Enacted in 1995 and in force since 1996, the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (” PDPO “) is one of the earliest data privacy laws in Asia. It was last amended in 2012, with the most notable change being the introduction of direct marketing regulations that came into force in April 2013. While data protection regimes around the world have evolved in recent years to meet the demands of the digital age, the PDPO has not been amended since 2012. Once considered pioneering, the PDPO is now at risk of falling behind and being out of step with international developments.