Data hk is information that relates to an identifiable natural person. It includes information such as a name; identification number; location data; online identifier; or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. The definition of personal data has not been updated since the PDPO was first enacted in 1996 and is not as broad as that of other legislation, such as the GDPR in the European Union. However, a change has been mooted to expand the current definition to include information that is reasonably capable of identifying an individual. This would be a significant expansion and would increase compliance measures for businesses that use data-related technologies to learn about individuals’ behaviour or process information that will have an impact on them.
The PDPO requires that personal data be processed fairly and lawfully, and that the rights of the data subject are respected. This is a key principle and there are a number of guiding principles to support the implementation of this principle in practice. One of the most important is to provide the data subject with clear and concise information about the purpose for which his or her personal data will be processed and, in most cases, the identity of the data user.
Providing this information will enable the data subject to make informed decisions when deciding whether to consent to the processing of his or her personal data. The data subject should also be given the opportunity to withdraw his or her consent at any time. This may be difficult if the data is used for multiple purposes and the individual does not have an easy way of knowing which services are affected by the withdrawal of consent.
Another key principle is that data should be transferred only where necessary to achieve a legitimate purpose. This is a requirement that applies to both domestic and international transfers of data. This will reduce business risk and promote efficient compliance with data transfer regulations.
Tanner De Witt’s Hong Kong Data Privacy team is well-placed to advise on these issues. The team has extensive experience in the application of the PDPO and a deep understanding of the data protection law in Hong Kong and around the world. Padraig Walsh from the group leads the team and is available to discuss any queries or concerns that you might have.
The team’s expertise covers all areas of personal data processing including, but not limited to, the provision of best-in-class technical solutions focused on resiliency. The team’s expertise is supported by the provision of a fully redundant, secure and scalable infrastructure with high power densities. This supports a variety of deployment models from a single point of presence to a multi-megawatt data centre solution. The team works closely with global technology partners to deliver best-in-class technical solutions with a focus on the delivery of resiliency and security.