Skip to content

Something urgent? Call us now! (852) 3416 1711

Cybercrime review is long overdue

By Alex Liu

Hong Kong, 6 September 2022: It is obvious to many that Hong Kong’s laws to combat cybercrime are badly outdated. This city completed its last review of online security more than two decades ago, since when the digital revolution has transformed almost every aspect of our lives. So new proposals to introduce specific legislation against cybercrime are both welcome and overdue.

The Law Reform Commission (LRC) has published a consultation paper which recommends introducing a string of new cybercrime offences and giving courts scope to hand out tougher penalties, including life imprisonment in the most serious cases.

Background

Currently, there is no single ordinance in Hong Kong which deals specifically with cybercrime. Until now, law enforcement officers have relied chiefly on Section 161 of the Crimes Ordinance (Cap 200), for the offence of “access to a computer with criminal or dishonest intent”, and section 27A of the Telecommunications Ordinance (Cap 106), forbidding “unauthorized access to any program or data held in a computer”. It is worth noting that Section 161 was enacted in 1993, a time when the internet was only in its formative stages and before the advent of smartphones and social media.

But then came a landmark decision by the Court of Final Appeal in April 2019 which ruled Section 161 did not apply to the use by a person of his or her own computer, including a smartphone. Until that point, Section 161 had been used to prosecute a wide range of smartphone and computer-related crimes, including the taking of up-skirt photos. The need for new legislation was clear.

In fact, the LRC’s Sub-committee on Cybercrime had commenced its study three months before that key judgment, seeking to identify the challenges posed by rapid developments in cybercrime, review existing legislation and make recommendations. In doing so, it examined the regulatory regimes in seven other jurisdictions, namely Australia, Canada, England and Wales, Mainland China, New Zealand, Singapore and the United States.

Proposals

After three and a half years of deliberations, the LRC has produced its consultation paper. At the heart of this document is the suggestion that new legislation should be enacted to cover five types of offences, namely:

  1. illegal access to program or data;
  2. illegal interception of computer data;
  3. illegal interference of computer data;
  4. illegal interference of computer system; and
  5. making available or possessing a device or data for committing a crime.

The paper recommends maximum penalties of two to 14 years’ imprisonment for most offences – compared with two to five years under existing laws – while summary convictions could result in a sentence of up to two years. However, for “aggravated offences”, such as illegal interference with computer data or a computer system, the highest penalty could be life imprisonment.

Given the nature of cybercrime, Hong Kong would be justified in giving the new laws extra-territorial application, says the LRC. As an illustration, the courts here may assume jurisdiction if the perpetrator’s act has caused or may cause serious damage to Hong Kong.

The LRC has stopped short of allowing whistle-blowers who expose wrongdoing to rely on a public interest defence. It maintains that a “reasonable excuse” defence allows courts flexibility to determine what may or may not be acceptable by reference to societal standards. However, it is seeking industry stakeholders’ views on whether there should be any specific defence or exemption for certain professionals or businesses, for example cybersecurity personnel.

It is also worth noting the LRC’s Sub-committee on Cybercrime began its study well over a year before enactment of the national security law in the summer of 2020. “The duty of Hong Kong to safeguard national security reaffirmed the need for reform of cybercrime laws in Hong Kong and the sub-committee has taken this into consideration in its pursuit of the cybercrime project,” says the consultation paper.

Comments

In drafting its recommendations, the LRC has weighed the need to protect the public’s interest and right not to be attacked when using their computer system against the rights of netizens and the interests of persons in the IT industry. In short, it is seeking a balance between effective law enforcement and safeguarding individual rights. The consultation period, which ends on 19 October, is a welcome opportunity for industry stakeholders to have their say.

A Partner in BC&C since 2000, Alex Liu’s key areas of practice include commercial and corporate litigation, investigations by governmental bodies such as the SFC, ICAC and Commercial Crime Bureau, insolvency and debt restructuring, intellectual property, defamation, property and commercial contract drafting. He can be contacted at alex@boasecohencollins.com.

40+ years of legal experience is just a click away.

Friendly and approachable, we are ready to answer your questions and offer you sound advice.

Contact us now

BC&C-contact-us

News & Knowledge

Learn more about what we do and what we say. Subscribe to our newsletter to ensure you receive our updates.

  • This field is for validation purposes and should be left unchanged.

A flying visit and a grounded bird

Hong Kong, 16 April 2025: It is gratifying to know this monthly blog has a sizeable following – and thanks for the positive feedback, everyone – but your correspondent is left in the shade by the wildly popular Darren Jason Watkins Jnr. Who? Otherwise known as IShowSpeed, or simply Speed, he is social media royalty, […]

Read more

Crackdown on ‘space oil’ intensifies

By Arthur Chan Hong Kong, 10 April 2025: Following a surge in the popularity of “space oil”, several key ingredients used to make the narcotic have been classified as dangerous drugs by the Security Bureau. The move brings with it heavy penalties for unauthorised possession, consumption or trafficking of the substance. Space oil has rapidly […]

Read more

First cybersecurity bill becomes law

By Claire Chow Hong Kong, 7 April 2025: A new law designed to enhance the protection of computer systems deemed essential to the smooth running of Hong Kong has been passed by the Legislative Council on 19 March 2025. It is expected to come into effect on 1 January next year. The Protection of Critical […]

Read more

Pádraig Seif reflects on his HK journey

Hong Kong, 3 April 2025: BC&C’s Foreign Legal Consultant Pádraig Seif was delighted to share his experiences as a Hong Kong citizen, business leader and lawyer in a keynote address at a seminar organised by Our Hong Kong Foundation. Born and raised in Germany with Irish roots, Pádraig’s Asian odyssey took him first to Japan […]

Read more

Law & More: Episode 51 – Mohan Bharwaney SC

Hong Kong, 2 April 2025: In this episode, we are joined by Mohan Bharwaney SC, a retired justice of the High Court who has authored a significant number of landmark judgments in the field of personal injury and medical negligence. Mohan reflects on his upbringing in Hong Kong, early days as a barrister and some […]

Read more