Our weekly round-up of the best news, stories and opinion from Hong Kong.
This week: a new data sharing partnership between two of the world’s biggest tech companies; the city’s plans to impose strict new penalties on unsolicited commercial communications; and China’s tighter new regulations for cross-border data transfers.
A new partnership between the US-based technology giant Amazon and the Chinese internet search engine Baidu will see some of the world’s most valuable data being shared across borders – albeit subject to a strict set of rules. The data will be used to power artificial intelligence (AI) systems that are to improve the user experience on both platforms. This is part of a wider effort by both companies to make their services more competitive in the global marketplace, and also to ensure that they have access to the latest AI capabilities.
The data sharing partnership will allow Amazon’s Alexa voice assistant to access a number of Baidu services, including its search function. The service will then be able to use this information to better understand how users interact with their devices, as well as tailor its own features accordingly. This will likely result in a more tailored and personalised experience for customers, as well as potentially opening up a whole new world of potential applications for the devices in which they are installed.
In Hong Kong, the definition of personal data is governed by the Personal Data (Privacy) Ordinance (“PDPO”). This was first enacted in 1996 and is broadly consistent with international norms of the meaning of the term, as reflected in laws like the Personal Information Protection Law that applies in mainland China and the General Data Protection Regulation that applies in the European Economic Area.
As a matter of practice, the PCPD requires that the data user expressly informs the data subject on or before the collection of his personal data about the purposes for which the personal data will be used, and the classes of persons to whom the data may be transferred. It does not require the data user to obtain the voluntary and express consent of the data subject to transfer his personal data for a new purpose, although this step is obviously markedly less onerous in Hong Kong than in the EU.
A recent discussion paper published by the government explored a number of possible changes to the PDPO, and it has been mooted that the definition of personal data should be revised to include the concept of “personal information that relates to an identified or identifiable person”. Such a change, if implemented, would catch a much broader range of uses than the current law does. However, this change is unlikely to be enacted in the short-term. This is mainly because there is already a comprehensive register of data users in the territory, and so any data transfers are likely to be regulated under that regime. It may, however, be a useful long-term goal for the PDPO to consider.