In the world of information, data is an important asset. It can take the form of facts, numbers or descriptions about our environment, people and things. It is used by scientists who conduct research or analysis and produce charts, graphs or tables that allow us to understand the nature of our world and its changes over time. Data is also useful in the decision-making process – whether by business, governments or individuals. The use of data has also helped to develop technologies such as the internet, mobile phones and social media platforms that connect us to each other across distances.
Data is also vital in business and the economy – but there are some concerns about the extent to which it can be collected and used. Privacy concerns are one of them. Other concerns are about the quality and accuracy of the data that is available, the ways in which it is stored and the security arrangements that are in place to protect the data.
The Hong Kong data hk is a key business hub that offers many advantages, including being able to connect into a global network of businesses and service providers. It is a top choice for international companies that want to scale up their digital supply chains or tap into the growing Asian market. Its carrier-dense data centers offer a diverse set of interconnection opportunities.
Several data protection regimes include provisions that confer extra-territorial jurisdiction. But not in the case of Hong Kong’s Personal Data Protection Ordinance (“PDPO”). The PDPO’s territorial jurisdiction extends only to those persons who have operations controlling collection, holding, processing and use of personal data in or from Hong Kong.
It is therefore important to consider this question carefully when transferring personal data. Depending on the answer, there may be a requirement to provide a PICS and/or issues in respect of data transfer may not arise.
A few weeks after the enactment of the new law, Google and several other US tech firms — including Facebook and Apple — said they would pause handling requests for user information from Hong Kong authorities while reviewing the law. According to the transparency reports published by these firms, they complied with three of the 43 requests received by them from Hong Kong authorities in the second half of last year.
The next step is to examine whether the personal data in question is actually personal data. This includes identifying the identifiers of the data and considering the impact on individuals if these identifiers are revealed, for example by using them to identify or contact a natural person. If personal data is being transferred, the PDPO’s six core data obligations will be triggered. It is therefore advisable to consult the guidance of the data commissioner and take into account any recommendations or model clauses provided. Padraig Walsh, Partner, Data Privacy practice group, Tanner De Witt.