Data hk is a website that provides information about the history of Hong Kong. This information includes the names of prominent people and events that have shaped the city’s culture. It also includes details about how the city was influenced by other regions in Asia. The site also has maps of Hong Kong that show how the city’s landscape changed over time. It is a great resource for anyone interested in learning more about Hong Kong’s history.
The main law that regulates the collection, processing, holding and use of personal data in Hong Kong is the Personal Data Protection Ordinance (PDPO), which was first introduced in 1996 and has been amended several times, most recently in 2021. The PDPO establishes data subject rights, specifies specific obligations for data controllers and regulates the collection, processing, holding and uses of personal data through six data protection principles.
One of the key issues to consider when assessing whether the PDPO will apply to a proposed transfer is the definition of ‘personal data’. The PDPO defines this as any information that relates to an identified or identifiable natural person. This is quite a broad definition, which means that it could capture a wide range of different data types, such as CCTV recordings, logs of persons entering car parks or records of meetings that do not name individual speakers and participants.
However, the PDPO specifically excludes data relating to a person’s health, political or religious beliefs, sexual orientation, criminal convictions and offences, trade union membership, genetic information and biometric data. Therefore, unless the transferring entity can demonstrate that the transferred data falls within one of these categories, it is likely that the PDPO will apply to the transfer.
In addition to considering whether the PDPO applies to the proposed transfer, it is also important to consider what laws and practices in the destination jurisdiction will govern the use of the data. This is particularly relevant if the data transfer is to a country that does not have data protection laws similar to those in the EEA.
The PDPO requires that data users obtain the voluntary and express consent of data subjects before using their personal data for a purpose not set out in the PICS or transferring it to another data user. It also requires that data users ensure that any third party to whom they transfer personal data has agreed to abide by the same data protection rules as those in the PDPO.
While the mooted modernisation of Hong Kong’s data protection laws is welcome, it should not distract businesses from ensuring that they understand their duties under the current regime when transferring personal data overseas. As the volume of personal data transfers across the “one country, two systems” boundary continues to increase, this will remain a crucial issue for businesses.