PCPD e-NEWSLETTER
ISSUE June 2026
|
|
|
|
|
PCPD e-NEWSLETTER
ISSUE June 2026
|
|
|
|
|
Privacy Commissioner’s Office Successfully Holds 30th Anniversary Privacy Protection Summit Over 400 Participants from Hong Kong, the Chinese Mainland and Overseas Gather Together to Witness the Launch of “Hong Kong International Data Privacy Academy”
|
The Secretary for Justice, the Hon Mr Paul LAM Ting-kwok, GBS, SC, JP (middle); the Deputy Commissioner of the Office of the Commissioner of the Ministry of Foreign Affairs of the People’s Republic of China in the HKSAR, Dr LI Yongsheng (second right); the Director-General of the Department of Law of the Liaison Office of the Central People’s Government in the HKSAR, Mr LIU Chunhua (second left); the USCMA, Mr Clement WOO Kin-man, MH, JP (first left); and Privacy Commissioner Ms Ada CHUNG Lai-ling, SBS (first right), hosted the kick-off ceremony of the Summit and the launch ceremony of the Academy.
|
Officiating guests, together with distinguished attendees, including the first Privacy Commissioner, Mr Stephen LAU Ka-men, JP (front row, second right); Member of the Legislative Council (LegCo) and former member of the Personal Data (Privacy) Advisory Committee (PD(P)AC) of the PCPD, the Hon Carmen KAN Wai-mun, JP (front row, third left); LegCo Members, the Hon Duncan CHIU (front row, first right), the Hon Grace CHAN Man-yee (front row, second left), the Hon Nick CHAN Hiu-fung, BBS, MH, JP (front row, first left); PD(P)AC members, Mr LAW Fai (back row, third left), Dr Patrick WONG Chi-kwong (back row, second left) and Ms Elsa WONG Yuk-kuen (back row, first left); member of the Standing Committee on Technological Developments (SCTD) of the PCPD, Dr Welland CHU (back row, third right); and former SCTD members, Mr Francis FONG Po-kiu (back row, second right) and Adjunct Professor Jason LAU (back row, first right), took a group photo.
|
In the presence of the Secretary for Justice, the Hon Mr Paul LAM Ting-kwok, GBS, SC, JP (middle), and other officiating guests, Privacy Commissioner Ms Ada CHUNG Lai-ling, SBS (second right) and the representatives of signatories of MoUs from different privacy or data protection authorities, including the Chairperson of the Personal Information Protection Commission of Korea, Dr Kyung Hee SONG (first left); and the Commissioner of the Personal Data Protection Commission of Singapore, Ms Denise WONG (first right), took a group photo.
|
Officiating guests and attendees took a group photo with the AI robot, Bobby.
|
The PCPD, established in 1996, celebrates the monumental milestone of its 30th anniversary this year. Under the celebration theme “Protecting Privacy ‧ Embracing Innovation”, the PCPD has introduced a series of commemorative initiatives throughout the year. The highlights include the “PCPD 30th Anniversary Privacy Protection Summit” (the Summit) and the launch ceremony of the “Hong Kong International Data Privacy Academy” (the Academy). The Summit concluded successfully on 16 June, drawing over 400 participants from Hong Kong, the Chinese Mainland and overseas, who gathered together to witness the landmark moment for the PCPD’s 30th anniversary as it embarked on a new chapter in its future development. The Summit was officiated by the Secretary for Justice of the Government of the Hong Kong Special Administrative Region (the HKSAR) (the Secretary for Justice), the Hon Mr Paul LAM Ting-kwok, GBS, SC, JP, who also delivered the opening remarks. Other officiating guests, including the Deputy Commissioner of the Office of the Commissioner of the Ministry of Foreign Affairs of the People’s Republic of China in the HKSAR, Dr LI Yongsheng; the Director-General of the Department of Law of the Liaison Office of the Central People’s Government in the HKSAR, Mr LIU Chunhua; the Under Secretary for Constitutional and Mainland Affairs of the HKSAR Government (the USCMA), Mr Clement WOO Kin-man, MH, JP; and the Privacy Commissioner for Personal Data (Privacy Commissioner), Ms Ada CHUNG Lai-ling, SBS, joined the Secretary for Justice in officiating the kick-off ceremony of the Summit and the launch ceremony of the Academy. Launch of the “Hong Kong International Data Privacy Academy” While celebrating the 30th anniversary of the PCPD, the Secretary for Justice, the Hon Mr Paul LAM Ting-kwok, GBS, SC, JP, officiated the launch ceremony of the “Hong Kong International Data Privacy Academy” at the Summit. The establishment of the Academy aims to actively align with the National 15th Five-Year Plan, support Hong Kong’s development as an international hub for high-calibre talents and leverage Hong Kong’s distinctive advantages of enjoying the strong support of the Motherland and being closely connected to the world under the “One Country, Two Systems” principle. The Academy also aims to support the formulation and implementation of Hong Kong’s first Five-Year Plan by the HKSAR Government under the leadership of the Chief Executive, thereby actively integrating into and serving the overall national development. The Academy will provide flagship training programmes on privacy/personal data protection matters for organisations, privacy protection practitioners and other stakeholders in Hong Kong, the Chinese Mainland and other parts of the world. The programmes, which include introductory seminars, professional workshops, topical seminars on emerging issues, dialogue with experts, in-house seminars and online training, are supported by various professional associations and industry groups. For details, please visit the website of the Academy:
https://www.pcpd.org.hk/english/education_training/academy/introduction.html “PCPD 30th Anniversary Privacy Protection Summit” and the “65th Asia Pacific Privacy Authorities Forum” Held in celebration of the 30th anniversary of the PCPD, the Summit brought together representatives from privacy regulators, experts, industry leaders and academics from Hong Kong, the Chinese Mainland and overseas to discuss the implications of emerging technologies such as artificial intelligence (AI) on privacy protection and the development of data privacy protection in different jurisdictions, including the Chinese Mainland. Experts from the Chinese Mainland also discussed how the Country navigates the balance between safeguarding data privacy and fostering innovation in the digital era. At the Summit, the Privacy Commissioner of Canada and Chair of the Global Privacy Assembly, Mr Philippe DUFRESNE, delivered a keynote speech virtually titled “The Future of Global Privacy Protection in the Age of AI”. Other guest speakers included the Director of International, Domestic and Stakeholder Relations, Office of the Privacy Commissioner, Canada, Mr Miguel BERNAL-CASTILLERO; the Chairperson of the Personal Information Protection Commission of Korea, Dr Kyung Hee SONG; the Commissioner of the Personal Data Protection Commission of Singapore, Ms Denise WONG; Committee member of the National Technical Committee 260 on Cybersecurity of Standardization Administration of China, Mr Yanqing HONG; Partner of Reed Smith LLP (Shanghai Office), Ms Barbara LI; and Professor Guobin ZHU, JP, of the School of Law of City University of Hong Kong. The Summit was an open session of the “65th Asia Pacific Privacy Authorities Forum” (APPA Forum), which was also one of the celebratory events of the 30th anniversary of the PCPD. The APPA Forum, hosted by the PCPD from 16 to 17 June, brought together over 100 representatives from privacy or data protection authorities across the Asia-Pacific region to discuss a wide array of global privacy issues and share regulatory and enforcement experiences. Signing of Memoranda of Understanding To further strengthen cooperation with privacy or data protection authorities from different jurisdictions and enhance collaboration in promoting personal data privacy protection, the PCPD signed Memoranda of Understanding (MoUs) with the Personal Information Protection Commission of Korea and the Personal Data Protection Commission of Singapore on the sidelines of the Summit. The MoUs establish a closer collaboration framework for the parties to jointly address the privacy challenges posed by the advancement of AI.
|
Privacy Commissioner’s Office Hosts the 65th Asia Pacific Privacy Authorities Forum
|
The USCMA, Mr Clement WOO Kin-man, MH, JP (middle), and Privacy Commissioner Ms Ada CHUNG Lai-ling, SBS (fifth left) took a picture with commissioners and senior representatives of delegations from other jurisdictions in the Asia-Pacific region.
|
Privacy Commissioner Ms Ada CHUNG Lai-ling, SBS (first row, middle) took a picture with participants of the 65th Asia Pacific Privacy Authorities Forum.
|
The PCPD hosted the 65th Asia Pacific Privacy Authorities (APPA) Forum (Forum) from 16 to 17 June in Hong Kong. More than 100 representatives from privacy or data protection authorities across the Asia-Pacific region attended the Forum to exchange insights on topical privacy issues, share recent regulatory developments and enforcement challenges, and explore best practices in the protection of personal data privacy. The Forum also formed part of the commemorative events marking the 30th anniversary of the establishment of the PCPD.
The Forum was chaired by the Privacy Commissioner Ms Ada CHUNG Lai-ling. On the first day of the Forum, the Assistant Privacy Commissioner (Complaints and Criminal Investigation) Ms Rebecca HO Kan-yeuk provided an update on the tremendous success of PCPD’s enforcement and promotional as well as educational efforts in combatting doxxing since the introduction of anti-doxxing provisions in the Personal Data (Privacy) Ordinance (PDPO) in October 2021.
On the second day of the Forum, the Privacy Commissioner, as co-chair of the International Enforcement Cooperation Working Group of the Global Privacy Assembly, reported on the work of the Working Group to the attendees. In addition, the Assistant Privacy Commissioner (Compliance, Global Affairs and Research) Mr Alex CHAN Chung-man provided an overview of the PCPD’s guidance on “Abuse of AI Deepfakes: Toolkit for Schools and Parents” published in December 2025.
Following two expert presentations on key data protection and privacy risks associated with agentic AI and the regulation of emerging AI technologies in China, the Privacy Commissioner, together with the Commissioner of the Personal Data Protection Commission of Singapore, Ms Denise WONG, co-hosted a roundtable discussion entitled “Agentic AI: Regulatory Implications and Emerging Risks” and engaged in candid exchanges with commissioners and representatives from privacy or data protection authorities attending the Forum. The discussion explored whether existing privacy protection frameworks are sufficient to address the evolving privacy risks posed by agentic AI, and highlighted key challenges faced by privacy regulators in the era of AI.
Major themes discussed at the 65th APPA Forum included:
- Legislative developments;
- Enforcement challenges;
- Data breaches;
- The governance of AI, including agentic AI, and other emerging technologies; and
- Children’s privacy.
The Forum also received work updates from various global privacy networks, including the following three privacy networks reporting to the APPA for the first time:
- The Lusophone Personal Data Protection Network, with an update presented by the Personal Data Protection Bureau of Macao, China;
- The British, Irish and Islands Data Protection Authorities, with an update presented by the Office of the Data Protection Authority of the Bailiwick of Guernsey; and
- The Network of African Data Protection Authorities, with an update presented by the National Data Protection Commission of Cabo Verde.
|
|
|
|
Developing AI Responsibly – A Practical Guide for Organisations
|
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
PRIVACY COMMISSIONER’S FINDINGS
|
Unencrypted Personal Data Transmitted in Mobile Applications
|
|
|
Stay Alert before Sending a Prompt
|
|
|
|
Appointments of Two New Members to the Standing Committee on Technological Developments of the PCPD
|
HONG KONG INTERNATIONAL DATA PRIVACY ACADEMY
|
Free Online Seminars: Introduction to the PDPO
|
Arrange an In-house Seminar for Your Organisation
|
APPLICATION / RENEWAL OF DPOC MEMBERSHIP
|
PCPD Supports the Cyber Security Staff Awareness Recognition Scheme 2026/27
|
PCPD Supports the HKIoD Award for Director Excellence 2026
|
PCPD Supports the Hong Kong ICT Awards 2026 – FinTech Award and Smart Business Award
|
|
|
Promoting Privacy Protection in AI – Privacy Commissioner Delivers Opening Speech at Cybersecurity Forum 2026
|
Reaching Out to the Community – Privacy Commissioner Attends the Hong Kong Volunteer Award 2026 Kick-off Ceremony cum AVS Volunteer Network Gathering
|
Reaching Out to the Community – Privacy Commissioner Interviewed by Media on the Establishment of the “Hong Kong International Data Privacy Academy”
|
Enjoying Strong Support of the Motherland and Being Closely Connected to the World – Privacy Commissioner Welcomes Delegation from the Data Protection Authorities of Macao, São Tomé e Príncipe and Cabo Verde
|
Promoting Privacy Protection in AI – Privacy Commissioner Speaks at Panel Discussion at “Agentic HK: HKGAI V3 Large Language Model Launch and Ecosystem Collaboration Conference”
|
Reaching Out to the Accounting Sector – Privacy Commissioner Attends Cocktail Reception in Celebration of the 20th Anniversary of the AWAHK
|
Reaching Out to the Community – Assistant Privacy Commissioner Speaks at an AI Workshop
|
Reaching Out to the Community – Assistant Privacy Commissioner Interviewed by Media on the Findings of Compliance Checks Regarding Organisations’ Use of AI
|
Protecting Privacy ‧ Embracing Innovation; PCPD Launches the “Privacy Awareness Week 2026”
|
|
|
Highlights of the “Measures for Network Data Security Risk Assessment” 《網絡數據安全風險評估辦法》的重點
|
EU: European Parliamentary Research Service (EPRS) Publishes Briefing on Digital Omnibus on AI
|
EU: Parliament Approves AI Act Simplification Measures
|
EU: Europe's Cloud and AI Development Act: Grand Ambition, Fragile Foundations
|
UK: Government Bans Social Media Platforms from Offering Services to Children under 16
|
|
|
|
Developing AI Responsibly – A Practical Guide for Organisations
|
AI technology is increasingly adopted by organisations across all sectors. In daily operations, banks would use AI to assess the creditworthiness of customers and detect money laundering; healthcare providers would use AI to analyse medical records; and other organisations would use AI to assess job applications.
While AI offers substantial benefits by saving manpower and enhancing operational efficiency, as AI commonly involves the use of personal data, its development and use pose genuine challenges to privacy and data. To develop and use AI in a lawful and ethical manner, organisations should take into consideration the recommended practices in the following key areas:
- Formulate an AI strategy: Organisations should devise policies on the application of privacy and data security by design in the AI life cycle to steer the development and use of AI;
- Risk assessment and human oversight: A comprehensive risk assessment could assist organisations to systematically identify, analyse and evaluate privacy risks in the development and use of AI. Additionally, human oversight is also a key measure for mitigating the risks of using AI;
- Data preparation for AI: Organisations should take all practicable steps to ensure compliance with the requirements under the PDPO, including collecting an adequate but not excessive amount of personal data by lawful and fair means, and refraining from using personal data for any purpose that is not compatible; with the original purpose of collection;
- Development of AI models: Organisations should perform rigorous testing of AI models to ensure their reliability, robustness and fairness, and implement measures to minimise the risk of malicious input or training data being fed into the AI system;
- Management and monitoring of AI systems: AI systems should be monitored and reviewed continuously as the risk factors regarding the application of AI systems may change over time. Organisations should also conduct periodic review of the AI models to ensure that they are operating and performing as intended; and
- Communication and engagement with stakeholders: Organisations should clearly and prominently disclose the use of AI systems to individuals and provide adequate information on the purposes, benefits, limitations and effects of using AI in their products or services.
For further guidance, please refer to the “Guidance on the Ethical Development and Use of Artificial Intelligence”.
|
|
|
|
PRIVACY COMMISSIONER’S FINDINGS
|
Unencrypted Personal Data Transmitted in Mobile Applications
|
Background
In monitoring personal data risks, the PCPD may inspect the activities of a data user involving large-scale collection and use of personal data.
In the second half of 2020, the PCPD conducted security testing to determine whether the mobile applications (apps) developed or operated by local enterprises which involved the collection of customers’ personal data complied with Data Protection Principle 4.
The PCPD found that 14 apps did not use adequate encryption to securely transmit personal data. As such, attackers could secretly eavesdrop or modify the transmission data.
Remedial Measures
All enterprises concerned took the PCPD’s advice and implemented adequate encryption in their apps to protect personal data transmission.
Lessons Learnt
Online activities and transactions are convenient but carry non-negligible risks to personal data privacy. Personal data collected by different apps may end up in the hands of hackers if such data is not protected by stringent security measures.
Organisations must protect and respect personal data to garner the trust of their customers to remain competitive. Organisations should regularly review and update their apps to ensure the security of personal data.
|
Stay Alert before Sending a Prompt
|
From writing assistants to image generators, Generative AI (Gen AI) tools have quickly become part of our work and our daily lives. Powerful, fast and increasingly accessible, they are reshaping what individuals can accomplish on their own.
Yet, these tools also come with risks on personal data that are easy to be overlooked. Personal data entered into Gen AI platforms may be stored or used for retraining purposes, which raises data breach concerns. Gen AI technologies can also be exploited by malicious actors to generate phishing emails, fake news or malicious code for scams and cyberattacks. Furthermore, AI-generated content may unintentionally infringe existing copyrights or trademarks.
With the right precautions, however, these risks can be effectively managed. Here are some practical steps to help you navigate Gen AI safely:
- Guard your personal data: Avoid entering any personal data or sensitive information, and use anonymous methods to safeguard privacy;
- Pick a trustworthy platform: Select trustworthy Gen AI service providers that comply with privacy policies;
- Curb malicious use of Gen AI: Verify the authenticity, legality and appropriateness of generated content before using or disseminating it;
- Think before you share: Do not share or forward unverified or suspicious content;
- Be transparent about AI-generated content: Indicate clearly when the content is made using GenAI; and
- Respect intellectual property: Delete or modify the generated content promptly if it is found to have infringed intellectual property rights.
|
|
|
|
Promoting Privacy Protection in AI – Privacy Commissioner Delivers Opening Speech at Cybersecurity Forum 2026
|
Privacy Commissioner Ms Ada CHUNG Lai-ling attended the Cybersecurity Forum 2026 organised by the Hong Kong China Network Security Association (HKCNSA) on 25 June and delivered an opening address. The theme of the Forum was “Compliance vs. Achieving Business Objectives: From Data Privacy to AI Governance”. In her speech, the Privacy Commissioner highlighted the importance of enterprises integrating data privacy and compliance requirements into their AI governance strategies, and emphasised that rigorous data protection and strong AI governance are the very foundation of sustainable business growth. In addition, Assistant Privacy Commissioner (Compliance, Global Affairs and Research) Mr Alex CHAN Chung-man participated in a panel discussion with other speakers to explore trends in the adoption of AI in the banking and financial sectors, as well as its impact on information security and data privacy. Please click here for the Privacy Commissioner’s speech.
|
Reaching Out to the Community – Privacy Commissioner Attends the Hong Kong Volunteer Award 2026 Kick-off Ceremony cum AVS Volunteer Network Gathering
|
Privacy Commissioner Ms Ada CHUNG Lai-ling attended the Hong Kong Volunteer Award (Award) 2026 Kick-off Ceremony cum Agency for Volunteer Service (AVS) Volunteer Network Gathering on 24 June and engaged with participants from various sectors.
Co-organised by the Home and Youth Affairs Bureau and the AVS, the Award marks its fifth anniversary this year. The Award aims to recognise the contributions and achievements of volunteers, youth, uniformed groups, corporations, organisations, estates and schools in serving the community. The Privacy Commissioner has been an honorary advisor to the Award since 2023.
|
Reaching Out to the Community – Privacy Commissioner Interviewed by Media on the Establishment of the “Hong Kong International Data Privacy Academy”
|
Privacy Commissioner Ms Ada CHUNG Lai-ling was interviewed by RTHK Radio 1’s “HK2000” on 18 June to introduce the background, objectives and future development directions of the establishment of the Academy by the PCPD.
The Privacy Commissioner explained that the PCPD established the Academy to proactively align with the National 15th Five-Year Plan, support Hong Kong’s development as an international hub for high-calibre talents, and support the formulation and implementation of Hong Kong’s first Five-Year Plan by the Government of the HKSAR under the leadership of the Chief Executive, thereby actively integrating into and serving the overall national development. Based in Hong Kong with an international perspective, the Academy will provide a platform to strengthen collaboration in education and training among privacy or data protection authorities, academia and experts from Hong Kong, the Chinese Mainland and overseas.
She noted that the Academy offers a diverse range of training programmes, including introductory seminars, professional workshops, topical seminars on emerging issues, dialogues with experts and in-house seminars. The PCPD’s 30th Anniversary Privacy Protection Summit held on 16 June was the Academy’s launch event. The Summit brought together representatives from privacy regulators from Hong Kong, the Chinese Mainland and overseas to explore the opportunities and challenges posed by emerging technologies such as AI to privacy protection.
The Privacy Commissioner added that the PCPD has long attached great importance to public education. In the past year alone, it organised over 460 educational activities, including professional courses, seminars and workshops, attracting around 60,000 participants. She envisaged that the Academy would further enhance Hong Kong’s influence in data privacy education and contribute to promoting “AI for All” training among the wider community.
Click here to listen to the interview by RTHK Radio 1’s “HK2000” (Chinese only).
|
Enjoying Strong Support of the Motherland and Being Closely Connected to the World – Privacy Commissioner Welcomes Delegation from the Data Protection Authorities of Macao, São Tomé e Príncipe and Cabo Verde
|
Pursuant to the signing of a MoU with the Personal Data Protection Bureau of Macao in July 2025, in order to strengthen collaboration and communication between the parties, the PCPD received a delegation led by Mr Ken YANG Chongwei, Director of the Personal Data Protection Bureau of Macao, Mr José Manuel Macumbo Costa Alegre, President of the National Agency for Personal Data Protection of São Tomé e Príncipe and Mr Faustino Varela Monteiro, President of the Network of African Data Protection Authorities and President of the National Data Protection Commission of Cabo Verde on 5 June. The delegation met with the Privacy Commissioner Ms Ada CHUNG Lai-ling and representatives of the PCPD. During the meeting, the parties exchanged views on various aspects of personal data privacy protection, particularly in light of the challenges posed by emerging technologies such as AI. They also introduced their latest work and strategic priorities, with a view to strengthening mutual understanding and fostering closer cooperation between the organisations.
|
Promoting Privacy Protection in AI – Privacy Commissioner Speaks at Panel Discussion at “Agentic HK: HKGAI V3 Large Language Model Launch and Ecosystem Collaboration Conference”
|
Privacy Commissioner Ms Ada CHUNG Lai-ling attended the “Agentic HK: HKGAI V3 Large Language Model Launch and Ecosystem Collaboration Conference” organised by the Hong Kong Generative AI Research and Development Center (HKGAI) on 3 June, where she spoke as a panellist at the roundtable panel discussion.
At the roundtable discussion themed “Empowering Industries with Local Large Language Models: AI Implementation and Ecosystem Building in Hong Kong”, the Privacy Commissioner highlighted that one of the biggest challenges currently faced by organisations in implementing AI systems is ensuring data security. This includes formulating internal policies and guidelines on the development or use of AI, as well as understanding the circumstances under which customers’ personal data may be used to train AI systems in accordance with the requirements under the PDPO. The Privacy Commissioner also noted that, in accordance with the National “15th Five-Year Plan”, organisations should follow a holistic approach to development and security. While developing or using new technologies, organisations should adopt appropriate measures to ensure data security and prevent data breaches. The Privacy Commissioner encouraged organisations to refer to the series of guidance materials on AI published by the PCPD, with a view to developing and using AI safely and responsibly.
|
Reaching Out to the Accounting Sector – Privacy Commissioner Attends Cocktail Reception in Celebration of the 20th Anniversary of the AWAHK
|
Privacy Commissioner Ms Ada CHUNG Lai-ling attended the cocktail reception to celebrate the 20th anniversary of the Association of Women Accountants (Hong Kong) (AWAHK) on 1 June and engaged with representatives of the accounting sector.
The Privacy Commissioner has been supporting the work of the AWAHK, and participated in panel discussions organised by the AWAHK on several occasions to share her professional experiences.
|
Reaching Out to the Community – Assistant Privacy Commissioner Speaks at an AI Workshop
|
Assistant Privacy Commissioner for Personal Data (Compliance, Global Affairs and Research) Mr Alex CHAN Chung-man attended an AI workshop organised by the Scout Association of Hong Kong on 30 May and delivered a speech.
At the workshop, the Assistant Privacy Commissioner gave an overview of AI-related scams and the privacy risks associated with the use of AI. He shared with participants the recommendations set out in “Protect Your Personal Data – Be Smart on Social Media” and “Protect Your Personal Data – Smart Use of Smartphones” issued earlier by the PCPD. The Assistant Privacy Commissioner also introduced the PCPD’s “Data Security” package to the participants. Please click here for the presentation deck (Chinese only).
|
Reaching Out to the Community – Assistant Privacy Commissioner Interviewed by Media on the Findings of Compliance Checks Regarding Organisations’ Use of AI
|
Assistant Privacy Commissioner for Personal Data (Compliance, Global Affairs and Research) Mr Alex CHAN Chung-man was interviewed by RTHK Radio 3’s “Backchat” on 26 May to explain the findings of the compliance checks published by the PCPD regarding the impact of organisations’ use of AI on personal data privacy.
To understand the latest usage of AI in Hong Kong and its impact on personal data privacy, the PCPD started its third round of compliance checks in January 2026, covering 60 organisations. The Assistant Privacy Commissioner noted that the findings showed 95% of the organisations reviewed are using AI in their day-to-day operations, reflecting that AI is gradually becoming an integral part of business operations.
With regard to the handling of personal data, only seven organisations that used AI to process personal data (approximately 29%) retained the personal data collected through AI systems, representing a decrease of about 50 percentage points compared with the results of the compliance checks carried out in 2025. All of these organisations have specified the retention periods for personal data, indicating an enhanced awareness among organisations in safeguarding personal data privacy.
In addition, in light of recent scams involving the impersonation of electrical appliance retailers, the Assistant Privacy Commissioner reminded members of the public to stay vigilant if they receive suspicious calls. They should verify the identities of callers and refrain from making transfer payments or disclosing personal data hastily. He also noted that the PCPD has been organising anti-fraud educational initiatives for the elderly, providing updates on the latest scam tactics and enhancing their awareness of fraud prevention.
Click here to listen to the interview by RTHK Radio 3’s “Backchat”.
|
Protecting Privacy ‧ Embracing Innovation; PCPD Launches the “Privacy Awareness Week 2026”
|
The PCPD launched its annual event, “Privacy Awareness Week 2026” (PAW 2026) from 15 to 21 June. During the week, the PCPD hosted the Summit and the launch ceremony of the Academy on 16 June, drawing over 400 participants from Hong Kong, the Chinese Mainland and overseas. The PCPD also hosted the APPA Forum from 16 to 17 June, which brought together over 100 representatives from privacy or data protection authorities across the Asia-Pacific region to discuss a wide array of global privacy issues and share regulatory and enforcement experiences. In addition, the Communications Working Group under APPA, of which the PCPD is a member, has launched the “Personal Data and Privacy Guardian” online game during PAW 2026. The game is available in various languages and suitable for persons of all ages. By simulating scenarios in our daily lives, participants are required to identify potential risks of privacy or personal data breach within a limited time. The game aims to deepen public understanding of the protection of personal data privacy. Members of the public are welcome to experience the online game at the following link: https://www.dspdp.gov.mo/featuredsites/paw2026/game/index.html. PAW is an annual event jointly supported by members of APPA to enhance public awareness of protecting and respecting personal data privacy.
|
|
|
|
Appointments of Two New Members to the Standing Committee on Technological Developments of the PCPD
|
On 30 June, Privacy Commissioner Ms Ada CHUNG Lai-ling announced the appointment of Mr Dave CHEN Chun-wai and Ir Wilson WONG Ka-wai as members of the Standing Committee on Technological Developments (SCTD) of the PCPD for a term of two years from 1 July 2026 to 30 June 2028.
Mr Chen is the President of the Hong Kong Computer Society (HKCS). With over 25 years of experience in the information technology industry, he has been involved in promoting enterprise information technology, digital transformation and AI-enabled innovation across large-scale organisations. He also possesses track record in defining and executing multi-year digital and AI strategies.
Ir Wong is the Chief Executive Officer of the Hong Kong Internet Registration Corporation Limited (HKIRC). He has over 30 years of experience in business development and strategic management across both the public and private sectors. He has led the HKIRC in advancing digital innovation and reinforcing Hong Kong’s position as a leading global e-commerce hub.
The Privacy Commissioner would also like to take the opportunity to express her sincere gratitude to all members of the SCTD, in particular the outgoing members, Dr Alan CHEUNG Wei-lun and Prof YEUNG Dit-yan, for their invaluable contributions and advice to the SCTD over the years. With effect from 1 July 2026, the members of the SCTD (in alphabetical order of surname) are as follows:
- Ms Ada CHUNG Lai-ling, SBS (Privacy Commissioner) (chairperson)
- Mr Dave CHEN Chun-wai (new member)
- Dr Welland CHU Wai-nin
- Mr Edmond LAI Shiao-bun
- Prof Gregg LI Ka-lok
- Ir Wilson WONG Ka-wai (new member)
- Prof the Hon William WONG Kam-fai, MH
- Prof YIU Siu-ming
The SCTD was established to advise the Privacy Commissioner on, among other things, the impacts of the developments in the processing of data and information technology on the privacy of individuals in relation to personal data. It comprises distinguished external members of exceptional calibre from the information and communications technology industry, particularly experts in fields such as information security, cybersecurity and AI. The diversity of experts from academic and corporate backgrounds also ensures a broad representation of perspectives and insights, which assists the Privacy Commissioner in formulating policies and recommendations to address technological developments while safeguarding privacy in relation to personal data.
|
Highlights of the “Measures for Network Data Security Risk Assessment” 《網絡數據安全風險評估辦法》的重點
|
To regulate activities relating to network data security risk assessment, safeguard network data security, and facilitate the lawful, reasonable, and effective use of network data, the Cyberspace Administration of China issued the “Measures for Network Data Security Risk Assessment” (Measures) on 18 June 2026. The Measures sets out the obligations of relevant authorities, network data processors, and third-party assessment organisations. The Measures also provides detailed requirements on risk assessment mechanisms, as well as the preparation and review of risk assessment reports. The Measures will take effect on 20 August 2026. This article provides an overview of the Measures.
為規範網絡數據安全風險評估(風險評估)活動,保障網絡數據安全,促進網絡數據依法合理有效利用 ,國家互聯網信息辦公室於2026年6月18日發布《網絡數據安全風險評估辦法 》(《辦法》)1 。《辦法》規定了有關主管部門、網絡數據處理者,以及第三方評估機構的責任,為風險評估的機制、風險評估報告的編製與檢查等提出了詳細規定。《辦法》將於2026年8月20日實施,其重點如下:
背景及定義
《辦法》所稱風險評估,是指對網絡數據和網絡數據處理活動安全進行的風險識別、風險分析和風險評價等活動2。
現行的法律法規,包括《數據安全法》3及《網絡數據安全管理條例》4均有針對風險評估的要求,例如重要數據的處理者應當按照規定對其數據處理活動定期開展風險評估,並向有關主管部門報送風險評估報告5。
主管部門的責任
《辦法》提出,國家網信部門會同國務院電信、公安等有關部門建立網絡數據安全風險評估專項工作機制,指導、監督風險評估工作6。有關主管部門則應對相關行業、領域處理重要數據的網絡數據處理者(重要數據處理者)開展風險評估情况進行檢查,並於每年1月底前將年度風險評估檢查計劃報送國家網信部門7。國家網信部門會將計劃與有關部門共享並進行協調,避免不必要的檢查和交叉重複檢查8。
有關部門在組織開展風險評估中發現重要數據處理者的重要數據處理活動可能危害國家安全、公共利益,應當責令它們進行整改;對拒不整改或者未達到整改要求的重要數據處理者,可以要求它們停止處理重要數據9。
省級以上網信等部門可以對重要數據處理者的風險評估報告真實性、準確性進行檢查核驗10。如發現網絡數據處理者的網絡數據處理活動存在較大安全風險、發生網絡數據安全事件等情況,可以要求其委托通過認證的評估機構開展風險評估11。
網絡數據處理者的責任
《辦法》要求重要數據處理者應當每年度開展風險評估,若重要數據安全狀態發生重大變化可能對數據安全造成不利影響的,亦應當及時對相關部分開展風險評估;至於處理一般數據的網絡數據處理者,則鼓勵它們至少每3年開展一次風險評估12。
此外,重要數據處理者開展年度風險評估,應當依法按照有關主管部門規定編制風險評估報告,在完成後的20個工作日內將報告報送主管部門,並至少保存3年13。
《辦法》規定風險評估工作應當按照《數據安全法》、《網絡數據安全管理條例》有關要求,參照數據安全風險評估有關國家標準開展14。
網絡數據處理者可以自行或者委托第三方評估機構(評估機構)開展風險評估。若委托評估機構開展風險評估,應當通過訂立合同等方式明確雙方的權利、義務等15。
若網絡數據處理者是按照有關部門要求委托評估機構開展風險評估,應為評估機構開展風險評估提供必要支持、按照有關部門要求對風險評估中發現的問題進行整改等16。網絡數據處理者亦不得以任何方式要求評估機構出具不實或者不當的風險評估報告17。
有關評估機構的規定
《辦法》要求國家網信等部門積極促進網絡數據安全風險評估服務的發展,培育評估機構,並鼓勵評估機構通過認證18。評估機構開展風險評估應當公正客觀地作出風險判斷,對所出具的風險評估報告負責,不得轉委托其他機構開展風險評估19。假如在風險評估過程中發現網絡數據處理活動存在重大數據安全風險,應當及時通知網絡數據處理者20。此外,同一評估機構及其關聯機構亦不得連續3次以上對同一網絡數據處理者開展年度風險評估21。
總結
《辦法》落實了《數據安全法》等法律法規有關風險評估的規定,闡明開展風險評估的流程、加強各部門統籌協調,有助維護國家重要數據安全,促進數據要素安全有序流動和高效利用。
1 全文: https://www.cac.gov.cn/2026-06/18/c_1783525609815499.htm
2《辦法》第二條。
3 見《數據安全法》第三十條。全文:https://www.cac.gov.cn/2021-06/11/c_1624994566919140.htm
4 見《網絡數據安全管理條例》第三十三條。全文:https://www.cac.gov.cn/2024-09/30/c_1729384452307680.htm
5 見《數據安全法》第三十條。
6《辦法》第三條。
7《辦法》第四條。
8 同上。
9《辦法》第十九條。
10《辦法》第十六條。
11《辦法》第十七條。
12《辦法》第五條。
13《辦法》第十五至十六條。
14《辦法》第六條。網信辦發言人指出,網絡數據處理者可以參考《數據安全技術 數據安全風險評估方法》(GB/T 45577-2025)及《數據安全技術 數據安全評估機構能力要求》(GB/T 45389-2025)等推薦性國家標準。見《網絡數據安全風險評估辦法》答記者問。全文: https://www.cac.gov.cn/2026-06/18/c_1783525609948038.htm
15《辦法》第七條。
16《辦法》第十八條。
17 同上。
18《辦法》第八至九條。
19《辦法》第十至十一條。
20《辦法》第十三條。
21《辦法》第十二條。
|
|
|
|
HONG KONG INTERNATIONAL DATA PRIVACY ACADEMY
|
The Academy was officially launched on 16 June 2026 by the Honourable Mr Paul LAM Ting-kwok, GBS, SC, JP, the Secretary for Justice of the Government of the Hong Kong SAR, China, and other officiating guests during the 30th Anniversary Privacy Protection Summit of the PCPD.
The PCPD established the Academy to actively align with the Country’s 15th Five-Year Plan in supporting Hong Kong’s development as an international high-calibre talent hub and the Government’s policy under the “One Country, Two Systems” principle to leverage the distinctive advantages of enjoying strong support of the Motherland and being closely connected to the world. It also aims to support the formulation and implementation of the first Hong Kong’s Five-Year Plan by the HKSAR Government under the leadership of the Chief Executive, thereby actively integrating into and serving the overall national development.
The PCPD 30th Anniversary Privacy Protection Summit was the first signature event launched by the Academy. The Academy provides flagship training programmes on privacy/personal data protection matters for organisations, privacy protection practitioners and other stakeholders in Hong Kong, the Chinese Mainland and other parts of the world. The programmes, which include introductory seminars, professional workshops, topical seminars on emerging issues, dialogues with experts, in-house seminars and online training, are supported by various professional associations and industry groups. For details, please click here to visit the website of the Academy.
|
Professional Workshop on Data Protection and Data Access Request
|
Receiving Data Access Requests (DAR) is a frequent occurrence for many organisations. For example, employees may request employers for copies of their previous appraisal reports; patients may request for copies of their medical records, etc. Handling DAR properly, effectively and in a timely manner poses a challenge to many organisations.
This workshop will examine in detail the compliance requirements for handling DAR under the PDPO and offer practical guidance to participants on handling DAR.
Date: 8 July 2026 (Wednesday)
Time: 2:15pm – 5:15pm
Mode: Online
Language: Cantonese
Fee: $750/$600* (*Members of the DPOC and supporting organisations may enjoy the discounted fee)
Accreditation: 3 CPD points (The Law Society of Hong Kong, Insurance Authority, Estate Agents Authority, Property Management Services Authority, Hong Kong Institute of Bankers)
Who should attend: Solicitors, data protection officers, administration managers, human resource officers, customer services personnel
|
Professional Workshop on Recent Court and Administrative Appeals Board Decisions
|
Legal professionals and compliance officers should keep abreast of the latest decisions and arguments of the court and the Administrative Appeals Board relating to personal data privacy. In this regard, the PCPD lawyer will give you a deep dive into those cases and the commonly deployed provisions of the PDPO, strengthening your understanding of the cases from a legal perspective and the knowledge in the interpretation and application of the PDPO.
Date: 22 July 2026 (Wednesday)
Time: 2:15pm – 5:15pm
Mode: Online
Language: English
Fee: $950/$760* (*Members of the DPOC and supporting organisations may enjoy the discounted fee)
Accreditation: 3 CPD points (The Law Society of Hong Kong, Estate Agents Authority, Property Management Services Authority, Hong Kong Institute of Bankers)
Who should attend: Solicitors, barristers, in-house legal counsels, data protection officers and compliance officers, company secretaries and administration managers
|
Professional Workshop on Data Protection in Insurance
|
Insurance practitioners handle a large amount of customers’ personal data, including customers' names, telephone numbers, addresses, identity card numbers, etc. in their daily operation. Therefore, a proper understanding of the requirements under the PDPO is necessary.
This workshop will examine core concepts of practical data protection compliance illustrated by specific scenarios to highlight potential problems and their resolution. Participants will also engage in discussion of real cases relating to the handling of personal data in different aspects of insurance work.
Date: 29 July 2026 (Wednesday)
Time: 2:15pm – 5:15pm
Venue: Lecture Room, the PCPD’s Office, 12/F, Dah Sing Financial Centre, 248 Queen’s Road East, Wanchai, Hong Kong
Language: Cantonese
Fee: $750/$600* (*Members of the DPOC and supporting organisations may enjoy the discounted fee)
Accreditation: 3 CPD points (The Law Society of Hong Kong, Estate Agents Authority, Insurance Authority, Hong Kong Institute of Bankers)
Who should attend: Insurance practitioners, data protection officers, compliance officers, solicitors, advisers and other personnel undertaking work relating to the insurance industry
|
New Series of Professional Workshops on Data Protection in Aug and Sep 2026:
|
Online Free Seminars – Introduction to the PDPO Seminar
|
The PCPD organises free introductory seminars regularly to raise public awareness and their understanding of the PDPO. Details of the upcoming sessions are shown below:
|
Seminar Outline:
- A general introduction to the PDPO;
- The six Data Protection Principles;
- Offences and compensation;
- Direct marketing; and
- Q&A session.
|
Arrange an In-house Seminar for Your Organisation
|
Teaching employees how to protect personal data privacy is increasingly recognised as an important part of employee training. If you wish to arrange an in-house seminar for your organisation to learn more about the PDPO and data privacy protection, you can make a request for an in-house seminar via our online form.
The seminar outline is as follows:
- A general introduction to the PDPO;
- The six Data Protection Principles (industry-related cases will be illustrated);
- Data security management;
- Handling of data breach incidents;
- Direct marketing;
- Offences and compensation; and
- Q&A session.
Duration: 1.5 hours
|
APPLICATION / RENEWAL OF DPOC MEMBERSHIP
|
Apply or renew your DPOC membership today and enjoy privileged access to course enrolments throughout the year!
Special Offer for Organisational Renewals:
Organisations can join the 2-for-1 scheme, which enables you to receive two memberships for the price of one annual fee (HK$450).
Join us now to keep up-to-date with the latest news and legal developments!
|
PCPD Supports the Cyber Security Staff Awareness Recognition Scheme 2026/27
|
The PCPD is delighted to be one of the scheme partners of the Cyber Security Staff Awareness Recognition Scheme 2026/27 (the Scheme). Co-organised by the Digital Policy Office (DPO), HKIRC and ISACA China Hong Kong Chapter, the Scheme aims to promote “Human Firewall” concept among the industry by raising cyber security staff awareness on top of technical protection as a second level defense line, and to enhance organisations’ protection level by encouraging the organisations to raise staff awareness by multiple channels, e.g. training, policy, communication, drill, etc. The Scheme is now open for application until 14 August.
Please click here for the Scheme details and application.
|
PCPD Supports the HKIoD Award for Director Excellence 2026
|
The “HKIoD Award for Director Excellence 2026” organised by The Hong Kong Institute of Directors (HKIoD) is now open for nominations. The PCPD is pleased to be one of the supporting organisations of this prestigious awards.
“Navigating Through Disruptive Forces in Challenging Times” is the theme of the Awards this year. Nomination for the Awards will be closed on 23 July.
Please click here for the Awards nomination form and related information on the HKIoD’s website.
|
PCPD Supports the Hong Kong ICT Awards 2026 – FinTech Award and Smart Business Award
|
Since 2006, the Hong Kong ICT Awards have been recognising and promoting outstanding innovation and excellence in the information and communications technology field. Steered by the DPO and organised by industry associations and professional bodies, the internationally acclaimed Awards recognise creativity and practical solutions that address business and social needs.
The PCPD is delighted to support the Hong Kong ICT Awards 2026 – FinTech Award, where The Hong Kong Institute of Bankers has been appointed as the Leading Organiser.
In addition, the PCPD is also the supporting organisation of the Hong Kong ICT Awards 2026 – Smart Business Award, where the HKCS has been appointed as the Leading Organiser.
For details, please click here for the FinTech Award and here for the Smart Business Award.
|
The PCPD values the opinions of all our DPOC members. We love to hear your ideas and suggestions on what privacy topics you would like to learn more about. Email your thoughts to us at dpoc@pcpd.org.hk and we shall include the most popular topics in our future e-newsletters.
|
|
|
|
Contact Us
Address: Unit 1303, 13/F, Dah Sing Financial Centre, 248 Queen’s Road East, Wanchai, Hong Kong
Tel: 2827 2827
If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.
|
Copyright
Disclaimer
The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.
The PCPD shall not be liable for any damages (including but not limited to damages for loss of business or loss of profits) arising in contract, tort or otherwise from (i) the use of or inability to use this publication or its content, or (ii) from any action taken or decision made on the basis of the content of this publication.
If you click any hyperlink in this publication that brings you to sites operated by other organisations, the PCPD accepts no responsibility for the contents of those sites and shall not be liable for any loss or damage arising out of and/or incidental to the use of the contents.
|
|
|
|
|