Data hk is a portal that reveals achievements and identifies challenges in Hong Kong in the area of open data, and introduces international best practices to our city. It provides a comprehensive assessment tool based on 19 sets of established open data principles and related assessment methodologies at both global and regional levels, so as to enable companies and individuals to evaluate the level of openness in their business operations and identify areas for improvement.
Data is an essential resource for advancing economic growth, innovation and social development. The Government has been working on various initiatives to support the development of the data economy, including setting up a one-stop helpdesk for data centre operators, introducing a new legal framework and policy measures, and promoting collaboration between public sector agencies and the private sector.
A data user is a person who, alone or jointly or in common with other persons, controls the collection, holding, processing or use of personal data. A data user’s obligations are triggered when personal data is collected and include obligations to (a) inform data subjects of the purpose for which the personal data is being collected, and of any anticipated disclosure or transfer; and (b) ensure that the personal data collected is adequate but not excessive for the purposes of its collection, and that the personal data processed is used in accordance with the six DPPs.
In the context of cross-border data flow, it is important to remember that there is no statutory restriction in the PDPO on the export of personal data outside Hong Kong. It therefore looks increasingly likely that section 33 will never be implemented in Hong Kong, despite the advocacy by the PCPD and the fact that increased cross-border data flow is widely seen as an irreplaceable attribute of Hong Kong’s success.
It is becoming increasingly common for a Hong Kong business to be required to carry out a transfer impact assessment in circumstances where it is importing personal data from a data exporter in another jurisdiction, particularly in respect of transfers to the European Economic Area. This involves an analysis of whether or not the legislation and practice of the destination country meets Hong Kong standards, and a determination of whether any supplementary measures are required to be put in place in order to address any adverse impacts on data subjects.
These supplementary measures are not mandatory under Hong Kong law, but are generally recommended to bring the level of protection in line with Hong Kong’s laws and best practice. They can take a variety of forms, including technical measures such as encryption or pseudonymisation; contractual provisions that provide for audit, inspection and reporting, beach notification and compliance support and cooperation; and other practical arrangements to protect the interests of the data subject. For more information on data transfers, please contact the OGCIO’s Data Centre Facilitation Unit.