In the age of big data and analytics, Hong Kong is making a name for itself as a global hub. The city is home to more than 3,000 data companies, which are responsible for processing, analysing and providing insights from the huge amounts of information collected in the region. This means that there is a significant demand for people with the right skills in Hong Kong. But with such a high demand, there are also challenges for those wanting to enter the industry.
The first is the definition of personal data, which does not appear to have been updated since PDPO was enacted in 1996. However, it is in line with the definition used in other legislative regimes, including the data protection laws that apply in mainland China and the General Data Protection Regulation that applies in the European Union. The second challenge is the need to comply with six data protection principles (DPPs), which form core obligations under data privacy law in Hong Kong. This includes, but is not limited to, the requirement to inform individuals of their rights and responsibilities regarding their personal data; allowing them to correct inaccurate information; restricting collection of personal data; and not retaining personal data for longer than necessary.
There are also issues around the extra-territorial application of the PDPO, which is particularly important for those who control personal data in Hong Kong but use processors to process the data outside the city. This is because the PDPO requires data users to take contractual or other steps to ensure that personal data processed by their agents or contractors in Hong Kong is protected against unauthorised access, processing, erasure, loss or use, even when the full cycle of data processing takes place outside the city.
This week’s top Hong Kong stories
A memorandum of understanding between the Chinese and British governments has been signed, aimed at boosting cross-border data flows and promoting the benefits of the digital economy in both cities. The agreement will see both sides agree to strengthen their cooperation in areas such as artificial intelligence and robotics, while ensuring that any data exchanged remains secure and compliant with domestic law.
The deal comes after China introduced strict new laws in recent years requiring all cross-border data transfers to be subject to a security review. The move aims to balance the nation’s cybersecurity concerns with the need for data flows, which are critical to economic growth.