Skip to content

PCPD e-Newsletter

Facebook Youtube

A conversation with Mr Allen Ting from Huawei on experiences of utilising the law in technology and his perspective on Mainland China’s data protection 

In this data driven world, digital growth is invariably outpacing the formulation of regulatory framework. We need to stay tuned on new developments and get ready whenever there are changes to the law for our ever-evolving data regime.

In this fourth and last episode of this special interview series, the editor of PCPD e-Newsletter talked with Mr Allen Ting, Senior Legal Counsel from Huawei. He shared with us the experiences in protecting personal data privacy in a multinational technology company.

E: Editor of PCPD e-Newsletter
T: Mr Allen Ting, Senior Legal Counsel, Huawei

E: You worked in a law enforcement agency as well as a public body in Hong Kong related to privacy law. How do you utilise your expertise in your current role in a Chinese multinational technology company? 

T:  With years of experience in investigation into non-compliance cases and inspection of data protection systems of large organisations, I get fully conversant with local statutes and law enforcement techniques, as well as being able to apply legal principles with a real depth of understanding. These kinds of practical skills are considered as a plus in my current role. I believe that regulatory experience always makes a difference. Not surprisingly, many employers look favourably at prior law enforcement experience.
E: In embracing technological developments, how could we prevent the misuse of personal data?

T: When talking about how to prevent data misuse in this wired world, it may be naïve to rely solely on legislation, as technology is always changing faster than law. Privacy is an integral part of human dignity. Ethics is the core value of corporate governance. We could address the challenges of data misuse by nurturing a culture of respect for privacy through ethics education and training. This approach may be more effective than playing regulatory catch-up. Training people on data protection must be more than just legal compliance. It should be a moral education whose ends are to embed responsible data practices.

E: What changes would you expect in the personal data privacy landscapes in Hong Kong and in the mainland of China in the coming five years?

T: The challenges that the digital world brings to the right to privacy are obvious. Big data are all around us, enabled by interconnectivity provided by sophisticated telecommunications infrastructure. In the next five years, legislative bodies in Hong Kong and Mainland China will be expected to update and modernise data privacy laws to address the risks that big data (and its use by artificial intelligence) has brought to society. Higher penalties are also expected to come into effect in future years to serve as an important deterrent for privacy violations.


To review the previous interviews with other experts on the subject, please find below:

To review the first episode of “Special Interview Series” - A conversation with the Privacy Commissioner on regulations and laws on personal information protection in the mainland of China:

Click here

To review the second episode of “Special Interview Series” - A conversation with Ms Barbara Li from Norton Rose Fulbright on recent development of personal data privacy Law in the mainland of China

Click here

To review the third episode of “Special Interview Series” – A conversation with Mr Bernard Tan from SAP on securing personal data privacy at personal and organisational levels:

Click here

To disseminate the message of “Peace Online” and “Data Prosperity" and to promote the culture of protecting and respecting personal data, the PCPD has launched a series of publicity initiatives on the ground and on air in the city during Lunar New Year. You may have noticed our "privacy icons" on TV and on buses around the city, as well as the jingle on radio.

Watch the TV advertisement

Privacy Commissioner Condemns Doxxing of Frontline Medical Personnel (26 January 2020)


Read media statement

Privacy Commissioner Responds to the Incident of a Police Officer Checking a Reporter's Identity Card on Queensway (19 January 2020)


Read media statement

Meeting of Panel on Constitutional Affairs of the Legislative Council – Review of the Personal Data (Privacy) Ordinance (20 January 2020)


Watch the webcast

The PCPD End-of-year Media Gathering (21 January 2020)

The Privacy Commissioner reported the work of his office in 2019 with related statistics, and set out priorities in 2020 during the annual media gathering.


RTHK Radio programme "Hong Kong Today" - Interview with Privacy Commissioner: Doxxing cases multiply amid unprecedented unrest (22 January 2020)

Listen to the programme

RTHK Radio programme《千禧年代》- Interview with Privacy Commissioner: Doxxing cases and review of the Persoanl Data (Privacy) Ordinance (Cantonese only) (22 January 2020)

Listen to the programme
(Part 2, 09:35-09:50)



Introduction to the Personal Data (Privacy) Ordinance Seminar (Free)
Feb - Jun 2020 seminars are now open for enrolment!

To raise the public's awareness and understanding of the Personal Data (Privacy) Ordinance, the PCPD organises introductory seminars on the Ordinance regularly. You will get to know the key elements of the Ordinance, in particular your obligations as data users and your rights as data subjects.

- A general introduction to the Personal Data (Privacy) Ordinance
- The six data protection principles
- Direct marketing
- Offences & compensation

Enrol now!

Placing Conspicuous CCTV Surveillance Notice for Personal Data Privacy

PCPD has recently produced a sticker notice listing out essential information that should be conveyed to persons under surveillance. Organsations which operate CCTV systems may fill in relevant information on the notice and stick it at the entrance to inside the area under surveillance.

If you would like to get copies of the sticker notice, please email your name and address to We will send the sticker notices to you by post. Click here to read the Personal Data Collection Statement. The sticker notices are available while stock lasts.

You may also download and print it by clicking here.

Hong Kong Lawyer January 2020 issue: Weaponisation of Personal Data and Duty of Social Media - by Mr Stephen Wong, Privacy Commissioner for Personal Data, Hong Kong

The recent social unrests have given rise to certain unprecedented challenges to our society, one of which is “doxxing”. The Privacy Commissioner for Personal Data has been fighting an uphill battle in curbing the cases of doxxing in Hong Kong. Social media providers should protect their services in avoiding being misused and to stop the dissemination of violent content sharing online.

Read the article

Data Privacy: What to watch in 2020

28 January is the Data Privacy Day. In the spirit of the day, this article shares three areas related to privacy we should look into in 2020:
- states are aggressively legislating around privacy and cybersecurity
- federal legislation is needed to fill large gaps in privacy regulation
- privacy laws are increasingly putting consumers in control of their data 

Read more

UK regulators are seeking to better protect children’s privacy online

A set of standards aimed at protecting the privacy of children online was released by The Information Commissioner for Parliament’s approval. The new code, namely The Age Appropriate Design Code, includes 15 standards for online service providers to follow.

Read more

2019 data breach disclosures: 10 more of the biggest

2019 has produced another batch of high-profile data breaches. The article has compiled a list of 10 more notable data breach disclosures from the second half of last year.

Read more

Q: Why may doxxing (起底) constitute a criminal offence under Personal Data(Privacy) Ordinance?

- Under section 64(1) of the Ordinance, a person commits an offence if he discloses any personal data of a data subject obtained from a data user without the data user’s consent with the intention - 

- to obtain gain in the form of money or other property, whether for his own benefit or that of another person; or
- to cause loss in the form of money or other property to the data subject.

- Under section 64(2) of the Ordinance, a person commits an offence if he discloses, irrespective of his intent, any personal data of a data subject obtained from a data user without the data user’s consent and the disclosure causes psychological harm to the data subject.

- Doxxing and cyberbullying activities may also involve other criminal offences including criminal intimidation.

Q: What are the legal conseqences of breaching section 64 of Personal Data (Privacy) Ordinance?

- Contravention of section 64 of the Ordinance may attract a maximum fine of HK$1,000,000 and imprisonment for 5 years.

- The parties involved may also face civil claims by those affected persons suffering from psychological harm.

Q: What can you do if you are being doxxed?

Victims of doxxing are advised to take the following actions:

1. Make a complaint to the PCPD (Email: Address:
Room 1303, 13/F, 248 Queen’s Road East, Wan Chai, Hong Kong);
2.  Request the social media platform or website to remove the doxxing contents;
3. Review the privacy setting of social media accounts to restrict access to or distribution of the content for better privacy protection.

Extended Reading:
Media Statement: Privacy Commissioner Provides Updates on Doxxing and Cyberbullying: Reiterating Criminal and Social Liability of Doxxers and Assisting Platforms (23 December 2019)

Media Statement: Privacy Commissioner’s Response to Media Enquiries about Chief Executive’s Suggestion of the Need for Legislative Amendment to Tackle Doxxing (18 October 2019)

Data Protection Principle 4 - Security of personal data

Travel agency should not distribute flight itinerary list (containing all tour members’ names and e-ticket numbers) to all tour members

The Complaint

The Complainant joined a package tour (the Tour) with a travel agency. On the date of departure, the tour escort distributed a flight itinerary list (the List) to all members of the Tour. The List contained all tour members’ full names, e-ticket numbers and booking reference numbers (the Information). Since each passenger’s full name, date of birth, nationality, passport number and passport expiry date could be accessed via the relevant airline’s website after logging in with the Information, members of the Tour were able to access each other’s said personal data.


Most airlines’ websites allow passengers to login with their names and booking reference numbers / e-ticket numbers for managing their flights. After logging in, passengers are able to manage information in relation to their bookings and flights, which usually include passengers’ nationalities, passport numbers, passport expiry dates and dates of birth. In short, the Information can be used as a key to unlock sensitive personal data of passengers, thus travel agency should keep extra caution when handling the Information. The travel agency admitted that the distribution was unnecessary and might give rise to possible risk of personal data leakage. After PCPD’s intervention, the travel agency had reminded its staff members not to distribute any similar list to tour members. The travel agency had also informed all members of the Tour regarding the possible leakage of their personal data in the present case in writing. The Privacy Commissioner issued a warning to the travel agency.

Tips for Social Networking Safety

Understand what precautions to take to minimise the privacy risks and help protect yourself when you use social networks.


Protect your personal data 

Do you know who is collecting your personal data? Frequent internet access may accelerate the chances of data breach. Learn how to well-protect your personal data.


For enquiry, please contact us.
Address: Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wan Chai, Hong Kong         Tel: (852) 2877 7179

If you do not wish to receive the PCPD e-Newsletter, please click here to unsubscribe.



The information and suggestions provided in this publication are for general reference only. They do not serve as an exhaustive guide to the application of the law. The Privacy Commissioner makes no express or implied warranties of accuracy or fitness for a particular purpose or use with respect to the information and suggestions set out in this publication. This publication also contains information or suggestions contributed by others, whose views or opinions are solely those of the contributors and do not necessarily reflect or represent those of the Privacy Commissioner. All information and suggestions provided in this publication will not affect the functions and powers conferred upon the Privacy Commissioner under the Personal Data (Privacy) Ordinance.