TikTok, a popular video-sharing platform with over 150,000 users in Hong Kong, announced on 7 July that it will withdraw its app from the city in the coming days. This decision came only days after the enactment of a highly controversial security law, which gives sweeping powers to Beijing and the Hong Kong authorities, including ordering internet companies to hand over user data. The Beijing-based company ByteDance, which owns TikTok, became the first technology giant to exit Hong Kong, with several other firms, such as Facebook, Twitter and Microsoft, suspending processing data requests from law enforcement in the territory.



  • While many internet firms are still assessing the full regulatory implications of the new law, which came into force on 30 June, TikTok’s imminent departure underscores the increasingly restrictive environment that they are now likely to face in Hong Kong.
  • The prospect of tech firms being punished for not disclosing or removing online content that is deemed a threat to national security under the new law raises serious concerns over data protection and privacy, as well as freedom of expression in the semi-autonomous territory.
  • The likes of WhatsApp, Facebook, Twitter and Telegram provided key means of communication and information sharing for demonstrators during the anti-extradition law protest movement in 2019. Many messages shared on these apps could have now be judged to violate the new national security law.
  • Under its broadly defined terms on subversion, succession and collusion with foreign forces, the legislation will stifle open and unrestricted access to information, a freedom that the 7.5 million residents of the former British colony and the numerous international businesses that operate there have long enjoyed, in stark contrast to the heavy censorship imposed in mainland China.



The immediate implication of the new security law on global internet giants operating in Hong Kong is that they now face a predicament between safeguarding data privacy and freedom of expression, and fulfilling their legal obligation set out by the new legislation. Being fully compliant with the law means that companies may be requested to remove content deemed a threat to national security, and hand over user data to law enforcement agencies; in doing so, tech firms are likely to encounter a strong public backlash, causing serious reputational damage. On the other hand, failure to comply with official requests could lead to equipment seizure, an HKD 100,000 (USD 12,900) fine, and up to two years’ imprisonment.


It is still too early to assess the full impact of the new national security law. Nonetheless, tech companies will no doubt need to change how they operate in Hong Kong, with others potentially following in TikTok’s footsteps and quitting the territory altogether, in order to uphold integrity and data protection. For firms that decide to stay, they will need to engage in close discussions with the relevant authorities, seeking a clear and mutually agreeable legal parameter for their operations to continue.


Hong Kong’s position as a major financial and trade hub makes it an important link in the global data chain. As a result, the new law’s impact on tech firms will also likely ripple through other sectors, especially those most dependent on uninterrupted data transfers and secure data storage, such as financial services.

The World Risk Register
Situation Update Briefs form part of Sibylline’s World Risk Register, a ground-breaking analytical service designed to help organisations of all sizes navigate an uncertain world.
Please contact us if you would like more information on how our strategic risk information could work for your organisation.