Privacy laws the foundation for economic development



It is a good idea to raise our perspective above everyday concerns to look at the big picture, the political context in which we operate. Privacy laws do not exist in a vacuum.

When Privacy Laws & Business editorial team members, attended the Privacy Commissioners’ International Conference in Hong Kong last September, we heard Stephen Kai-yi Wong, Hong Kong’s Privacy Commissioner for Personal Data, refer to Hong Kong as a vital tech and legal hub in the Belt and Road project.

This perspective of a privacy law being the foundation for economic development has echoes in the rationale for the EU Data Protection Regulation. The view from the train from Hong Kong Airport to the city, and from the top of Hong Kong’s Lantau Peak, includes the start of the world’s longest bridge over water to link Hong Kong, Guangdong and Macau . These three territories are at the heart of this hub.

The Belt and Road project is a People’s Republic of China (Mainland China) initiative, explained by the PRC government as follows: “The Belt and Road Initiative aims to promote the connectivity of Asian, European and African continents and their adjacent seas, establish and strengthen partnerships among the countries along the Belt and Road, set up all-dimensional, multi-tiered and composite connectivity networks, and realize diversified, independent, balanced and sustainable development in these countries.”

This week, on 14 February, Stephen Wong reported on the work of his office in 2017 at the meeting of Hong Kong’s Legislative Council Panel on Constitutional Affairs (p.27). He said “Given its irreplaceable attributes in respect of the free flow of information as well as its data protection law and framework, Hong Kong is well poised to become the premier data hub for hosting and storage services under ‘One Country, Two Systems’ and opportunities arising from the Belt and Road initiative. It can also help promote the Guangdong-Hong Kong-Macao Bay Area development by facilitating transfer and storage of data, connecting and converging ideas and information between the mainland of China and the rest of the world.”

Hong Kong, as the country in Asia with the oldest privacy law, has experience to offer other countries in the region. PL&B has provided frequent updates in PL&B International Report, since May 1988, and given a platform for explaining the development of Hong Kong’s law starting with a presentation from the chair of the Law Reform Commission at PL&B’s 4th Annual International Conference in 1991.

Macau DPA’s influence via the Chinese and Portuguese languages

Macau, the territory an hour from Hong Kong by hydrofoil, has its own data protection law, the Personal Data Protection Act, adopted in 2005. It is the most European-style law in the region, based on Macau’s history as a former Portuguese colony. We report on our interview at Macau’s Office for Personal Data Protection (pp.24-26) where we discovered a little-known role for Macau’s OPDP, linking Europe and China via the Chinese language; and linking Portuguese speaking countries in Europe, Asia, Africa and Latin America.

This month, I contacted the Head of the Office, Ken Chongwei Yang, to ask about the Guangdong - Hong Kong - Macau Bay Area development. Yang informed me that the Belt and Road initiative is mostly an economic concept, not directly related to Macau’s personal data protection regime. However, in the modern era with rapid developments in the digital economy, it nevertheless concerns processing of huge amount of data, including personal data. In the International Conference held in Hong Kong last year, the IT industries in Hong Kong mentioned their initiative of promoting Hong Kong to be a data hub.

These well-developed data protection regimes will provide advantages for Hong Kong and Macau which can then play important roles to ensure a high level of data protection. As a result, Hong Kong and Macau may become more attractive business sites in the global economy. Although Yang’s office’s work is only on the legal dimension, similar to European Union policy-makers, many business people in the region believe that this three territory hub has direct global economic impacts. Stephen Wong and Ken Yang have discussed these developments but have not taken official positions on the Belt and Road initiative.

3 PL&B events March to July

This edition marks the 31st Anniversary of my launch of this publication. We are now looking forward to the next three events in PL&B’s calendar:

• 28 March, London, GDPR Help! Roundtable
• 30 April, London, GDPR national implementation – more information coming soon
• 2-4 July, St. John’s College, Cambridge, PL&B’s 31st Annual International Conference

We will keep you informed of all of these events and look forward to meeting you there.

Regards,

Stewart Dresner, Publisher

International Report 151

Lead story:

Ireland issues Data Protection Bill to implement the GDPR

The long awaited Irish Data Protection Bill was published on 1 February 2018. Paul Lavery of McCann FitzGerald reports on the potentially controversial issues in the Bill.

Contents also include:

  • Comment: Consistency is critical for EU GDPR
  • Is everything fine with GDPR administrative fines?
  • GDPR national adaptation laws fall behind schedule
  • E-privacy reform
  • ABLI’s intra-Asian focus
  • South Korea: Questioning EU ‘adequacy’
  • Is privacy persistent in the US?
  • Technology giants intend to turn Internet of Things into reality
  • Hungary’s new draft DP law
  • Macau combines Chinese links with Asia’s most European DP law
  • Notifying of data breaches under the GDPR: What? How? When?
  • Implementation of Privacy Shield framework ongoing
  • EU Art 29 WP adopts documents on BCRs and adequacy
  • Italy amends Data Protection Code
  • Facebook in breach of German law
  • Scanning websites for 3rd parties
  • US states adopt new legislation
  • DPO qualifications in Ireland
  • Spain adopts DPO certification
  • Hong Kong: Data breach notifications increase
  • EU citizens plan to use GDPR rights
  • Catalan privacy competition
  • GDPR app launched