Data is becoming an ever-increasingly valuable commodity, raising many issues concerning its usage – such as privacy and security concerns as well as economic and social effects. At Data hk we aim to address these concerns while highlighting best practices.

Hong Kong Special Administrative Region (HK SAR) is renowned as an industry leader when it comes to data protection. Recognized as an ideal environment for international data flows by the International Privacy Commission, HK SAR boasts several enabling laws and policies designed to maintain its status as an incubator of technology that revolutionises our lives.

This commitment can be seen most visibly in Hong Kong SAR’s commitment to an expansive and flexible legislative framework that encompasses six data protection principles as a cornerstone for its continued growth as an internationally trusted data centre location.

Noteworthy is the PDPO’s lack of any restrictions on personal data transfers outside the Hong Kong SAR, unlike many other jurisdictions worldwide. While this may appear out of step with current trends in privacy regulation, its absence could actually become an advantage for Hong Kong in the long run.

One reason is Hong Kong’s definition of personal data has not been amended since its implementation in 1996 – in contrast with current definitions used by other legal regimes like mainland China’s Personal Information Protection Law or EU GDPR which govern personal data.

In Hong Kong SAR, “personal data” covers information that can be used to identify an individual. This encompasses data commonly collected such as names, contact details, company logos and photographs as well as identification numbers – in addition to online activity data such as what individuals search for when browsing websites.

Therefore, it is likely that much of the data in Hong Kong SAR falls within this category, creating significant difficulties for businesses collecting data as well as those involved with cross-border data transfer agreements.

Future legislation may follow an approach similar to that taken in the European Economic Area (EEA), in which personal data definition is more stringent and tightly controlled, including requirements that all identifiable personal data be subject to express consent before being transferred outside. If implemented here in Hong Kong, such changes would bring major improvements to data protection while increasing compliance costs for businesses using personal data as well as making it more difficult for users to claim exemption from PDPO provisions regarding transfers abroad.