HK needs to introduce GDPR-like rules to protect personal data

January 30, 2019 10:23
Google was fined by the French data protection watchdog under terms laid out in the pan-European General Data Protection Rules. Photo: Reuters

Google has received a fine of nearly 44 million euros from France’s privacy regulator for breaching the EU’s data protection rules. Commission Nationale de l'Informatique et des Libertés(CNIL), the French privacy watchdog, used the General Data Protection Rules (GDPR) to punish Google.

The watchdog said Google violated EU law in two ways: one, lack of transparency, and two, using customer data for personalized advertisements without proper consent. The case marked the first time GDPR was used since it took effect on May 25, 2018.

Google has already changed its policy to adapt to the new rules. However, the French regulator said: “The infringements observed deprive the users of essential guarantees regarding processing operations that can reveal important parts of their private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations.”

Looking at businesses, we've seen that it's not only the tech behemoths like Google and Facebook that are facing data privacy issues, entities such as airlines and hotels have also been caught up in the problem.

I believe cases of companies getting fined for data privacy issue will keep coming.

EU has moved ahead of other jurisdictions in protecting personal privacy. There is no such equivalent in the US yet for instance, and the situation is also the same in Hong Kong.

Things could, however, improve here as the Privacy Commissioner for Personal Data (PCPD) is mulling an overhaul of the existing Personal Data (Privacy) Ordinance to keep up with the changing environment.

This article appeared in the Hong Kong Economic Journal on Jan 29

Translation by Julie Zhu

[Chinese version 中文版]

– Contact us at [email protected]


Hong Kong Information Technology Federation honorary chairman