Data HK – What Are the Data Protection Regulations for Cross-Border Data Transfers?
Data hk is an online data portal for all public information relating to the territory of Hong Kong. The information includes maps, statistics, demographics and more. The data is updated every month and can be accessed by anyone with an internet connection. The data can be used for various purposes such as research, planning and development, and for business decision making.
In addition to the publicly available data, the portal also includes information sourced from private organizations and businesses, such as government departments, companies and associations. The information is categorized into different sections so that it is easier for users to find what they are looking for. The information is also accompanied by a detailed map, which allows users to easily locate the data they are interested in.
The current definition of personal data under the PDPO covers “information which relates to identifiable persons”. However, with the increasing availability of modern data processing technologies, it has become possible for information about persons to be gathered and linked in such a way that they can be identified without them being specifically listed. Consequently, the Hong Kong government is expected to widen the definition of personal data in order to better reflect the existing situation.
This will require data users to expressly inform a data subject on or before collecting his/her personal data about the purposes for which it is to be processed and the classes of persons to whom it may be transferred, and not transfer any such data to a third party in a place outside Hong Kong unless that place is one which has been agreed with the original data user. These requirements have not been made mandatory under the PDPO but, as with the recommended model clauses, they will be subject to voluntary compliance.
Cross-border data transfers are an essential part of many business activities and they are common between businesses in Hong Kong and in other locations. It is therefore important for businesses to understand the data privacy regulation imposed on these transfers in order to reduce business risk and ensure efficient compliance with them.
Padraig Walsh of the Tanner De Witt Data Privacy practice group guides us through some of the key points to note for data transfers.
The Personal Data (Privacy) Ordinance was passed in 1995 and is one of Asia’s most established data protection laws. It was created in response to a 1994 Law Reform Commission report that suggested that Hong Kong establish an updated privacy law, in line with international standards.
The PCPD has continued to focus on enforcement against direct marketing practices over the last few years and this remains a significant area of focus. However, with the increasing integration of business operations and social life across Hong Kong and mainland China under the ‘one country, two systems’ principle, it is likely that the volume of data transfers between the two jurisdictions will increase significantly in the future and this will further highlight the importance of understanding and complying with these data privacy regulations.