately

Protection of clients’ personal data

• Risk assessment exercise requested in the EU and China
• Appointment of designated officer to handle personal data complaints
• Cybersecurity incidents, linking with national security in China

Cross-Border Transfer of Personal Data

• Generally not allowed in the EU and China
• How to apply governmental approval for cross-border transfer?

Privacy issues relating to online services and technology

• Use of cookies and tracking technologies
• Marketing in social network, e.g., Facebook, WeChat
• Facial recognition techniques for public security reasons, or mobile phone app

Examples of big companies

• Google and Microsoft analyzing clients’ data
• Mobile phone browser’s advertisement, e.g., Apple, Samsung, Huawei
• E-wallet privacy protection, e.g., Alipay, Payme
• Artificial Intelligence, e.g., ChatGPT
• Online shopping and traveling, e.g., air ticket purchasing and hotel booking