Fintech Market Overview

This article does not constitute legal advice.

Data protection in Hong Kong


Businesses in Hong Kong are subject to the Personal Data (Privacy) Ordinance (Cap 486) (PDPO), which regulates how data is collected, used and handled by corporations or persons (data users). PDPO's Data Protection Principle 3 restricts the use and disclosure of personal data without the consent of the data subject under normal circumstances. Data users must adhere to notification requirements for collection of personal data, security measures for access to personal data, accuracy of retained data and a stipulated duration for its retention. Moreover, there are also particular restrictions pertaining to using client lists for marketing products.1

Under Data Protection Principle 3, there are also exemptions to the restrictions on use and disclosure of client data in the PDPO. Exemptions apply for any use or disclosure of client data that is: (1) required or authorised by any Hong Kong law or court order; (2) required in connection with legal proceedings in Hong Kong or exercising or defending legal rights in Hong Kong; (3) for the purpose of a due diligence exercise in connection with a proposed sale or merger; or (4) for the purpose of preparing statistics or carrying out research (provided that no identifying information of any client is published). PDPO clients do not have a general right to object to data processing (including digital profiling), but they can opt out of direct marketing.1

Cross-border payments in Hong Kong

Fintech in Hong Kong

Fintech in other countries

Let's introduce you

Hong Kong Fintech Lawyers

Denis Polyakov

Denis Polyakov

Comprehensive legal services for businesses on corporate, tax law, cryptocurrency legislation, investment activities

  1. https://thelawreviews.co.uk/title/the-financial-technology-law-review/hong-kong