Data hk is a free and open resource developed by the Hong Kong government that allows access to over one million open datasets from international, EU, national, regional, and local data portals. The data can be explored in various formats, including line graphs, cross sectional plots, and maps.
As a global business hub, Hong Kong has long been at the forefront of new technologies and an important contributor to the economic well-being of the region. As such, increased cross-border data flow is considered an essential component to the city’s success. However, there are risks to this approach that need to be carefully weighed. This is especially true where personal data is transferred to jurisdictions that do not have adequate data protection laws in place.
At a high level, the PDPO (Data Protection Policy Ordinance) sets out a series of statutory obligations that must be fulfilled by data users. These include compliance with the six core data protection principles and the requirement to implement arrangements that ensure that personal data transferred to other data users or to data processors, whether within or outside Hong Kong, is protected against unauthorised or accidental access, processing, erasure, loss or use.
In addition, the PDPO requires data users to comply with a series of other stipulations when collecting and using personal data. These include the obligation to inform data subjects of the classes of persons to whom personal data may be transferred, unless expressly excluded by law. This is usually fulfilled by providing a Personal Information Collection Statement to the data subject prior to the collection of personal data.
The PDPO also includes the requirement to verify that there is a legal basis for the transfer of personal data before commencing the transfer. This is a less onerous step in Hong Kong than would be required under GDPR, and it helps to ensure that the PDPO is being fully implemented.
Another aspect of the PDPO that is less onerous than under GDPR is the requirement to obtain the prescribed consent of the data subject for any change in the purpose for which personal data has been collected. This is a requirement that is likely to become even more relevant as the volume of cross-border transfers increases.
The PCPD (Hong Kong Privacy Commissioner for Personal Data) has published two sets of recommended model contractual clauses to cater for two scenarios. The first set of recommendations addresses the transfer of personal data from a Hong Kong entity to a third country; the second addresses the transfer of personal data between entities both of which are located in Hong Kong, where the transferring entity is controlled by a person in another jurisdiction. These models are designed to take into account the requirements of the PDPO and its DPPs. In particular, the provisions require that data importers undertake a transfer impact assessment and identify and adopt any supplementary measures to bring the level of protection in the importing jurisdiction up to that in Hong Kong.