Promote the Development of AI
Deepen International Exchanges and Cooperation
Privacy Commissioner Signs a Global Joint Statement on
Privacy-protecting AI with 19 Privacy or Data Protection Authorities Worldwide

The Privacy Commissioner for Personal Data (Privacy Commissioner), Hong Kong, Ms Ada CHUNG Lai-ling, together with 19 commissioners or senior representatives of privacy or data protection authorities around the world, jointly signed a “Joint Statement on Building Trustworthy Data Governance Frameworks to Encourage Development of Innovative and Privacy-protecting AI” (AI Global Joint Statement) on 17 September on the sidelines of the 47^th Global Privacy Assembly (GPA) annual conference (Conference) held in Seoul, Korea. The 20 signatories are privacy or data protection authorities from Australia, Belgium, Bulgaria, Canada, Hong Kong, China, Macao, China, Croatia, Finland, France, Germany, Ireland, Italy, Korea, Luxembourg, the Netherlands, New Zealand, Poland, Spain, Sweden, and the United Kingdom (UK).
 
To ensure artificial intelligence (AI) is compliant with the current legal frameworks, the privacy or data protection authorities advocate incorporating data protection principles by design in the approach to AI systems, establishing robust data governance and anticipating risk management.

 

The AI Global Joint Statement can be downloaded here.

The Conference, hosted by the Personal Information Protection Commission of Korea, was held from 15 to 19 September. The Privacy Commissioner, as co-chair of the Ethics and Data Protection in Artificial Intelligence Working Group (AI Working Group), reported on the work of the AI Working Group to the GPA members. Separately, in response to the privacy risks stemming from AI, members unanimously adopted two AI-related resolutions at the Conference, namely, the “Resolution on Meaningful Human Oversight of Decisions Involving AI Systems” and “Resolution on the Collection, Use and Disclosure of Personal Data to Pre-Train, Train and Fine-Tune AI Models”, both co-sponsored by the PCPD, Hong Kong.
 
On the sidelines of the Conference, the Privacy Commissioner held bilateral meetings with commissioners from privacy or data protection authorities in Australia, Canada, New Zealand, Singapore as well as the European Data Protection Supervisor (EDPS) respectively. These meetings facilitated exchanges on a broad spectrum of data protection issues to tell a good China story and a good Hong Kong story.
 
In addition, the Privacy Commissioner, as co-chair of the International Enforcement Cooperation Working Group, joined fellow commissioners from the privacy or data protection authorities of Canada, Guernsey, Ireland, Kenya, Korea and the UK in a panel discussion organised by the International Enforcement Cooperation Working Group. The Privacy Commissioner also participated in another panel discussion titled “Developing Mechanisms for Cooperation and Collaboration among Data Protection Authorities and Stakeholders”, together with fellow Commissioners from the privacy or data protection authorities of Canada and the UK, as well as the EDPS.
 
The Conference also featured the 2025 Global Privacy and Data Protection Awards Ceremony, which celebrated the achievement of the GPA community in the past year. The “Global Joint Statement on Data Scraping and the Protection of Privacy”, jointly issued by 16 privacy or data protection authorities, including the PCPD, was also shortlisted in the “Accountability” category.
 
The GPA is the leading international forum for over 130 privacy or data protection authorities from around the globe to discuss and exchange views on privacy issues and the latest international developments.

Privacy Commissioner’s Office Welcomes the Chief Executive’s
2025 Policy Address

The PCPD welcomes the array of policy initiatives on promoting the development of AI and cross-boundary data flow set out in the Chief Executive’s Policy Address.
 
The Chief Executive announced in the Policy Address a series of measures to further promote the development of AI and data science, including the implementation of AI government services with strong emphasis on safety risk prevention, and attaching great importance to the governance and risk management of AI applications. The PCPD supports the Government’s policy initiative to set up an AI Efficacy Enhancement Team and set out an “AI literacy” learning framework, and will continue to proactively promote the safe and healthy development of AI, including carrying out promotional and educational activities, further publicising guidelines related to the development and use of AI, including the “Guidance on the Ethical Development and Use of Artificial Intelligence”, the “10 TIPS for Users of AI Chatbots”, the “Artificial Intelligence: Model Personal Data Protection Framework” (Model Framework) and the “Checklist on Guidelines for the Use of Generative AI by Employees” (Guidelines) issued earlier, as well as conducting compliance checks on the use of AI, and continuing to promote “AI Security” Hotline (2110 1155) and thematic webpage. On the international front, the PCPD, as the co-chair of the Ethics and Data Protection in AI Working Group of the Global Privacy Assembly, will continue to strengthen its exchanges and cooperation with the international counterparts, contributing to the formulation of international resolution on addressing privacy risks associated with AI applications.
 
Furthermore, Privacy Commissioner Ms Ada CHUNG Lai-ling, being a member of the Hong Kong Expert Group on Cross-boundary Data Collaboration, warmly welcomes the Government’s initiatives on cross-boundary data flow. The PCPD has worked together with the Cyberspace Administration of China and the Innovation, Technology and Industry Bureau to formulate the facilitation measures of the Standard Contract for Cross-boundary Flow of Personal Information Within the Guangdong–Hong Kong–Macao Greater Bay Area (Mainland, Hong Kong), and will continue to support the Government in fostering the safe and orderly cross-boundary flow of personal data. 

Privacy Commissioner for Personal Data Swears to
Uphold Basic Law and Bear Allegiance to HKSAR

Ms Ada CHUNG Lai-ling was reappointed as the Privacy Commissioner for Personal Data (Privacy Commissioner) on 15 August 2025, with effect from 4 September.

 

Ms Chung took an oath on 1 September, which was administered by the Chief Executive of the HKSAR, Mr John Lee, GBM, SBS, PDSM, PMSM, and swore that she will uphold the Basic Law of the HKSAR of the People's Republic of China (PRC), bear allegiance to the HKSAR of the PRC and serve the HKSAR conscientiously, dutifully, in full accordance with the law, honestly and with integrity.

PRIVACY 101

Embracing Generative AI Responsibly: A Strategic Imperative for Organisations

As generative AI (Gen AI) technologies continue to advance in sophistication, their integration into business operations is no longer a distant prospect but an inevitable development. Organisations across sectors in Hong Kong are increasingly embracing Gen AI to enhance productivity, foster innovation, and maintain a competitive advantage in the age of digital transformation.

 

Banks and fintech firms use it for automated customer service, fraud detection and personalised financial advice. Marketing teams harness its capabilities for copywriting, video production and multilingual translation. Law firms and corporate legal departments utilise Gen AI to draft contracts, summarise case law, and conduct regulatory analysis, among many other uses.  

 

Despite its transformative potential, Gen AI also presents significant challenges, particularly in relation to personal data privacy. Employees may inadvertently input sensitive or personally identifiable information into Gen AI platforms, thereby risking unauthorised disclosure or misuse.

 

To ensure responsible use of Gen AI, organisations should establish robust internal policies that govern employee interactions with these tools, while continuing to leverage the benefits these technologies offer. Key areas for consideration include:

• Scope of Permissible Use of Gen AI: Specify the permitted Gen AI tools, the permissible purposes of use, and the applicability of the policies or guidelines;
  

• Protection of Personal Data Privacy: Provide clear instructions on the types and amounts of information that can be input into the Gen AI tools, how output information may be used and stored, and ensure compliance with relevant data retention, privacy and information security policies;
  

• Lawful and Ethical Use and Prevention of Bias: Prohibit unlawful or harmful use of Gen AI tools, require employees to verify the accuracy of AI-generated outputs, correct and report biased or discriminatory AI-generated outputs, and provide guidelines on watermarking or labelling AI-generated outputs;
  

• Data Security: Specify authorised devices and user groups, require employees to use robust user credentials, maintain stringent security settings in Gen AI tools, and report AI incidents according to the organisation’s AI Incident Response Plan; and
  

• Violations of Policies or Guidelines: Specify the possible consequences of employees’ violations of the policies or guidelines, and refer to the PCPD’s Model Framework for recommendations on establishing Gen AI governance structure and measures.

Organisations should also regularly communicate and update relevant policies or guidelines to employees, provide training and resources to support responsible use, establish a dedicated support team, and implement a feedback mechanism to drive continuous improvement.

 

For more details, please refer to the “Checklist on Guidelines for the Use of Generative AI by Employees”.

 

 

PRIVACY COMMISSIONER’S FINDINGS

Recruitment Platform Wrongfully Sent Out Emails Containing CV Information

Background

 

A recruitment platform reported to the PCPD that job application emails containing the CVs of 4,201 job applicants were erroneously sent to 1,692 companies. The personal data involved included job applicants’ full English and Chinese names, home addresses, mobile numbers, email addresses, genders, dates of birth, nationalities, identity card numbers, marital statuses, education background and work experience. On knowing the incident, the PCPD initiated a compliance check.

 

During the compliance check process, the PCPD revealed that the incident occurred when a server misconfiguration prompted a manual job application resending process. A human sorting error subsequently led to the data mismatch, resulting in job applications being sent incorrectly to the companies.

 

Remedial Measures

 

After the incident, the recruitment platform formed a cross-functional task force to assess impact, resolve the issue, and communicate with external and internal stakeholders. To remove the risk of data mismatch in the future, a fully automated process which eliminates the need for manual interaction with datasets was implemented in addition to a checking mechanism to ensure that job application emails will not be sent out to irrelevant companies.

 

Lessons Learnt

 

Even systems which are predominantly machine-operated may at times require human intervention (such as server misconfiguration in this case). However, human interaction is prone to errors. Therefore, completely automated processes are mostly welcomed, albeit some form of auditing mechanism would still be beneficial.

TECH TALK

Deepfake Technology in the Age of AI: What You Need to Know

The term “deepfake” has become a buzzword in recent years. It refers to the use of AI and deep learning to create videos, images, and audio recordings that look and sound real but are entirely fabricated. These digital creations often depict events or statements that never actually happened, and therefore, deepfake technology has been increasingly associated with a range of harmful applications, such as:

• Impersonating well-known individuals to create misleading or deceptive content;
• Creating fake videos of business leaders to influence financial decisions or authorise fraudulent activities;
• Generating synthetic voice recordings to bypass voice authentication or biometric security systems; and
• Producing explicit or sensitive content using non-consensual face swapping.

In this AI-driven era, it is more important than ever to remain vigilant about the content we consume online. To help protect yourself, here are some common signs that a video or image may be a deepfake:

• Odd patterns, colours, or visual glitches;
• Unnatural blinking or stiff facial movements;
• Lighting that doesn’t match the surroundings;
• Speech that sounds robotic or distorted;
• Lips that don’t match the words being spoken; and
• Poor video or audio quality.

To illustrate that it is easy to produce fake videos in the AI era, Privacy Commissioner Ms Ada CHUNG Lai-ling has demonstrated instant face swapping through AI deepfake technology in a short video produced by the PCPD earlier. Please watch the video at: https://youtu.be/76x0aOzLHVo.

WHAT’S ON

Announcement of the Appointment of New Members of the Personal Data (Privacy) Advisory Committee

The Constitutional and Mainland Affairs Bureau announced the new membership of the Personal Data (Privacy) Advisory Committee (Committee) (https://www.info.gov.hk/gia/general/202509/26/P2025092600351.htm)　on 26 September. The members were appointed for a term of two years from 1 October 2025 to 30 September 2027.
 
The Committee, established under section 11 of the Personal Data (Privacy) Ordinance (PDPO), serves to advise the Privacy Commissioner for Personal Data on matters in relation to protection of personal data privacy.
 
Privacy Commissioner Ms Ada CHUNG Lai-ling is the Chairperson of the Committee. The new membership of the Committee is as follows:

• Ms Ada CHUNG Lai-ling (Chairperson)
• Ms Vena CHENG Wei-yan (new appointee)
• Dr CHOW Kam-pui
• Mr Law FAI
• Mr Joseph LIN Ho-man
• Ms Nikki NG Mien-hua
• Dr Patrick WONG Chi-kwong
• Ms Elsa WONG Yuk-kuen (new appointee)
• Deputy Secretary for Constitutional and Mainland Affairs or Principal Assistant Secretary for Constitutional and Mainland Affairs

Promoting AI Security and Data Security – Privacy Commissioner Publishes an Article on Hong Kong Lawyer

Privacy Commissioner Ms Ada CHUNG Lai-ling published an article titled “Getting Started with Anonymisation: A Practical Guide from the PCPD and Asia Pacific Privacy Authorities” on Hong Kong Lawyer.
 
In the article, the Privacy Commissioner introduced the “Guide to Getting Started with Anonymisation”, which was jointly issued earlier by the PCPD and eight privacy or data protection authorities from the Asia-Pacific region. The Privacy Commissioner explained the role of anonymisation in protecting personal data privacy, particularly by minimising the amount of personal data involved in the customisation and deployment of AI systems, and outlined the recommended steps for organisations to follow when anonymising personal data.

 

Please click here to read the article.

Building National Cybersecurity – Acting Privacy Commissioner Attends 2025 China Cybersecurity Week Hong Kong and Macao Sub-forums

Acting Privacy Commissioner Ms Joyce LAI attended the 2025 China Cybersecurity Week Macao Sub-forum (Macao Sub-forum) on 16 September as an officiating guest, and the 2025 China Cybersecurity Week Hong Kong Sub-forum (Hong Kong Sub-forum) on 19 September. At both events, she exchanged views with cybersecurity professionals from Hong Kong and Macao on topics related to cybersecurity and data security.
 
The Hong Kong Sub-forum was organised by the Digital Policy Office, while the Macao Sub-forum was organised by the Cybersecurity Incident Alert and Response Centre under the coordination of the Judiciary Police of Macao. Both forums were events of the 2025 China Cybersecurity Week organised by the Cyberspace Administration of China. The theme of this year’s China Cybersecurity Week is “Cybersecurity for the People, Cybersecurity Relies on the People – Ensuring High-Quality Development with High-Level Security”.

Promoting AI Safety – Acting Assistant Privacy Commissioner Speaks at the Ius Laboris APAC Conference

The Acting Assistant Privacy Commissioner for Personal Data (Legal) of the PCPD Ms Fiona LAI attended the Ius Laboris APAC Conference in Hong Kong on 17 September and spoke on the panel entitled “Establishing Effective AI Governance Frameworks and Deployment Strategies in the Workplace”.
 

Ms LAI discussed the privacy risks associated with the use of AI in the workplace and the PCPD’s regulatory role. She also shared recommendations and best practices covered in the various AI guidelines published by the PCPD, in particular the Model Framework and the Guidelines. 

 

Please click here for the presentation deck.

Building National Cybersecurity – PCPD’s Representative Delivers Speech at 2025 China Cybersecurity Week Sub-Forum

Senior Legal Counsel of the PCPD Ms Emily CHAN attended the 2025 China Cybersecurity Week in Kunming, Yunnan on 15 and 16 September, and delivered a speech at the Personal Information Protection Sub-Forum (Sub-Forum).
 
The Sub-Forum was jointly organised by the Cyber Security Association of China and the China Electronics Standardization Institute, under the guidance of the Cyber Data Administration Bureau of the Cyberspace Administration of China. At the Sub-Forum, Ms CHAN shared with participants the PCPD’s work on the international and local fronts in safeguarding data security.
 
2025 China Cybersecurity Week was held from 15 to 21 September, under the theme of “Cybersecurity for the People, Cybersecurity relies on the People – Safeguarding High-Quality Development with High-Level Safety”. 

Reaching Out to the Healthcare Sector – PCPD Representative Speaks at the Opening Ceremony of Hospital Authority Cybersecurity Week 2025

Mr Brad KWOK, Chief Personal Data Officer (Compliance and Enquiries) of the PCPD, attended the Opening Ceremony of Hospital Authority Cybersecurity Week 2025 virtually on 15 September and delivered a speech.
 
In his speech titled “Recommendations for the Healthcare Sector on Preventing and Handling Data Breach Incidents”, Mr KWOK highlighted the key points in preventing and handling data breach incidents and elaborated on the implementation of appropriate security measures to enhance data security.

Promoting AI Security – Assistant Privacy Commissioner Speaks at the IAPP Hong Kong KnowledgeNet Chapter Event

The Assistant Privacy Commissioner for Personal Data (Compliance, Global Affairs and Research) of the PCPD Ms Joanne WONG attended the International Association of Privacy Professionals (IAPP) Hong Kong KnowledgeNet Chapter Event titled “AI Governance Approach for MNCs in Hong Kong” on 11 September.
 
Ms WONG delivered a keynote address titled “Enhancing AI Security from Within: A Practical Guide from PCPD”. In her speech, she highlighted the personal data privacy risks posed by the growing adoption of AI across sectors and emphasised the importance of establishing robust AI governance practices. She also provided an overview of the AI guidelines published by PCPD, including the Model Framework and the Guidelines.

Please click here for the presentation deck.

Nurturing Talents – PCPD Summer Internship Programme 2025

The PCPD organised a Summer Internship Programme (Programme) earlier, with a view to offering opportunities to university students to gain early first-hand experience in the public service sector, thereby laying a solid foundation for their future career development.
 
This year, two interns from the University of Hong Kong and the Chinese University of Hong Kong respectively participated in the Programme to work in the Legal Division and the Global Affairs and Research Division of the PCPD. They gained valuable insights into various aspects of the PCPD’s work in safeguarding the personal data privacy of members of the public. 

MEDIA STATEMENT

A 67-year-old Male Arrested for Suspected Doxxing of a Former Employee Arising from Monetary Dispute

The PCPD arrested a Chinese male aged 67 in the New Territories on 29 August. The arrested person was suspected to have disclosed the personal data of a former employee without his consent, in contravention of section 64(3A) of the PDPO.
 
The PCPD’s investigation revealed that the arrested person formerly managed a restaurant which has ceased business, and the victim was an employee of the said restaurant between October and November 2024. There were monetary disputes between the victim and the restaurant after the victim had left his employment, and the victim sought assistance from the Labour Department. In late March 2025, a message containing some negative comments against the victim was posted in a chat group comprising members from the food and beverage industry on an instant messaging application. The post included a partly redacted photo of the victim’s Hong Kong Identity Card (HKID card) which showed his HKID card number, photo, partial Chinese and English names, partial Chinese Commercial Code of the victim’s name, date of birth and gender.
 
The PCPD reminds members of the public that they should not dox others because of monetary disputes. Moreover, identity cards contain sensitive personal data, and any reckless or intentional disclosure or reposting of copies of identity cards without the data subjects’ consent may constitute a doxxing offence. An offender is liable on conviction to a fine up to HK$1,000,000 and imprisonment for five years.

Relevant Provisions under the PDPO

Pursuant to section 64(3A) of the PDPO, a person commits an offence if the person discloses any personal data of a data subject without the relevant consent of the data subject —

1. With an intent to cause any specified harm to the data subject or any family member of the data subject; or
2. Being reckless as to whether any specified harm would be, or would likely be, caused to the data subject or any family member of the data subject.

A person who commits an offence under section 64(3A) is liable on conviction to a fine of HK$100,000 and imprisonment for two years.

Pursuant to section 64(3C) of the PDPO, a person commits an offence if —

1. The person discloses any personal data of a data subject without the relevant consent of the data subject —
   i.  With an intent to cause any specified harm to the data subject or any family member of the data
       subject; or
   ii. Being reckless as to whether any specified harm would be, or would likely be, caused to the data
       subject or any family member of the data subject; and
2. The disclosure causes any specified harm to the data subject or any family member of the data subject.

A person who commits an offence under section 64(3C) is liable on conviction on indictment to a fine of HK$1,000,000 and imprisonment for five years.

According to section 64(6) of the PDPO, specified harm in relation to a person means —

1. Harassment, molestation, pestering, threat or intimidation to the person;
2. Bodily harm or psychological harm to the person;
3. Harm causing the person reasonably to be concerned for the person’s safety or well-being; or
4. Damage to the property of the person.

MAINLAND CORNER

Highlights of the “Cybersecurity Technology – Labelling Method for Content Generated by Artificial Intelligence”

《網絡安全技術 人工智能生成合成內容標識方法》的重點

The Cyberspace Administration of China, Ministry of Industry and Information Technology, Ministry of Public Security and the National Radio and Television Administration jointly released the “Measures for Labelling Content Generated by Artificial Intelligence” (Labelling Measures) in March 2025, aiming to regulate the labelling of content generated by artificial intelligence (AIGC) and promote the healthy development of AI. Article 11 of the Labelling Measures stipulates that labelling activities must comply with the requirements of relevant mandatory national standards.

 

To facilitate the implementation of the Labelling Measures, the State Administration for Market Regulation and the Standardization Administration of China released a mandatory national standard titled “Cybersecurity Technology – Labelling Method for Content Generated by Artificial Intelligence” (Labelling Standard). The Labelling Standard serves as a supporting document to the Labelling Method. Both the Labelling Measures and the Labelling Standard became effective on 1 September 2025.

 

The Labelling Standard provides detailed technical requirements on how to label AIGC with explicit label and implicit label. It is applicable to AI content generation service providers and online information content propagation service providers. This article provides an overview of the Labelling Standard.

 

國家互聯網信息辦公室、工業和信息化部、公安部及國家廣播電視總局於2025年3月聯合發布《人工智能生成合成內容標識辦法》（《標識辦法》）¹，以規範人工智能生成合成內容標識，促進人工智能健康發展。《標識辦法》第十一條提出，開展標識活動時，應當符合相關強制性國家標準的要求。

 

為支撐落實《標識辦法》，國家市場監督管理總局及國家標準化管理委員會發布名為《網絡安全技術 人工智能生成合成內容標識方法》（《標識標準》）²的強制性國家標準，作為《標識辦法》的配套。《標識辦法》及《標識標準》已於2025年9月1日同步實施。

 

《標識標準》提供了以顯式標識及隱式標識對人工智能生成合成內容進行標識的詳細技術要求，適用於生成合成服務提供者及內容傳播服務提供者。《標識標準》的重點如下：

 

標識的類型³
《標識辦法》第三條指出，人工智能生成合成內容標識包括「顯式標識」和「隱式標識」，《標識標準》則進一步闡明：

• 顯式標識指在人工智能生成合成內容或交互場景界面中添加的，以文字、聲音、圖形等方式呈現並可被用戶明顯感知到的標識，主要用途是向公眾提示內容由人工智能生成合成。顯式標識按照標識對象可分為「內容顯式標識」及「交互場景界面顯式標識」；
• 隱式標識指採取技術措施在人工智能生成合成內容文件數據中添加的，不易被用戶明顯感知到的標識，主要用途是記錄生成合成內容相關信息。隱式標識按照標識位置可分為「文件元數據隱式標識」⁴及「內容隱式標識」。

顯式標識的規定⁵
一般而言，顯式標識應包含兩大要素⁶：

• 「人工智能」或「AI」，表明使用人工智能技術；及
• 「生成」和／或「合成」，表明內容製作方式為生成和／或合成。

至於其他詳細要求，則按內容的類型而定：

 

內容顯式標識⁷

 

交互場景顯式標識¹⁰
《標識標準》要求交互場景顯式標識應採用文字提示，字型和顏色應清晰可辨，並且在內容附近及／或交互場景界面頂部、底部、背景等適當位置持續顯示。

 

隱式標識¹¹

《標識標準》對內容隱式標識的要求為「准許採用數字水印等形式」。文件元數據隱式標識則應包含以下五項元素：

1. 內容的人工智能生成合成屬性信息；
2. 生成合成服務提供者的名稱或編碼；
3. 生成合成服務提供者對該內容的唯一編號；
4. 內容傳播服務提供者的名稱或編碼；
5. 內容傳播服務提供者對該內容的唯一編號。

此外，生成合成的內容文件中，應僅保留一份文件元數據隱式標識。文件元數據隱式標識格式的詳情見《標識標準》附錄E。

 

其他相關文件

為協助有關服務提供者落實《標識辦法》及《標識標準》的要求，全國網絡安全標準化技術委員會（網安標委）於2025年8月22日發布了六份網絡安全標準實踐指南¹²，分別涵蓋在視頻、文本、圖片及音頻文件元數據添加隱式標識的具體方法；文件元數據隱式標識的安全防護技術；以及檢測人工智能生成合成內容的框架。

 

總結

國家現正積極推動實施「人工智能+」行動，推動人工智能與經濟社會各行業各領域廣泛深度融合。在此背景下，《標識辦法》及《標識標準》於2025年9月1日正式實施，為各類型人工智能生成合成內容的標識提出詳細要求，促進人工智能健康發展。

 

 

 

 

 

¹ 全文： https://www.cac.gov.cn/2025-03/14/c_1743654684782215.htm。本欄亦曾於2024年11月介紹其《徵求意見稿》。

² 全文： https://www.tc260.org.cn/upload/2025-03-15/1742009439794081593.pdf

³ 《標識標準》第4章。

⁴ 即在人工智能生成合成內容文件元數據 (file metadata)中添加的隱式標識。《標識辦法》第五條指出，文件元數據是指「按照特定編碼格式嵌入到文件頭部的描述性信息，用於記錄文件來源、屬性、用途等信息內容」。

⁵ 《標識標準》第5章。

⁶ 角標形式的文本內容顯式標識，以及音頻節奏標識除外。兩者均只需包含「AI」元素。

⁷ 示例見《標識標準》附錄C。

⁸ 此節奏在摩斯密碼中代表「AI」。

⁹ 漢語正常語速介乎每分鐘約120至160字。

¹⁰ 示例見附錄D。

¹¹ 《標識標準》第6章。

¹² 全文：https://www.tc260.org.cn/front/postDetail.html?id=20250828165129

RECOMMENDED TRAININGS

Professional Workshop on Recent Court and Administrative Appeals Board Decisions 

Legal professionals and compliance officers should keep abreast of the latest decisions and arguments of the court and the Administrative Appeals Board relating to personal data privacy. In this regard, the PCPD lawyer will give you a deep dive into those cases and the commonly deployed provisions of the PDPO, strengthening your understanding of the cases from a legal perspective and the knowledge in the interpretation and application of the PDPO.

 

Date: 15 October 2025 (Wednesday)

 

Time: 2:15pm – 5:15pm

 

Mode: Online

 

Language: Cantonese

 

Fee: $950/$760*

(*Members of the DPOC and supporting organisations may enjoy the discounted fee)

 

Accreditation: 3 CPD points (The Law Society of Hong Kong, Estate Agents Authority, Property Management Services Authority, Hong Kong Institute of Bankers)

 

Who should attend:  Solicitors, barristers, in-house legal counsels, data protection officers and compliance officers, company secretaries and administration managers

Professional Workshop on Data Protection in Direct Marketing Activities

Organisations often use customers’ personal data to conduct direct marketing activities to promote products or services. These activities are governed by the PDPO. Organisations have the responsibility to ensure that their employees clearly understand and comply with the provisions on direct marketing under the PDPO, which also helps organisations maintain a positive reputation and demonstrate their corporate social responsibility. 

This workshop will explain in detail the requirements of the direct marketing provisions under the PDPO and provide participants with practical guidance on compliance and share conviction cases relating to direct marketing, aiming to help participants understand how to properly use customers’ personal data in direct marketing activities. 

 

Date: 22 October 2025 (Wednesday)

 

Time: 2:15pm – 5:15pm

 

Venue: Lecture Room, the PCPD’s Office, 12/F, Dah Sing Financial Centre, 248 Queen’s Road East, Wanchai, Hong Kong

 

Language: Cantonese

 

Fee: $750/$600*

(*Members of the DPOC and supporting organisations may enjoy the discounted fee)

 

Accreditation: 3 CPD points (The Law Society of Hong Kong, Insurance Authority, Estate Agents Authority, Property Management Services Authority, Hong Kong Institute of Bankers)

 

Who should attend: Data protection officers, compliance officers, company secretaries, administration managers, IT Managers, solicitors, database managers and marketing professionals

New Series of Professional Workshops on Data Protection in Nov and Dec 2025:

Online Free Seminars – Introduction to the PDPO Seminar

The PCPD organises free introductory seminars regularly to raise public awareness and their understanding of the PDPO. Details of the upcoming sessions are shown below: 

Seminar Outline:

• A general introduction to the PDPO;
• The six Data Protection Principles;
• Offences and compensation;
• Direct marketing; and
• Q&A session. 

Arrange an In-house Seminar for Your Organisation 

Teaching employees how to protect personal data privacy is increasingly recognised as an important part of employee training. If you wish to arrange an in-house seminar for your organisation to learn more about the PDPO and data privacy protection, you can make a request for an in-house seminar via our online form.

 

The seminar outline is as follows:

• A general introduction to the PDPO;
• The six Data Protection Principles (industry-related cases will be illustrated);
• Data security management;
• Handling of data breach incidents;
• Direct marketing;
• Offences and compensation; and
• Q&A session.

Duration: 1.5 hours

APPLICATION / RENEWAL OF DPOC MEMBERSHIP

Apply or renew your DPOC membership today and enjoy privileged access to course enrolments throughout the year!

 

Special Offer for Organisational Renewals:

Organisations can join the 2-for-1 scheme, which enables you to receive two memberships for the price of one annual fee (HK$450).

 

Join us now to keep up-to-date with the latest news and legal developments!

SUPPORTING EVENTS

PCPD Supports the Hong Kong Volunteer Award 2025

The PCPD is delighted to be one of the supporting organisations of the Hong Kong Volunteer Award 2025. It is a volunteer recognition scheme co-organised by the Home and Youth Affairs Bureau and the Agency for Volunteer Service, supported through “JC VOLUNTEER TOGETHER” Project which is funded by The Hong Kong Jockey Club Charities Trust. Dedicated to recognising the contributions and achievements of outstanding volunteers, corporations, organisations, estates and schools, it is open for applications now.

 

Please click here for more details.

SUGGESTION BOX

The PCPD values the opinions of all our DPOC members. We love to hear your ideas and suggestions on what privacy topics you would like to learn more about. Email your thoughts to us at dpoc@pcpd.org.hk and we shall include the most popular topics in our future e-newsletters.

Contact Us

Address: Unit 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong

Tel: 2827 2827

 

If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
 

Copyright

 

Disclaimer

The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.

The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.

If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.