b'INSURANCE REGULATORY|ASIAregion. The Scheme is expected to provide anlaw stipulates for the use of standard contracts to opportunity for Hong Kong-GBA collaboration ofeffect the transfer of data, but as the rules relating international talent and local market for both theto standard contracts have not yet been formulated, China and Hong Kong insurance industries.companies wishing to transfer data from China will However, the opportunity does come with ahave to comply with the more stringent rules that challenge: the transfer of personal data from Honginvolve certifications and approvals from the Kong to the Mainland, or vice versa. Currently, Hongauthorities. Even stricter requirements apply to Kongs Personal Data (Privacy) Ordinance (Cap. 486)companies which handle large volume of data or a (PDPO) does not restrict personal data transfercertain volume of sensitive data. from Hong Kong to other regions, includingThe regulatory landscape around the handling and Mainland China. Although section 33 of PDPO is nottransfer data poses a challenge for multinational yet in effect, discussions are in place to amendinsurers who are interested in conducting business section 33 of the PDPO in order to protect dataunder the Scheme and also generally. Nonetheless, flows of personal data from Hong Kong. Insurers inthe Scheme is currently on hold due to the COVID-Hong Kong who wish to establish insurance services19 travel bans and regulators across the GBA region in the GBA would be well-advised to ensurestill require further time to refine their regulatory compliance with section 33(2) of the PDPO when itpolicies under the current regimes.becomes law. This section provides that a data user is not to transfer personal data outside Hong Kong unless the user has reasonable grounds forHong Kongbelieving that there is a law, serving similar or the same purposes of PDPO, enforced in theAssessment of ILAS in Protection destination jurisdiction. When enacted, the transferLinked Planswill be subject to restrictions similar to those found in the EUs General Data Protection Regulation.Investment-linked assurance schemes (ILAS) have These include consent from the user or thealways been a popular tool for insurance whitelisting of jurisdictions that are deemed to havepolicyholders to capture capital growth by investing adequate data protection regulations in place. Noteauthorized funds in the market, as well to enjoy life that any transfer of data (including transfers withincoverage provided by the policies. From its revival Hong Kong) have to fall within the notification orsince the Global Financial Crisis in 2008, to consent requirements prescribed by the law.regulators tightening control over the sales process The new data privacy law in China (PIPL) camethrough the implementation of GL 15 and GL 26, into force on November 1, 2021. PIPL has strict dataILAS products and regulations have changed transfer restrictions and the legislation also hasdrastically throughout the years. Most notably, ILAS extra-territorial effect meaning that companies inhas raised the minimum death benefit from 101% to Hong Kong that handle data of PRC nationals or105% of the policy account value, and has included residents will be caught by this new legislation. Thenew sales procedures such as requiring the 110|Global Insurance Industry Year in Review 2021'