Skip to content

Something urgent? Call us now! (852) 3416 1711

Ally Law
Boase Cohen & Collins
Blog

Cybercrime review is long overdue

By Alex Liu

Hong Kong, 6 September 2022: It is obvious to many that Hong Kong’s laws to combat cybercrime are badly outdated. This city completed its last review of online security more than two decades ago, since when the digital revolution has transformed almost every aspect of our lives. So new proposals to introduce specific legislation against cybercrime are both welcome and overdue.

The Law Reform Commission (LRC) has published a consultation paper which recommends introducing a string of new cybercrime offences and giving courts scope to hand out tougher penalties, including life imprisonment in the most serious cases.

Background

Currently, there is no single ordinance in Hong Kong which deals specifically with cybercrime. Until now, law enforcement officers have relied chiefly on Section 161 of the Crimes Ordinance (Cap 200), for the offence of “access to a computer with criminal or dishonest intent”, and section 27A of the Telecommunications Ordinance (Cap 106), forbidding “unauthorized access to any program or data held in a computer”. It is worth noting that Section 161 was enacted in 1993, a time when the internet was only in its formative stages and before the advent of smartphones and social media.

But then came a landmark decision by the Court of Final Appeal in April 2019 which ruled Section 161 did not apply to the use by a person of his or her own computer, including a smartphone. Until that point, Section 161 had been used to prosecute a wide range of smartphone and computer-related crimes, including the taking of up-skirt photos. The need for new legislation was clear.

In fact, the LRC’s Sub-committee on Cybercrime had commenced its study three months before that key judgment, seeking to identify the challenges posed by rapid developments in cybercrime, review existing legislation and make recommendations. In doing so, it examined the regulatory regimes in seven other jurisdictions, namely Australia, Canada, England and Wales, Mainland China, New Zealand, Singapore and the United States.

Proposals

After three and a half years of deliberations, the LRC has produced its consultation paper. At the heart of this document is the suggestion that new legislation should be enacted to cover five types of offences, namely:

  1. illegal access to program or data;
  2. illegal interception of computer data;
  3. illegal interference of computer data;
  4. illegal interference of computer system; and
  5. making available or possessing a device or data for committing a crime.

The paper recommends maximum penalties of two to 14 years’ imprisonment for most offences – compared with two to five years under existing laws – while summary convictions could result in a sentence of up to two years. However, for “aggravated offences”, such as illegal interference with computer data or a computer system, the highest penalty could be life imprisonment.

Given the nature of cybercrime, Hong Kong would be justified in giving the new laws extra-territorial application, says the LRC. As an illustration, the courts here may assume jurisdiction if the perpetrator’s act has caused or may cause serious damage to Hong Kong.

The LRC has stopped short of allowing whistle-blowers who expose wrongdoing to rely on a public interest defence. It maintains that a “reasonable excuse” defence allows courts flexibility to determine what may or may not be acceptable by reference to societal standards. However, it is seeking industry stakeholders’ views on whether there should be any specific defence or exemption for certain professionals or businesses, for example cybersecurity personnel.

It is also worth noting the LRC’s Sub-committee on Cybercrime began its study well over a year before enactment of the national security law in the summer of 2020. “The duty of Hong Kong to safeguard national security reaffirmed the need for reform of cybercrime laws in Hong Kong and the sub-committee has taken this into consideration in its pursuit of the cybercrime project,” says the consultation paper.

Comments

In drafting its recommendations, the LRC has weighed the need to protect the public’s interest and right not to be attacked when using their computer system against the rights of netizens and the interests of persons in the IT industry. In short, it is seeking a balance between effective law enforcement and safeguarding individual rights. The consultation period, which ends on 19 October, is a welcome opportunity for industry stakeholders to have their say.

A Partner in BC&C since 2000, Alex Liu’s key areas of practice include commercial and corporate litigation, investigations by governmental bodies such as the SFC, ICAC and Commercial Crime Bureau, insolvency and debt restructuring, intellectual property, defamation, property and commercial contract drafting. He can be contacted at alex@boasecohencollins.com.

40+ years of legal experience is just a click away.

Friendly and approachable, we are ready to answer your questions and offer you sound advice.

Contact us now

BC&C-contact-us

News & Knowledge

Learn more about what we do and what we say. Subscribe to our newsletter to ensure you receive our updates.

  • This field is for validation purposes and should be left unchanged.

Living with the wait of expectation

London, 13 August 2025: We spend 47 days of our life queuing, apparently. Supermarkets, bus stops, airports, landmarks … you name it, we wait. Two hours for a glimpse of the Mona Lisa? No problem! Four hours before you can tour the Taj Mahal? Bring it on! After all, this is nothing compared to tennis […]

Read more

PolyU powering robotics revolution

Hong Kong, 12 August 2025: The rapid rise of artificial intelligence (AI) and robotics is having a huge impact on the legal profession and here at BC&C we are embracing new technologies as a way of enhancing efficiency and further improving our service to clients. In this regard, we are grateful to fintech professor Brian […]

Read more

Money lenders face heightened scrutiny

By Arthur Chan Hong Kong, 11 August 2025: Proposals have been put forward to enhance regulation of licensed money lenders, with the authorities seeking to curb predatory practices, high interest rates and dubious tactics such as intimidation and harassment. The move has been widely welcomed amid growing concern over the social impact of excessive borrowing […]

Read more

Law & More: Episode 55 – John Scott KC SC

Hong Kong, 4 August 2025: In the latest edition of Law & More, we meet John Scott KC SC, who looks back on his journey through the legal landscape: from his early days as a barrister in London, to the landmark case that brought him to Hong Kong, and his many years as a commercial […]

Read more

Insurance talk focuses on taxi fleets

Hong Kong, 25 July 2025: Our Senior Associate Vivian Yu and Associate Joanna Chin examined the impact of Hong Kong’s new taxi fleet regime on insurers in a talk to Bank of China Group Insurance Company executives. Their presentation highlighted how the city’s much-anticipated premium taxi service will not only shake up the personalised point-to-point […]

Read more
See all news and knowledge
Ally Law