Hi there! As the temperatures are rocketing high in early summer in east Asia, the first two weeks of June have witnessed some interesting data regulatory developments in mainland China and Hong Kong.

China recently released a consultation draft of Technical Specifications for privacy notices to seek comments until 25 July. Some notable requirements include:

  • The privacy notices must be put on a company’s website and be easily located by the visitors. For example, if you log on a company’s website, you are not expected to click for more than four times to find the privacy notice.
  • If there is any personal information transferred abroad, the data controller must highlight the cross-border transfer of personal information in its privacy notice, detailing the types of personal information to be transferred, as well as the requisite legal mechanisms for complying with the applicable requirements.

With China becoming the largest mobile application market in the world, the regulatory and enforcement developments have been in the spotlight. On 14 June, it was announced by the Ministry of Industry and Information Technology officials that Chinese authorities have conducted continuous investigations on mobile apps and more than 3,000 apps have been ordered to take remedial actions or been removed from app stores, due to illegal collection or use of personal information. On the same day, the China Administration of Cyberspace published the revised version of the Regulations for the Administration of Mobile App Services, effective from 1 Aug. The new regulations significantly enhance the compliance requirements for app developers, operators and app stores. They are required to, among others, verify the identity of registered app users, provide special protection to children’s personal information, strengthen cybersecurity and encourage the use of Internet Protocol version 6 in performing app services. Shout out to businesses engaging in developing or running mobile apps in or for the China market to take note of these new regulatory changes and take proper compliance actions as soon as possible.

Hong Kong and some large cities in mainland China are probably the most densely populated cities globally, and how to regulate the collection and use of personal data in the property management sector has been hot spots. According to the information released by the Hong Kong Office of Privacy Commissioner for Personal Data, during the past five years, the Personal Information Protection Law received an average of more than 100 complaints against property management companies per year. To raise the awareness of the need to protect the privacy of residents and visitors, 13 June the PCPD issued a Guidance Note for protection of personal data in the property management sector. The Guidance Note provides that before collecting the visitors' ID numbers, the property manager should, whenever practical, give the visitors the option to choose less privacy-intrusive alternatives to verify their identities. In addition, people should be explicitly notified that they are subject to CCTV surveillance at common areas of buildings and property management bodies should exercise extra caution when using smart or electronic means to process personal data of residents, to avoid leakage or inappropriate disclosure.

Coincidentally, the intermediary court of Tianjin, China, heard a personal data dispute in which a property management company asked all residents to “scan face” as the only method for access pass. The court gave the final ruling against the property management company for failing to provide alternative less-privacy intrusive ways of authentication and granted financial compensation to the plaintiff resident.

Hope you enjoy the reading. Until next time!