Data HK and China Privacy Laws

Data hk is an established network hub with an abundance of businesses, networks and IT service providers gathered within its walls. It offers a secure yet high-performance platform to connect and scale business applications quickly while giving access to multiple cloud service providers and enterprises.

Data transfer between Hong Kong and mainland China has become an everyday occurrence and will likely only become more frequent as economic and social integration between these regions continues to advance. Cross-border data transfers must take into account differing levels of privacy protection across jurisdictions when making transfers between these regions.

Multiple global data privacy laws offer some extraterritorial application, with Hong Kong’s Personal Data Protection Ordinance (PDPO) offering one such example. However, its jurisdiction only extends to persons responsible for collecting, holding, processing or using personal data originating in or from Hong Kong – this represents a more stringent test than many other jurisdictions that use broad definitions of personal data to apply their laws across a broader array of activities.

Without express authorisation to transfer personal data abroad, a data user will need to satisfy themselves that his proposed transfer is lawful according to PDPO. He should consider whether his proposed transfer falls under one of the classes of data processing permitted under PDPO (which are based on original purposes of collection), and if new purposes require consent of data subject.

Data users must also ensure they have contractual arrangements in place which comply with PDPO when sending personal data overseas, either as separate agreements, schedules to an existing commercial agreement or contractual provisions within one. The PCPD has published recommended model clauses specifically intended to meet this goal.

These models can be tailored to take into account any unique transfer circumstances without diminishing substantive protections afforded by PDPO, without diminishing substantive protections provided. A data user must remember that agreeing to standard contractual clauses prepared by an EEA data exporter and giving up control over processing their personal data may result in no legal power for enforcement in Hong Kong courts against that data exporter, creating significant practical disadvantages; alternatively they should seek legal advice regarding protections available under other data privacy legislation in their destination jurisdiction.

Comments are closed, but trackbacks and pingbacks are open.