Spotlight on Data Protection and E-Commerce Law for Hotels in Hong Kong


All the questions

Data and hotel technology

In February 2022, a major hotel chain reported a data breach of 1.2 million consumers in Hong Kong.19 The hotel’s accommodation system database suffered a cyberattack and as a result, hotel guest data was leaked. For hoteliers, this incident highlights the importance of complying with applicable data protection laws in Hong Kong, understanding their data infrastructure and engaging in incident planning.

Data protection is largely governed by the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO) in Hong Kong. Hoteliers who collect personal data must adhere to the Six Data Protection Principles of the PDPO. The information collected may constitute personal data if: (1) it directly or indirectly relates to consumers; (2) it is possible to directly or indirectly verify the identity of consumers; and (3) it is in a form in which access or processing is possible. Where franchise agreements or hotel management agreements (HMAs) exist, the data collector should exercise caution when transferring data between franchisors or franchisees and owners or operators.

The Data Protection Principles expressly state that consumers must be informed of the categories of persons to whom data may be transferred.20 Where data is transferred between franchisors or franchisees and owners or operators, the data collector should also adopt contractual or other means to ensure that the personal data is not retained for longer than is necessary to fulfill the purpose for which the data is used.21 It is also important to note that the transfer of data outside of Hong Kong is prohibited except in specific circumstances, such as where the data protection laws of the foreign country are similar to the PDPO or the consumer has consented to the transfer. in writing.22

In terms of e-commerce, the trend of personalized content and targeted advertising is gaining momentum, and the use of advertising technology (ADTech) solutions that track consumers’ online behavior is adding momentum to this trend. Although there are no specific requirements in Hong Kong regarding the use of search engines, cookies, online tracking or behavioral advertising, hoteliers should exercise caution when collecting information. information that may constitute personal data because the data protection principles elaborated above will apply.

Source link


About Author

Comments are closed.