South China Morning Post
Advertisement
Advertisement
Cybersecurity
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Hong Kong officials say they are communicating with mainland authorities to ease data flow from the mainland to the special administrative region. Photo: Sam Tsang
TechPolicy

Hong Kong in talks with Beijing to ease cross-border data flow as new rules threaten city’s gateway status

  • New rules finalised by China earlier this month require some companies to pass a security assessment before moving data out of the mainland
  • Hong Kong officials are advocating for a mechanism that bans data coming from the mainland from leaving the city, to ease Beijing’s concerns
Cybersecurity
Xinmei Shen
Xinmei Shen
Why you can trust SCMP
The Hong Kong government has initiated talks with the Cyberspace Administration of China (CAC) to make it easier for data to be transferred from the mainland to the city, as Beijing’s new restrictions on cross-border data flow raise questions about Hong Kong’s status as a regional hub.

Hong Kong’s Innovation, Technology and Industry Bureau (ITIB) had “started a dialogue” with the CAC, Allen Yeung, founding chairman of the Institute of Big Data Governance (iBDG), an organisation in Hong Kong that aims to promote best data practices among industry members, said in an interview with the South China Morning Post on Thursday.

Hong Kong officials are pushing for a mechanism that bans data coming from the mainland from leaving the city, in exchange for the Chinese government to relax control over such data transfers, Yeung said. Yeung is also a member of the Digital Economy Development Committee under ITIB.

06:19

High hopes for China’s Greater Bay Area, but integrating 11 cities will pose challenges

High hopes for China’s Greater Bay Area, but integrating 11 cities will pose challenges

“We looked at the data export compliance [requirements], and it’s actually quite a lot of work,” he said. “Many big companies are having a hard time processing it, let alone small and medium-sized enterprises.”

“What we’re trying to advocate is that data can come to Hong Kong but not be transferred further [to other places],” said Yeung.

“So that means within one country, data export control can be substantially reduced to a minimum.”

Under the “one country, two systems” principle, Hong Kong maintains autonomy in data regulation and information flow within the city, which is not covered by China’s so-called Great Firewall. Popular internet services from the West, including Google and Facebook, are accessible in Hong Kong, but not the mainland.

China last year passed the Data Security Law and the Personal Information Protection Law, which along with a growing web of regulations, seek to keep what Beijing deems as important and sensitive data within the mainland.

A new set of rules finalised by the CAC earlier this month, for example, laid out onerous requirements for companies to go through a security assessment before moving data out of the mainland.
Those rules, which do not explicitly confer any special treatment for Hong Kong, have raised concerns among experts about the challenges that the restrictions could pose to the city, which wants to be a regional technology and data hub.

If mainland authorities treat Hong Kong as outside the Chinese border, international businesses that have traditionally used the city as a gateway to the mainland may find it troublesome to store data in Hong Kong.

Will China’s new data rules erode Hong Kong’s edge as gateway city?

Hong Kong’s new-term government is moving fast to address that, according to Yeung.

Dong Sun, the freshly appointed ITIB secretary who is also a member of the ITIB’s Digital Economy Development Committee, told local media outlet HK01 this week that he was “closely communicating” with the CAC to discuss arrangements for data to be transferred from the mainland to Hong Kong “under certain conditions”.

“They’re taking quick steps instead of just talking about it,” Yeung said. “In the past couple of years, attention was spent on fighting Covid-19. Now, we have a little bit of breathing room.”

For Hong Kong to receive any favourable data policies from Beijing, the city first needs to refresh its outdated data governance regime, experts said. Hong Kong’s Personal Data (Privacy) Ordinance (PDPO) has barely been updated since it came into force in 1996.

While a new cybersecurity law in Hong Kong proposed in May could help raise the city’s data governance standards, legislation could be slow and inflexible, and that is where industry efforts could play a part in moving things forward, Yeung said.

The iBDG, for instance, has been promoting a scheme where member companies receive certificates upon passing a third-party audit on their data practices, with standards set higher than the basic requirements in the PDPO, Yeung said.

Such a certificate mechanism could include requirements for data not to leave Hong Kong, which will help the city advocate for freer cross-border data flow with the mainland, he said.

While such efforts, pushed forward jointly by the Hong Kong government and the industry, will establish “a good foundation to talk to mainland China”, Yeung said, changes might not happen immediately.

“I don’t think it will be that fast,” Yeung said. “Anything government-to-government takes time.”

Post