EPIC --- Privacy and Human Rights Report
|Title Page Previous Next Contents | Country Reports >Special Administrative Region of Hong Kong|
On July 1, 1997, the People's Republic of China (PRC) resumed exercise of its sovereignty over Hong Kong and established it as a "Special Administrative Region" (SAR). Under the principle of "one country, two systems," the laws of the Hong Kong SAR were incorporated into the Chinese legal system by the enactment of the Basic Law, often described as Hong Kong's mini-constitution. Under this arrangement, the Hong Kong SAR enjoys a high degree of autonomy in creating privacy-related legislations.
The Basic Law of the Hong Kong SAR contains several privacy protections. Article 29 provides that the "homes and other premises of Hong Kong residents shall be inviolable. Arbitrary or unlawful search of, or intrusion into, a resident's home or other premises shall be prohibited." Article 30 provides that the "freedom and privacy of communications of Hong Kong residents shall be protected by law. No department or individual may, on any grounds, infringe upon the freedom and privacy of communications of residents except that the relevant authorities may inspect communications in accordance with legal procedures to meet the needs of public security or of investigation into criminal offenses."
In 1996, after six years of study by the Law Reform Commission, Hong Kong enacted a Personal Data (Privacy) Ordinance (PDPO). The ordinance came into effect in 1996, with the exception of the provisions concerning the transfer of data outside Hong Kong and data-matching. Following the standard set by the Organization for Economic Cooperation and Development (OECD) 1980 Guidelines for Protection of Privacy and Transborder Flows of Personal Data, the PDPO adopts six "fair information principles" to regulate notice, collection, accuracy, use, security and access to "data," broadly defined as "any representation of information (including an expression of opinion) in any document, and includes a personal identifier." It also imposes additional restrictions on certain processing, namely data matching and direct marketing. The former requires the prior approval of the Privacy Commissioner, while the latter requires that a "data user" inform the "data subject" of the opportunity to opt-out from further approaches.
The ordinance applies to public and private "data users" and to manual and electronic records. Violations of the PDPO can be either criminal or civil offenses. However, under the Interpretation and General Clauses Ordinance, it is not applicable to PRC government agencies in the Hong Kong SAR.
The PDPO establishes an oversight body, the Office of the Privacy Commissioner (PCPD), to promote and enforce compliance with statutory requirements. The PCPD currently has a staff of 32 including the Commissioner and Deputy Commissioner. It is comprised of six divisions: Administration, Compliance, Corporate Communications, Operations, Legal and Policy. The PCPD is required by law to publish an annual report and has done so since 1997. The Commissioner is given strong enforcement powers modeled on those contained in the United Kingdom Data Protection Act. In addition to investigating complaints, the commissioner may initiate independent investigations and conduct inspections of selected data users. Some violations of the PDPO constitute criminal offenses. In other cases, an injured party may seek compensation through civil proceedings. If the Commissioner believes that violations may continue or be repeated, it may issue enforcement notices to direct remedial measures.
The PCPD receives enquiries either through its telephone hotline, in person, or in writing. Not all the received complaints were formally investigated by the PCPD for reasons ranging from the nature of the complaint being outside the provisions of the Ordinance to lack of prima facie evidence. Also many complaints were not formally investigated because the involved parties mediated a settlement. Between April 2006 and March 2007, the PCPD investigated 1,068 complaints. Of these cases 60 were found to violate of the PDPO, but none resulted in prosecution. In 2006-2007, a total of 76 self-initiated compliance check cases were conducted and a total of three enforcement notices were issued. During the reporting period, a total of 14,578 cases of general enquiry cases were received and handled. Some of these cases were resolved through mediation and some were found to be unsubstantiated or outside the ambit of the Ordinance after preliminary enquiries. Some cases were transferred or reported to other authorities, e.g. the Hong Kong Police. Seven cases were referred by the PCPD to the police for investigation. Three of these were prosecuted by the police and all led to successful convictions.
Data security on the Internet was the major topic of concern during 2006-2007. Two investigation reports were published by the PCPD on this subject. The Commissioner has collaborated with IT professionals to develop a clear set of privacy compliant best practices, giving guidance for handling IT security and protection of personal data.
The collection of biometric data was also a topic of concern, particularly with the increasingly widespread use of fingerprint scanners for purposes unrelated to security or detection of crime, for example, for recording attendance by employers. The Commissioner discourages the collection of fingerprint data from children. Whenever practicable to do so, the data user should provide the data subject with a less privacy intrusive alternative than the provision of biometric data.
The Commissioner may issue codes of conduct to provide guidance on compliance with the ordinance's provisions. Codes are legally subordinate, but have evidentiary relevance in determining whether a contravention of the ordinance has occurred. To date the Commissioner has issued five codes of practice and guidelines: the Code of Practice on the Identity Card Number and other Personal Identifiers; the Code of Practice on Consumer Credit Data; the Code of Practice on Human Resource Management; the Code of Practice on Protection of Customer Information for Fixed and Mobile Service Operators and the Monitoring and Personal Data Privacy at Work. A promotional leaflet entitled “FAQs on Spam” was published by the Office of the Telecommunication Authority in consultation with the PCPD and the Hong Kong Internet Service Providers Association.
A new law was passed in August 2006 to regulate the interception of communications and surveillance activities engaged in by law enforcement agencies. The law creates a an oversight board, chaired by a judge, who may inspect and review law enforcement interception requests. In addition, the Telecommunications Ordinance and the Post Office Ordinance regulate the interception of communications. Wiretaps require authorization for interception operations at the highest levels of government, but a court-issued warrant is not required. The Hong Kong government has refused to reveal how often the Chief Executive uses his powers to authorize telephone wiretaps and interception of private mail. In 1999, an unofficial report estimated that the HKSAR government intercepted more than 100 conversations of private individuals a day. The vagueness of the intercept powers and the lack of procedural safeguards are inconsistent with Article 17 of the International Covenant on Civil and Political Rights, which is incorporated into Hong Kong's domestic law by Article 14 of the Bill of Rights Ordinance.
Hong Kong's anti-terrorism efforts since September 11, 2001, have largely focused on improved financial tracking. The original bill allowed the government unilaterally to declare a person a terrorist, while the courts would only serve as an appeal channel. However, legislators have said the government should go through the courts first as a way to minimize the risk of people being wrongly labeled terrorists. The deputy secretary for security, Timothy Tong, has said the government would consider amending the bill.
In September 2002, the Hong Kong government signed a customs declaration with the United States Customs Service to facilitate exchanges of airline passenger information and increase surveillance of shipping traffic. The government has also signed similar agreements with other Southeast Asian nations.
In 1999, the Hong Kong Law Reform Commission issued a consultation paper calling for "a code of practice on all forms of surveillance in the workplace for the practical guidance of employers, employees and the general public." In March 2002, the Commissioner responded Guidelines on Monitoring and Personal Data Privacy at Work, which covers the monitoring of telephone calls, e-mail and computer usage and video surveillance. He specifically recognized, but excluded from treatment, other privacy-invasive practices such as drug testing, psychological profiling and productivity monitoring by automated equipment. These may yet be covered by future codes of practice.
Opinion surveys conducted in 2000 and 2001 indicated that approximately 64 percent of Hong Kong businesses use at least one of the following five surveillance methods: closed-circuit television, computer use (auditing), web-browsing, e-mail, phone. Only about 22 percent of businesses engaged in surveillance had relevant written policies. A survey by the Hong Kong Institute of Human Resources Management found that in 2004, 84 percent of firms collected personal data from their employees. Nearly 60 percent of the corporations surveyed were also found to monitor the e-mails and digital files of their employees. Employers, trade association and trade unions have criticized the draft – particularly the definition of "e-mail" – as problematically vague and have suggested that the nature of the workplace will be affected by companies reacting with more restrictive policies on the use of e-mail and the Internet at work.
In response to growing concerns, the Office of the Privacy Commissioner released a set of guidelines for dealing with data collected at the workplace. The PCPD's initial plan was a statutory code of practice. However, strong opposition to the draft by employers made the PCPD proceed with non-binding guidelines. The guidelines are designed to standardize best practices at the workplace. Nonetheless, human rights group criticized the guidelines as “useless," because they are legally non-binding. Law Yuk-kai, director of the Hong Kong Human Rights Monitor, said that the current guidelines will not motivate employers to abide by the PDPO.
Since 1949, Hong Kong residents have carried laminated photo identity cards imprinted with biographical data and the cardholder's residency status. In 2002, the government introduced a smart identity card with a chip that contains a digital replica of the cardholder's thumbprint, immigration data, a digital certificate and have room for other information, including medical and financial data and driving records.
In early 2005, the HKSAR government disclosed the last of the four consultancy reports assessing the privacy impact of the Smart ID Card Project, an identity card replacement exercise that was implemented in August 2003 and was completed in March 2007. The Hong Kong Smart ID Card Replacement Exercise mandated that holders of existing identity cards also had to apply for smart ID cards from January 24 to March 12, 2005. The Replacement Exercise covered all Hong Kong residents, permanent and temporary. Failure to apply for a new card constituted an offense that could be prosecuted and subject to a penalty of HKD 5,000 (~USD 643). The multifunction smart ID card contains basic identity details such as the photograph, fingerprint biometric of each holder and can also contain an electronic certificate (e-Cert) for electronic transactions.
Recently, the smart ID card was criticized for being too complicated to use. For instance, e-Cert, embedded in smart ID cards was designed to promote electronic commerce transaction. More than HKD 240 million (~USD 31 million) were invested to develop and implement the e-Cert system. But a survey found that only 10 percent of those who newly obtained ID cards had used e-Cert.  An additional HKD 10 million (~USD 1.3 million) will be invested in 2005-2006 to promote the use of e-Cert. In addition to e-Cert, the Smart card also functions as a library card for all public libraries, and as an immigration document.
Hong Kong banks already share a "blacklist" of loan defaulters and borrowers who have court judgments issued against them, but faced with an unprecedented five-fold increase in bankruptcies in recent years, banks proposed an amendment to the PDPO allowing them to share even more personal data through a newly created third-party agency. The so-called "positive data-sharing agency" would be run by a private company and modeled after British and North American institutions. The agency would allow banks to share information between each other on the amount of a credit seeker's outstanding credit card debt, cards held, credit limit, past due accounts, residential mortgages and other types of consumer credit. The Hong Kong Monetary Authority and the Privacy Commissioner supported the proposal, but HKSAR legislators, consumer advocates and the public did not, citing privacy concerns. A representative of one of Hong Kong's largest banks responded to these concerns by saying that "privacy [was] no longer relevant."
As required by the PDPO, the Privacy Commissioner opened a public consultation on the credit issue in 2003 and proposed relaxing restrictions on data sharing between banks. Specifically, amendments to the Consumer Credit Data Code would extend the period of retention of credit application data by a credit reference agency from 90 days to five years and extend the period for retention of file activity data from 12 months to five years. Further proposals would allow the release of file activity data by a credit reference agency to credit providers, and to prevent credit providers from accessing an individual's data held by a credit reference agency except where there was a relevant need to do so.
In June 2003, some of the proposed revisions to the Code of Practice on Consumer Credit Data took effect. The revisions allowed positive credit data to be shared among credit providers. A 24-month transitional period (expiring June 2005) was mandated before there could be full access to, and use of, contributed data. Also, a provision was included in the amendment to require credit reference agencies to submit their operational procedures and systems to an independent annual privacy compliance audit. Because the two-year transitional period restricting the sharing of positive credit data expired on June 1, 2005, there is now full usage of positive credit data by credit providers subscribing to the credit reference agency services. Further amendments to the Code are now being considered. A public consultation is currently in progress and a consultation paper is available at PCPD website.
In early 2002, Hong Kong police proposed a pilot program to install a number of cameras in Lan Kwai Fong, a district of Hong Kong, aimed at preventing crime and controlling crowds. The cameras would be linked to a police station and footage would be held for three months. The plan was supported by the local business association, but not by many local businesses who felt the surveillance might affect people's willingness to come to the area. Lawmakers and human rights groups also opposed the plan, saying it was an invasion of privacy.
In May 2002, Hong Kong police bowed to public and legislative opposition and suspended the proposal. In a paper submitted to legislators, Deputy Secretary for Security Timothy Tong Hin-ming said police would study the privacy concerns of the scheme before consulting the public and the Privacy Commissioner again.
In 2004, however, the Home Affairs Department revealed that authorities had installed closed-circuit TV (CCTV) surveillance cameras in five different locations of Hong Kong, leading to the prosecution of 29 people for hygiene offenses. The violations included washing dishes, dumping trash, and relieving themselves in the streets. Although officials scaled down the original plan of installing 100 cameras in 18 districts of Hong Kong, Cindy Yu, spokeswoman of Home Affairs Department, noted that the program had "proven quite useful" and will be expanded.
Also in May 2002, the SAR Correctional Services Department (CSD) announced that it was installing thousands of surveillance cameras in all of Hong Kong's prisons – including dormitories, but not toilets – in an effort to prevent inmate gambling. Following the death of an inmate last year, legislators renewed questions regarding the use of surveillance cameras in prisons. In the past, the CSD has refused to detail what percentage of prisons were monitored by cameras or what the criteria is for their use to be deemed necessary. "In some cases, the images are used to assist prison staff's observation only and no recording function is provided. In other cases, automatic recording of the sequential images appearing on the monitor is provided," a CSD spokesman said. At least one legislator has said he plans to ask the department to disclose details of the number, function and purpose of surveillance cameras in all penal institutions.
Another scandal concerns mobile phone cameras. Following outcries over "up skirt" scandals overseas and in the absence of laws making cyber-voyeurism illegal in Hong Kong, some businesses – such as fitness clubs – have begun to ban the use of mobile phones with built-in cameras.
The Unsolicited Electronic Messages Ordinance was passed by Legislative Council and became law on June 1, 2007. It regulates the sending of unsolicited electronic messages; however, the law does not apply to live communications between a caller and a recipient. Where personal data are used for direct marketing activities, the PDPO still applies.
The Hong Kong government's latest anti-spam effort was the further development of anti-spam initiative (STEPS) that was announced on February 24, 2004. The STEPS initiative was to strengthen existing regulation by promoting technical solutions, educating people, and introducing statutory measures. The government announced that it would undertake public education campaign while continuously cooperating with businesses on blacklisting repeat spam offenders.
In 2005, Hong Kong joined the international community against spam. The Commerce, Industry, and Technology Bureau of Hong Kong signed a multilateral memorandum with Australia, South Korea, Malaysia, Philippines, New Zealand, and mainland China. The purpose of the international memorandum is to promote cooperation among nations in order to reduce spam passing through nations in the region. Hong Kong's involvement was prompted by a finding that 95 percent of spam originated from overseas countries such as the United States and South Korea.
The Commissioner has had informal discussions with the EU over the question of the adequacy of data protection under the EU Data Protection Directive, but has not received a formal reply. Hong Kong will likely not be deemed adequate before the enactment of Section 33 of the Ordinance.
Hong Kong is an active member of APEC negotiations as one of the drafters of the APEC Privacy Framework (the Framework). In June 2005, the country hosted the first APEC Electronic Commerce Steering Group (ECSG) technical assistance seminar. The PCPD has taken an active role in developing Framework as the process moves into the implementation phase. In Hong Kong, privacy protections are derived from the provisions of the PCPD and therefore have statutory backing. Indeed, every effort is being made to enhance those provisions, and the powers of the Privacy Commissioner, by seeking a number of amendments to the PCPD.
 Adopted on April 4, 1990 by the Seventh National People's Congress of the People's Republic of China at its Third Session. The authority of the Congress to establish a special administrative region and decide on the systems to be implemented there is given by Articles 31 and 62 (13) of the Constitution of the PRC. See Y. Ghai, Hong Kong's New Constitutional Order: The Resumption of Chinese Sovereignty and the Basic Law 56 (Hong Kong University Press 1997). Legally, the Basic Law should not be considered as the constitution of Hong Kong, although it may have certain constitutional functions. The relationship between the Chinese central government and the Hong Kong SAR government is not the one between the federal government and a state. Although the Hong Kong SAR is a highly autonomous administrative region of China, it has no independent sovereignty. The power over Hong Kong absolutely belongs to China and the central government delegates certain powers to the Hong Kong SAR through the Basic Law. The powers not delegated to the Hong Kong SAR remain vested with the central government.
 Hong Kong
Law Reform Commission, 1994 Report on the Law Relating to the Protection Of
Personal Data (1994).
 Personal Data (Privacy) Ordinance, Chapter 486, December 20, 1997; See generally M. Berthold & R. Wacks, Hong Kong Data Privacy Law: Territorial Regulation in a Borderless World (Sweet & Maxwell Asia 2002).
 Personal Data (Privacy) Ordinance, Chapter 486, § 33 (June 30, 1997), available at <http://www.pco.org.hk/english/ordinance/ordglance.html>.
 Id. at §§ 30-32. The provisions relating to data matching, (§ 30), subsequently came into force on August 1, 1997.
 Personal Data (Privacy) Ordinance, (Hong Kong), 1996, Chapter 486, § 2, "data." Personal data is defined as “any data (a) relating directly or indirectly to a living individual; (b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and (c) in a form in which access to or processing of the data is practicable.”
 Id. at § 34.
 US State
Department Human Rights Report 2004 - Hong Kong, available at
 Interpretation and General Clauses Ordinance, Chapter 1.
 See J. Holvast et al., The Global Encyclopedia of Data Protection Regulation Hong Kong 4.B (Kluwer 2000).
Data (Privacy) Ordinance, (Hong Kong),
1996, c. 486, § 5.
 Updated reports of PCO Staff and Organizational structure can be found in PCO Reports, published annually and also available online at <http://www.pco.org.hk/english/publications/annualreport.html>.
 See Personal Data (Privacy) Ordinance, (Hong Kong), 1996.
 Data Protection Act 1998 (United Kingdom), 1998, c. 29.
 As an example, a notice was issued in 2002 against a former telemarketer who had improperly collected and subsequently used personal information of hotel guests. See Privacy Commissioner for Personal Data, Annual Report 2001-2002, 26-27 (Hong Kong, PCO, 2002).
 The PCO has
indicated that in the period from June 2004 until June 2005, 14,609 enquiries
were made via the PCO's telephone hotline and an additional 1,115 enquiries were
received in writing. In the same period, a total of 889 complaints were filed
with the Office of the Privacy Commissioner for Personal Data and a total of 35
investigations were commenced.
 Email from Brenda Kwok, Office of the Privacy Commissioner for Personal Data, Hong Kong, to Allison Knight, Research Director, Electronic Privacy Information Center, June 20, 2007 (on file with EPIC).
 “Recommended Procedures for IT Practitioners on Personal Data Handling,” Privacy Commissioner for Personal Data, October 2006.
Commissioner for Personal Data, Code of Practice on the Identity Card Number and
other Personal Identifiers (Hong Kong, PCO,
 Privacy Commissioner for Personal Data, Code of Practice on Consumer Credit Data (Hong Kong, PCO, 2002). Issued on 27 February 1998, effective as of November 27, 1998; see also Privacy Commissioner for Personal Data, Consultation Paper on Amendments.
 Privacy Commissioner for Personal Data, Code of Practice on Human Resource Management, (Hong Kong, PCO, 2000).
 Privacy Commissioner for Personal Data, Press Release, "New Code Launched for Fixed and Mobile Service Operators to Protection Customer Information," June 17, 2002 , available at <http://www.pco.org.hk/english/infocentre/press.html>; see also Privacy Commissioner for Personal Data, Code of Practice on Protection of Customer Information for Fixed and Mobile Service Operators, (Hong Kong, PCO, 2002).
 Privacy Commissioner for Personal Data, Code of Practice on Monitoring and Personal Data Privacy at Work, (Hong Kong, PCO, 2002).
Interception of Communications and Surveillance Ordinance, Cap
 Telecommunications Ordinance, Chapter 106, § 33.
 Post Office Ordinance, Chapter 98, § 13.
 US State Department Human Rights Report 2001 – Hong Kong, supra.
 "Phone Tap Figures to Remain Secret," South China Morning Post, October 1, 1998.
 Bill of Rights Ordinance Chapter 383, § 8, Article 14, June 30, 1997.
release, "Hong Kong Security Chief Details Anti-terrorism Efforts," Hong
Kong Economic and Trade Office, May 14, 2002, available at
 "Hong Kong Official Says Government to Consider Amending Anti-terrorism Bill," RTHK Radio 3 by BBC Worldwide Monitoring, June 15, 2002.
 "Chinese Spokeswoman Says Beijing Backs Hong Kong's Anti-terrorism Efforts," Xinhua News Agency, September 26, 2002.
 Law Reform
Commission, Consultation Paper on Civil Liability for Invasion of Privacy
 Privacy Commissioner for Personal Data, Draft Code of Practice on Monitoring and Personal Data Privacy at Work, (Hong Kong, PCO, 2002).
 E-mail from Stephen Lau, Privacy Commissioner for Personal Data, Hong Kong to Sarah Andrews, Research Director, Electronic Privacy Information Center (EPIC), June 11, 2001 (on file with EPIC).
of Hong Kong, Social Sciences Research Centre, 2001 Opinion Survey: Personal
Data (Privacy) Ordinance: Attitudes and Implementation – Key Findings, 16
(April 2002), the percentage reporting use of the enumerated surveillance types
did not appreciate in 2001.
 Id. at 17 (compared to approximately 18 percent in 2000).
 E. Tang, "Big Brother Is Watching You at Work." Global News Wire: Asia Africa Intelligence Wire December 11, 2004.
 C. Buddle, "Keeping Orwell out of the Office," South China Morning Post, March 15, 2002, at 18; A. Li and P. Moy, "Unclear Code for Workplace Rejected," South China Morning Post, April 13, 2002, at 6; See also Privacy Commissioner for Personal Data, Draft Code of Practice on Monitoring and Personal Data Privacy at Work, 22-23 (Hong Kong, PCO, 2002): e.g. the draft code differentiates between inbound and outbound e-mail, stating that "monitoring of inbound e-mails can rarely be justified."
 PCO Press
Release, available at:
 R. Rodwell, "Guidelines push privacy issues to the forefront; Incorrect monitoring in the workplace can quickly sour employer-staff relationships." South China Morning Post Jan 8 2005.
 Cally Cheng, "Workplace Privacy Guide Useless Human Rights Group," Global News Wire: Aisa Africa Intelligence Wire, December 18, 2004.
 M. Landler, "Fine-tuning for Privacy, Hong Kong Plans Digital ID," New York Times, February 18, 2002, at C1.
 "Hong Kong
Residents Born in 1952-53 Start Applying for Smart ID Cards," Xinhua News
Agency, Beijing, January 24,
 "Hong Kong Government Rolling Out ID Cards Based on Keycorp Technology," Australian Associated Press (AAP), July, 28 2004.
 Sylvia Hui,
"Few Using too Complex Smart ID Cards," Financial Times: Asia Africa
Intelligence Wire, May 26, 2005.
 Smart ID homepage <http://www.smartid.gov.hk/en/app/index.html>.
Beckerling, "Public Gets Say on Credit Bureau," South China Morning Post, May 4,
 J. Moir & L. Beckerling, "Privacy Goes Plastic," South China Morning Post, June 13, 2002.
 L. Beckerling, "First Look at Sample Credit Risks Report," South China Morning Post, March 29, 2002.
 See L. Leung, "HKMA Pushes Banks to Share Loan Histories," South China Morning Post, September 21, 2001, at 4; L. Beckerling, "Public Gets Say on Credit Bureau," South China Morning Post, May 4, 2002, at 1; E. Yiu, "Democrats to Consider Proposal for Credit Information Sharing," South China Morning Post, June 24, 2002, at 3, quoting Democratic Party financial affairs spokesman, Sin Chung-kai arguing that banks would only use credit sharing to boost profitability.
 L. Beckerling, "Public Gets Say on Credit Bureau," South China Morning Post, May 4, 2002, at 1, quoting Anna Borzi of HSBC Securities stating "Privacy is over. There are already more things being recorded, coded and monitored than we can poke a stick at. If anybody seriously believes privacy can still be protected they are seriously deluded. That battle has been fought and lost."
 See Privacy Commissioner for Personal Data, Code of Practice on Consumer Credit Data (Hong Kong, PCO, 2002); see also Privacy Commissioner for Personal Data, Consultation Paper on Amendments to the Consumer Credit Data Code, May 25, 2001.
 "Amendments to Code of Practice on Consumer Credit Data Gazettes Tomorrow," Press Release of the Hong Kong Privacy Commissioner's Office, May 22, 2003, available at <http://www.pco.org.hk/english/infocentre/press_20030522.html>.
 Email from Brenda Kwok, supra.
 When asked
for a specific example of the need for video surveillance in Lan Kwai Fong,
Deputy Police Commissioner Dick Lee Ming-kwai cited a stampede in 1993 when 20
people were crushed to death on New Year's
 S. Lau, "Business Backs Push for Video Surveillance," South China Morning Post, February 19, 2002, at 5.
 C. Yeung and R. Ma, "Police Drop Spy Camera Scheme," South China Morning Post, May 14, 2002, at 2.
Violators Beware: Hong Kong Watching Alleys with Closed-Circuit Cameras,"
Associated Press, September 26,
 S. Lee,
"Closed-circuit Television Cameras to Monitor Inmates' Evening Activities,"
South China Morning Post, May 17, 2002, at
 Niall Fraser & Stella Lee, "Come Clean on Video Surveillance, Prison Chiefs Told," South China Morning Post, November 24, 2002, at 4.
 Carolyn Ong, "Businesses Ban Camera Phones; Fitness Clubs Lead Way in Curbing Use of Mobiles amid Fears over Locker-room Privacy," South China Morning Post, July 8, 2003, at 1.
Wills. "Eliminating Spam Requires Co-operation between Governments," South China
Morning Post. April 12, 2005.
 Kathleen McLaughlin, “Hong Kong Drafting Anti-Spam Bill as Work Starts on Other Measures,” The Bureau of National Affairs Report, March 7, 2005.
 "HK Joins
International Community against Spam," Xinhua News Agency. April 27,
Protection Working Party – Article 29, Fourth Annual Report on the
Situation Regarding the Protection of Individuals with regard to the Processing
of Personal Data and Privacy in the Community and in Third Countries Covering
the Year 1999: Part II, May 17, 2001, 5019/EN/WP 46, 20. The Working Party
entered into preliminary discussions on the level of protection in Hong Kong,
but has not yet reported back.
 Data Protection Working Party Opinion 7/2001 on the Draft Commission Decision (version August 31, 2001) on Standard Contractual Clauses for the Transfer of Personal Data to Data Processors Established in Third Countries under Article 26(4) of Directive, September 13, 2001, 95/465061/01/EN/Final WP 47, 3, describing the general principle that the data importer is bound by the data exporter's legislation. See also C. Raab et al. Application of a Methodology Designed to Assess the Adequacy of the Level of Protection of Individuals with regard to Processing Personal Data: Test of the Method on Several Categories of Transfer: Final Report, European Commission Tender No. XV/97/18/D, 17-22, 57-65, 103-107,142-148,178-181.