The Asia Internet Coalition (AIC) has told the territory’s personal data privacy commissioner the changes may force its members’ hands.
According to the Wall Street Journal, which first reported the news, the rules could make companies liable when users maliciously post other people’s data online.
“Introducing sanctions aimed at individuals is not aligned with global norms and trends,” said AIC managing director Jeff Paine in a letter seen by Reuters.
“The local staff of overseas platforms in Hong Kong are not responsible for the operations of the platforms; neither do they … have access right or control to administer the online platform contents.
“The only way to avoid these sanctions for technology companies would be to refrain from investing and offering their services in Hong Kong.”
Other members of the AIC include Amazon and Facebook.
Carrie Lam, Hong Kong’s leader, said on Tuesday that planned data protection changes would only target illegal “doxxing” behaviour, referring to the practice of the sharing of people’s personal information without their consent.
The practice was deployed by pro-democracy activists against police officers during huge protests in 2019.
Ms Lam said officials would meet with company bosses concerned about the scheme.
Hong Kong has taken a sharp authoritarian turn since China’s imposition of a sweeping national security law last year, along with changes to its political system to reduce democratic participation and oust people deemed disloyal to Beijing.
Since the security law was introduced, the most prominent government opponents have been jailed or have fled abroad.
Additional reporting by agencies