The government of Hong Kong has recently entered talks with the Cyberspace Administration of China (CAC) to facilitate data transfers from mainland China to Hong Kong in light of new Chinese data security laws.
These negotiations have begun after Beijing reaffirmed its position on legislation requiring data exports to undergo security reviews by the CAC, which would be made effective from September 1st and affect thousands of Chinese companies.
Under the “one country, two systems” framework, Hong Kong maintains autonomy in data regulation and information flow within its own borders, and is not affected by China’s Internet censorship regime. Hence, Internet services such as Google and Facebook are still accessible in Hong Kong, even if they are not available within Chinese borders.
However, Hong Kong is concerned that the data export rules would impose additional restrictions on cross-border data flow, and have detrimental effects on Hong King’s status as a regional tech and data hub.
Potential Implications of CAC Data Security Laws for Hong Kong
China’s new cybersecurity rules do not contain explicit mechanisms for special treatment of Hong Kong. This ambiguity has caused data experts much concern that the new CAC data security restrictions could poses challenges to Hong Kong’s position as a regional and data hub.
Notably, after the CAC’s latest finalisation of its new data security framework in July 2022, Chinese companies and entities which had, since January 1 2021, sent abroad personal information of 100 000 or more users, would have to undergo a security review by the CAC.
If mainland Chinese authorities treat Hong Kong as being outside the Chinese border, international businesses which have used Hong Kong as a strategic gateway into China may feel inconvenienced and find it less necessary to store their data in Hong Kong.
In an interview with the South China Morning Post, Allen Yeung, a member of the Digital Economy Development Committee in Hong Kong’s Innovation, Technology and Industry Bureau (ITIB), said that the bureau has “started a dialogue” with the CAC.
Hong Kong officials are pushing for a mechanism which bans data coming from China, from leaving Hong Kong. In exchange, they hope that the Chinese government could relax its control over these data transfers.
Yeung observed that “we looked at the data export compliance [requirements], and it’s actually quite a lot of work,” which several companies were struggling to process.
“What we’re trying to advocate is that data can come to Hong Kong but not be transferred further [to other places]. So that means within one country, data export control can be substantially reduced to a minimum.”
It remains to be seen whether the CAC will be amenable to the Hong Kong bureau’s proposed mechanisms.
“Cybersecurity Implementation” is a subcategory under the awards category “Outstanding IT and Cloud Projects” for this year’s W.Media Asia-Pacific Cloud & Datacenter Awards. Thinking of nominating or sponsoring? Visit our Awards page for more information. Nominations are open until 31st July 2022.