Politics

Hong Kong’s privacy regulator releases toolkit to combat AI deepfakes in schools

Friday, 19 December 2025 4:47AM UTC

Hong Kong’s privacy regulator has unveiled a practical toolkit for schools and parents to prevent and manage incidents involving AI-generated deepfakes of minors, emphasising proactive education and organisational measures over new legislation.

Hong Kong’s privacy regulator has published a practical toolkit for schools and parents to manage and prevent incidents involving AI-generated deepfakes of children and young people, underscoring a growing focus on protecting minors in educational settings. According to the Office of the Privacy Commissioner for Personal Data (PCPD), the guidance outlines common types of deepfakes, typical abuse scenarios in schools, and step-by-step recommendations on preventing their creation, safeguarding personal data and managing incidents when they occur. The regulator attached an official statement to the toolkit when it was published. ^[1]

The toolkit is presented as a hands-on resource rather than a legislative change: it stresses preventative measures such as limiting unnecessary collection of pupil images and personal details, educating staff and students about the risks of manipulated media, and setting clear reporting and response procedures for schools and parents. The PCPD also advises practical technical and organisational steps to reduce the likelihood that imagery and other data will be repurposed to create harmful deepfakes. ^[1]

The release forms part of a broader regulatory approach in Hong Kong that has, to date, favoured guidance and enforcement of existing privacy rules over new, AI-specific statutes. In May 2025 the Privacy Commissioner, Ada Chung, told audiences that the current privacy framework is sufficient to address AI-related concerns, a position reflected in the PCPD's emphasis on toolkits and checklists rather than fresh legislation. ^[2]

That approach has precedent in the regulator's recent actions and findings. In April 2025 the PCPD issued a checklist for employers on employees' use of generative AI, urging organisations to adopt internal policies covering permissible AI use, privacy protection, bias mitigation and security. The deepfake toolkit for schools mirrors that pragmatic, guidance-led strategy aimed at embedding responsible practices across sectors. ^[5]^[1]

Regulatory interventions have also prompted private-sector changes. Following scrutiny from the PCPD, LinkedIn in October 2024 stopped using Hong Kong users' personal data to train its generative AI models, illustrating how enforcement and oversight can alter corporate data practices without immediate new legislation. The regulator’s recent compliance checks of 60 organisations found no contraventions of privacy law in their AI data practices, a result the PCPD presented as evidence that existing rules can be effective when applied and monitored. ^[4]^[7]

The PCPD’s broader enforcement and legislative context is relevant to the toolkit’s aims. Government figures reported a sharp decline in online doxxing , a roughly 90% drop in such cases since 2022, according to the Privacy Commissioner’s briefing to the Legislative Council , reflecting both legal overhaul and active regulation in the personal-data sphere. At the same time, officials have signalled sensitivity to business concerns about penalties and implementation, having discussed a phased rollout of privacy law revisions earlier in 2025 to ease transition pressures on industry. ^[3]^[6]

Taken together, the deepfake guidance sits within a regulatory toolkit that combines education, oversight and targeted intervention. The PCPD frames the toolkit as a practical step schools and parents can use now to reduce harm, while continuing to rely on existing privacy laws and supervisory activity to address emerging AI-related risks. ^[1]^[2]^[5]

📌 Reference Map:

##Reference Map:

^[1] (MLex) - Paragraph 1, Paragraph 2, Paragraph 8
^[2] (MLex) - Paragraph 3, Paragraph 8
^[5] (MLex) - Paragraph 4, Paragraph 8
^[4] (MLex) - Paragraph 5
^[7] (MLex) - Paragraph 5
^[3] (MLex) - Paragraph 6
^[6] (MLex) - Paragraph 6

Source: Noah Wire Services

More on this

https://www.mlex.com/mlex/artificial-intelligence/articles/2423970/hong-kong-privacy-regulator-issues-guidance-on-ai-deepfakes-for-schools-parents - Please view link - unable to able to access data
https://www.mlex.com/mlex/articles/2342413/hong-kong-sees-no-need-for-ai-specific-legislation-regulator-says - In May 2025, Hong Kong's Privacy Commissioner for Personal Data, Ada Chung, stated that existing privacy regulations are sufficient to address concerns related to artificial intelligence (AI). Despite growing apprehensions about AI's impact on data protection, Chung dismissed the need for new legislation, asserting that current laws effectively regulate AI applications. This perspective highlights Hong Kong's confidence in its existing legal framework to manage emerging technological challenges.
https://www.mlex.com/mlex/data-privacy-security/articles/2395662/hong-kong-reports-90-drop-in-online-doxxing-cases-since-legal-overhaul - As of October 2025, Hong Kong reported a 90% reduction in online doxxing incidents compared to 2022 levels. Privacy Commissioner for Personal Data, Ada Chung, informed the Legislative Council of this significant decline, noting changes not only in the volume but also in the nature of personal data violations. This improvement underscores the effectiveness of recent legal reforms aimed at enhancing data protection and privacy in the region.
https://www.mlex.com/mlex/articles/2147012 - In October 2024, LinkedIn, owned by Microsoft, ceased using Hong Kong users' personal data to train its generative AI models. This decision followed intervention from Hong Kong's privacy regulator, which had raised concerns over LinkedIn's privacy-policy update that permitted the use of user data for AI training. The move reflects the growing scrutiny of AI data practices and the importance of adhering to privacy regulations.
https://www.mlex.com/mlex/articles/2318331/hong-kong-regulator-issues-guidance-on-employees-use-of-generative-ai - In April 2025, Hong Kong's privacy regulator released a checklist to assist organizations in guiding employees on the use of generative artificial intelligence. The guidelines emphasize the need for internal policies covering permissible AI use, privacy protection, lawful and ethical practices, prevention of biased outputs, data security, and the consequences of policy violations. This initiative aims to ensure responsible and compliant AI usage within organizations.
https://www.mlex.com/mlex/data-privacy-security/articles/2287134/hong-kong-considers-phased-rollout-of-privacy-law-revisions - In January 2025, Hong Kong considered a phased introduction of proposed changes to its privacy law. This approach was intended to address business concerns over heightened penalties amid the current economic slowdown. The previous year had seen a significant increase in data breaches, with 217 cases reported compared to the average of 100 cases annually. The phased rollout aims to balance regulatory updates with economic considerations.
https://www.mlex.com/mlex/data-privacy-security/articles/2337230/hong-kong-finds-no-privacy-contraventions-in-review-of-ai-data-practices - In May 2025, Hong Kong's privacy regulator completed compliance checks on 60 organizations' data practices involving artificial intelligence. The review found no contraventions of the city's privacy law, confirming that all organizations had implemented appropriate security measures when collecting, using, and processing personal data during AI usage. This outcome highlights the effectiveness of existing privacy regulations in overseeing AI data practices.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 10

Notes: The narrative is based on a press release issued by the Office of the Privacy Commissioner for Personal Data (PCPD) on 17 December 2025, detailing the publication of a toolkit for schools and parents to manage AI-generated deepfakes involving children and young people. ([pcpd.org.hk](https://www.pcpd.org.hk/english/news_events/media_statements/press_20251217.html?utm_source=openai)) This indicates high freshness, as the information is current and directly sourced from the PCPD.

Quotes check

Score: 10

Notes: The narrative includes direct quotes from Privacy Commissioner Ada Chung Lai-ling, such as: > "Deepfakes may cause harm to others, particularly children and youngsters, if used abusively." ([pcpd.org.hk](https://www.pcpd.org.hk/english/news_events/media_statements/press_20251217.html?utm_source=openai)) A search for this quote reveals no earlier usage, suggesting it is original to this release.

Source reliability

Score: 10

Notes: The narrative originates from the Office of the Privacy Commissioner for Personal Data (PCPD), a reputable government agency in Hong Kong responsible for personal data privacy. This lends high credibility to the information presented.

Plausability check

Score: 10

Notes: The claims made in the narrative are plausible and consistent with known issues regarding AI-generated deepfakes and their impact on privacy, particularly concerning children and young people. The PCPD's proactive approach in issuing guidance aligns with its role in safeguarding personal data privacy.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative is based on a recent press release from the Office of the Privacy Commissioner for Personal Data, detailing the publication of a toolkit for schools and parents to manage AI-generated deepfakes involving children and young people. The information is current, directly sourced from a reputable government agency, and includes original quotes from the Privacy Commissioner, indicating high credibility and freshness.

Privacy
Deepfakes
Hong Kong