{"id":32764,"date":"2026-04-30T06:54:06","date_gmt":"2026-04-30T06:54:06","guid":{"rendered":"https:\/\/prelive-tdw.visibleone.app\/?post_type=insight-and-news&#038;p=32764"},"modified":"2026-05-19T01:53:53","modified_gmt":"2026-05-19T01:53:53","slug":"news-update-hong-kong-privacy-commissioner-claws-back-privacy-protection-from-agentic-ai-tools","status":"publish","type":"insight-and-news","link":"https:\/\/www.tannerdewitt.com\/zh-hant\/insight-and-news\/news-update-hong-kong-privacy-commissioner-claws-back-privacy-protection-from-agentic-ai-tools\/","title":{"rendered":"News update: Hong Kong Privacy Commissioner claws back privacy protection from agentic AI tools"},"content":{"rendered":"\n    \n\n<div style=\"background-image:url('https:\/\/www.tannerdewitt.com\/wp-content\/themes\/tanner-de-witt\/images\/insightdetails.jpeg')\"\n    class=\"insight-news-detail-hero\" id=\"insight-news-detail-hero\">\n\n\t\t<div style=\"background-color:\" class=\"insight-news-detail-hero-overlay \"><\/div>\n            <div class=\"z-[0]\">\n                <div class=\"insight-news-breadcrumbs flex items-end practice-areas-featured-breadcrumbs \">\n                    <a class=\"page-link no-underline\" href=\"https:\/\/www.tannerdewitt.com\/zh-hant\/\">Home<\/a>                <\/div>\n\n\n                <div class=\"hero-title\">\n                    <h1>\n                        News update: Hong Kong Privacy Commissioner claws back privacy protection from agentic AI tools                    <\/h1>\n                <\/div>\n                \n                    <div style=\"\" class=\"hero-date \">\n\n                        <span class=\"month\">Apr<\/span>\n                        <span class=\"day\">30<\/span>\n                        <span class=\"year\">2026<\/span>\n                    <\/div>\n\n            <\/div>\n    \n\n    \n\n\n\n<\/div>\n\n\n\n<script >\n    (function () {\n        document.addEventListener(\"DOMContentLoaded\", () => {\n\n            const breadCrumbsContainer = Array.from(document.querySelectorAll(\".practice-areas-featured-breadcrumbs\"));\n\n            breadCrumbsContainer.forEach(container => {\n                const breadCrumbLinks = Array.from(container.querySelectorAll('.page-link'));\n                const breadCrumbSeperators = Array.from(container.querySelectorAll('.separator'));\n\n                if (Array.from(breadCrumbLinks).length === 1) {\n                    const homeNode = breadCrumbLinks[0];\n\n                    if (!homeNode) {\n                        return\n                    }\n\n                    const postTypeNode = homeNode.cloneNode(true);\n                    postTypeNode.textContent = \"Insights and News\";\n                    container.insertAdjacentHTML('beforeend', `<span class=\"separator practice-areas-featured-breadcrumb-item-slash\">\/<\/span>`)\n                    container.insertAdjacentElement('beforeend', postTypeNode)\n                    breadCrumbLinks.push(postTypeNode);\n\n                    if (\"Insights\") {\n                        const categoryNode = homeNode.cloneNode(true);\n\n                        categoryNode.textContent = \"Insights\";\n                        container.insertAdjacentHTML('beforeend', `<span class=\"separator practice-areas-featured-breadcrumb-item-slash\">\/<\/span>`)\n                        container.insertAdjacentElement('beforeend', categoryNode)\n                        breadCrumbLinks.push(categoryNode);\n                    }\n\n\n                    const titleNode = homeNode.cloneNode(true);\n\n                    titleNode.textContent = \"News update: Hong Kong Privacy Commissioner claws back privacy protection from agentic AI tools\";\n                    container.insertAdjacentHTML('beforeend', `<span class=\"separator practice-areas-featured-breadcrumb-item-slash\">\/<\/span>`)\n                    container.insertAdjacentElement('beforeend', titleNode)\n                    breadCrumbLinks.push(titleNode);\n\n\n\n\n                }\n\n                breadCrumbLinks.forEach((link, index) => {\n\n                    link.classList.add('practice-areas-featured-breadcrumb-item-name');\n                    const origin = window.location.origin;\n                    const href = window.location.href;\n\n                    const originSplitter = window.location.href.includes(\"insight-and-news\") ? \"insight-and-news\" : window.location.href.includes('insights-and-news') ? \"insights-and-news\" : \"\"\n\n                    const paths = href.split(originSplitter);\n                    const links = paths[1].split(\"\/\").filter(Boolean)\n\n\n                    const resolvedOrigin = originSplitter ? (href.split(originSplitter)[0] || \"\") : (origin + \"\/\")\n\n                    if (index === 0) {\n\n                        if (!originSplitter) {\n                            link.href = origin\n                        } else {\n                            link.href = resolvedOrigin;\n                        }\n\n\n                    } else if (index === 1) {\n                        link.href = resolvedOrigin + originSplitter\n\n                    }\n                    else if (index === 2) {\n                        console.log(links)\n                        link.href = resolvedOrigin + originSplitter + \"\/\" + (links[0] || \"\")\n                    }\n                    else if (index === 3) {\n\n                        link.href = resolvedOrigin + originSplitter + \"\/\" + (links[0] || \"\") + \"\/\" + (links[1] || \"\")\n\n                    }\n\n\n\n                    \/\/ const words = link.textContent.split(\" \")\n                    \/\/ if (words.length > 4) {\n                    \/\/     link.textContent = words.slice(0, 4).join(\" \") + \"...\"\n                    \/\/ }\n\n                })\n\n                breadCrumbSeperators.forEach(separator => {\n                    separator.textContent = \"\/\"\n                    separator.classList.add('practice-areas-featured-breadcrumb-item-slash')\n                });\n\n\n            })\n\n\n        })\n        removeDivTag()\n    })();\n\n    function removeDivTag() {\n        console.log(\"remasfljas\");\n        const editorContainer = document.querySelector(\".editor-wysiwyg\");\n        \/\/ editorContainer.innerText = editorContainer.innerText.replace(\"<\/div>\", \"\")\n        Array.from(editorContainer.childNodes).forEach(el => {\n            if (el.textContent.includes(\"<\/div>\")) {\n                el.textContent = \"\"\n            }\n        })\n    }\n<\/script>\n\n<div class=\"editor-wysiwyg my-[40px]\">\n<div class=\"single-section\">\u00a0<\/div>\n<p id=\"ember60\" class=\"ember-view reader-text-block__paragraph\">On 16 March 2026, the Office of the Privacy Commissioner for Personal Data (PCPD) issued a <a class=\"xRPuXKfUpBkIORjMpZxQAvTEeNvfshyBJs \" tabindex=\"0\" href=\"https:\/\/www.pcpd.org.hk\/english\/news_events\/media_statements\/press_20260316.html\" target=\"_self\" data-test-app-aware-link=\"\" rel=\"noopener\">media statement<\/a> reminding organisations and members of the public to use \u201cOpenClaw\u201d and other agentic artificial intelligence tools with caution. In this news update, <a class=\"xRPuXKfUpBkIORjMpZxQAvTEeNvfshyBJs \" tabindex=\"0\" href=\"https:\/\/www.tannerdewitt.com\/our-people\/padraig-walsh\/\" target=\"_self\" data-test-app-aware-link=\"\">P\u00e1draig Walsh<\/a> from our <a class=\"xRPuXKfUpBkIORjMpZxQAvTEeNvfshyBJs \" tabindex=\"0\" href=\"https:\/\/www.tannerdewitt.com\/practice-areas\/data-privacy\/\" target=\"_self\" data-test-app-aware-link=\"\">Data Privacy<\/a> practice looks at the key data privacy and cybersecurity risks arising from agentic AI that were highlighted by the PCPD and the recommended safeguards to adopt before deployment.<\/p>\n<p id=\"ember61\" class=\"ember-view reader-text-block__paragraph\"><strong>What is agentic AI (and why does it matter)?<\/strong><\/p>\n<p id=\"ember62\" class=\"ember-view reader-text-block__paragraph\">Agentic AI tools differs from other AI tools such as AI chatbots. AI chatbots are limited to analysing documents and providing information based on pre-defined questions. Agentic AI can operate as a form of digital assistant that can provide information and carry out tasks independently, once objectives are clearly defined. Agentic AI can read and write local files, deploy system resources, interface with third-party services, or autonomously carry out multiple-step tasks according to pre-defined instructions. This can be deployed for tasks such as handling emails, making hotel reservations and settling payments. \u00a0These processes do not require user\u2019s real time involvement once the instructions have been given. Open Claw is one example of this form of agentic AI.<\/p>\n<p id=\"ember63\" class=\"ember-view reader-text-block__paragraph\">The PCPD has highlighted that these capabilities can amplify privacy and security risks. Agentic AI needs careful design and implementation of access controls, monitoring and technical safeguards across a number of data sets and computer networks and systems. This is particularly necessary to preserve privacy and security. Without strict privilege settings and oversight, expanded access may expose large volumes of personal data to unauthorised access, copying, or onward disclosure. The system may also misread user instructions and delete or change critical information. Risks increase further if connected systems have design flaws or weak safety controls. Malicious code may be introduced and exploited to compromise accounts or take over devices. Agentic AI is becoming increasingly easy to use and deploy. The ease of use can result in premature deployment before privacy and security concerns are fully considered.<\/p>\n<p id=\"ember64\" class=\"ember-view reader-text-block__paragraph\"><strong> PCPD\u2019s suggestions<\/strong><\/p>\n<p id=\"ember65\" class=\"ember-view reader-text-block__paragraph\">The PCPD reminded organisations and members of the public that, they should first understand the personal data privacy and security risks involved before deploying or using agentic AI tools. The PCPD recommended users of agentic AI to:<\/p>\n<p id=\"ember66\" class=\"ember-view reader-text-block__paragraph\">(a)\u00a0\u00a0\u00a0\u00a0 consider the nature and sensitivity of the personal data involved and grant the minimum access right to agentic AI;<\/p>\n<p id=\"ember67\" class=\"ember-view reader-text-block__paragraph\">(b)\u00a0\u00a0\u00a0\u00a0 use the latest official version and avoid third-party versions or outdated versions to reduce risk of data breach incidents from unpatched system vulnerabilities;<\/p>\n<p id=\"ember68\" class=\"ember-view reader-text-block__paragraph\">(c)\u00a0\u00a0\u00a0\u00a0 adopt adequate measures to ensure system security and data security;<\/p>\n<p id=\"ember69\" class=\"ember-view reader-text-block__paragraph\">(d)\u00a0\u00a0\u00a0\u00a0 install and use plugins with caution, verify that the relevant programmes are official versions to ensure their security;<\/p>\n<p id=\"ember70\" class=\"ember-view reader-text-block__paragraph\">(e)\u00a0\u00a0\u00a0\u00a0 conduct continuous risk assessments to identify and evaluate risks involved using agentic AI<\/p>\n<p id=\"ember71\" class=\"ember-view reader-text-block__paragraph\"><strong>Conclusion<\/strong><\/p>\n<p id=\"ember72\" class=\"ember-view reader-text-block__paragraph\">Open Claw launched to significant attention and impact, which has since somewhat waned. The PCPD guidance is not limited to one application or tool though. The issues are more pervasive than that. Agentic AI tools have the capacity of performing tasks without human oversight and may in time move beyond answering questions to taking actions across business systems.<\/p>\n<p id=\"ember73\" class=\"ember-view reader-text-block__paragraph\">The privacy and security consequences of misconfiguration of agentic AI can be immediate and significant. The PCPD will still assess responsibility by reference to the data user collecting and controlling the use of personal data. If an organisation in Hong Kong uses agentic AI in its operations that collects or uses personal data when deployed, then that organisation (and most likely, not the system developer) will be responsible and accountable. The data user (and humans!) must still have oversight of the deployment and activity of agentic AI. The data user will still be accountable.<\/p>\n<p id=\"ember74\" class=\"ember-view reader-text-block__paragraph\">The PCPD\u2019s statement is a useful reminder that organisations should treat agentic AI deployments as a governance and risk project. Organisations should retain robust oversight and establish systemic rules on what data an AI agent may access and process. We expect regulatory attention in this area to continue as adoption accelerates.<\/p>\n<p id=\"ember75\" class=\"ember-view reader-text-block__paragraph\">And remember, privacy by design and default from the outset, and human oversight and monitoring in implementation are the key protections. You don&#8217;t want a PCPD enforcement action to force you to claw back privacy and security after the event.<\/p>\n<p style=\"text-align: right;\"><strong><em>P\u00e1draig Walsh and Evelyn Wong<\/em><\/strong><\/p>\n<p>If you want to know more about the content of this article, please contact:<\/p>\n<p><a href=\"https:\/\/www.tannerdewitt.com\/our-people\/padraig-walsh\/\">P\u00e1draig Walsh<\/a><br \/>Partner |\u00a0<a href=\"mailto:padraigwalsh@tannerdewitt.com\">Email<\/a><\/p>\n<p>Disclaimer: This publication is general in nature and is not intended to constitute legal advice. You should seek professional advice before taking any action in relation to the matters dealt with in this publication. This article was last reviewed on <em>30 April 2026.<\/em><\/p>\n<\/div>\n\n\n\n\n<\/div>\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00a0 On 16 March 2026, the Office of the Privacy Commissioner for Personal Data (PCPD) issued a media statement reminding organisations and members of the public to use \u201cOpenClaw\u201d and other agentic artificial intelligence tools with caution. In this news update, P\u00e1draig Walsh from our Data Privacy practice looks at the key data privacy and [&hellip;]<\/p>\n","protected":false},"author":22,"featured_media":32774,"parent":0,"menu_order":0,"template":"","meta":{"_acf_changed":false,"footnotes":""},"tags":[23,291],"insight-category":[1121],"insight-month":[1155],"insight-practice-area":[1142],"insight-year":[1162],"class_list":["post-32764","insight-and-news","type-insight-and-news","status-publish","has-post-thumbnail","hentry","tag-legal-updates","tag-tmt","insight-category-legal-updates-and-insights","insight-month-april","insight-practice-area-technology-media-and-telecommunications-tmt","insight-year-1162"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-and-news\/32764","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-and-news"}],"about":[{"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/types\/insight-and-news"}],"author":[{"embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/users\/22"}],"version-history":[{"count":2,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-and-news\/32764\/revisions"}],"predecessor-version":[{"id":32801,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-and-news\/32764\/revisions\/32801"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/media\/32774"}],"wp:attachment":[{"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/media?parent=32764"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/tags?post=32764"},{"taxonomy":"insight-category","embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-category?post=32764"},{"taxonomy":"insight-month","embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-month?post=32764"},{"taxonomy":"insight-practice-area","embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-practice-area?post=32764"},{"taxonomy":"insight-year","embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-year?post=32764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}