Article by Simon McConnell and Michelle Lai

Section 33 of the Personal Data (Privacy) Ordinance (PDPO) prohibits the transfer of personal data to places outside Hong Kong except in circumstances specified in the PDPO.

Although section 33 is not yet in operation, this dormant provision may well come into force in the near future. Over the last 12 or so months, it is known that Hong Kong's Privacy Commissioner (the Commissioner) and the Hong Kong Government, have been working towards the activation of section 33, so that restrictions on the transfer of personal data cross-borders are implemented. In December 2014, the Commissioner published a Guidance Note on Personal Data Protection in Cross-Border Data Transfer (the Guidance Note) for data users to prepare for the implementation of section 33. Accordingly, data users should review their existing privacy policies to ensure compliance with the cross-border transfer restrictions once section 33 is implemented.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.