The Personal Information Protection Law (the "PIPL"), which took effect on 1 November 2021, is Mainland China's (the "PRC") first piece of legislation that relates entirely to data protection and privacy. As the PIPL has extraterritorial effect, the PIPL will not only apply to businesses that have a presence in the PRC, but also to those who process data for (1) providing products or services to natural persons in the PRC, and (2) analysing or evaluating the activities of natural persons in PRC. As a result, many businesses, including those in Hong Kong ("HK"), will need to comply with both the data privacy laws of their home jurisdiction, as well as the PIPL.
In this client alert, we explore some personal data issues (from both a HK law and a PRC law perspective) that we feel are particularly important to businesses operating in HK which provide services to individuals within the PRC. The primary data protection legislation in HK is the Personal Data (Privacy) Ordinance (the "PDPO"). The PRC legal position on the issues explored in this client alert is still evolving and may change in the near future.
于2021年11月1日生效的《个人信息保护法》是中华人民共和国內地(「中国」)第一份完全关乎个人资料保护和隐私的法案。由于《个人信息保护法》具有域外效力,《个人信息保护法》不仅适用于在中国境内运作的企业,也适用于(1)为中国境内的自然人提供产品或服务及(2)分析或评估中国境内自然人活动的企业。因此,许多企业(包括香港特别行政区(「香港」)境内的企业)都需要遵守原属司法管辖区的数据隐私法以及《个人信息保护法》。
在此客户通报内,本所从香港及中国法律的角度探讨了一些个人资料问题(这些问题对于在香港营业并向中国境内人士提供服务的企业特别重要)。香港的主要数据保护法例是《个人资料(私隐)条例》(「私隐条例」)。于本客户通报探讨事宜中国法律仍在发展中,并在不久的未来可能改变。
Click here to read the English version
点击此处阅读中文版本