Data hk is a portal to various resources, reports and statistics on businesses, economies and consumers worldwide. Users can access free publications on trends, markets and developments as well as a fee-based service to download detailed reports and statistics. It aggregates statistics from market research organisations, businesses and governments.
While the free publication section provides interesting and informative statistics, the paid services are worth a look for businesses seeking to identify key trends, markets and opportunities. These reports and statistics are available by business sector, country or region, with the latest figures aggregating to give a global view of the industry.
The definition of personal data in Hong Kong is broadly similar to that used in other international data privacy regimes such as the PDPO that applies in mainland China and the GDPR that applies across Europe. It includes information relating to an identifiable person (DPP 1(1)).
Under the PDPO, personal data may only be collected for specified purposes (DPP 1) and can only be used for those purposes as expressly stated in the PICS issued to the data subject on or before the collection of their personal data (DPP 3). This principle does not prohibit the use of personal data that has already been collected for a new purpose but it requires the voluntary and express consent of the data subjects to change its original purpose.
Section 33 was intended to impose a statutory restriction on the transfer of personal data outside Hong Kong, but implementation has never been carried out due to other priorities. As increased cross-border data flow is a cornerstone of Hong Kong’s economic success, it seems likely that the need for an efficient and reliable means to transfer personal data with mainland China and internationally will drive changes in this area.
In the meantime, a data exporter that wishes to transfer personal data to another jurisdiction should first consider the impact of doing so on its own data subjects and the underlying purpose(s) for which it is collecting their personal data. It is also advisable to review the PCPD’s recommended model contractual clauses which are designed to protect personal data when transferred between entities in different countries.
The model clauses require the data exporter to implement supplementary measures if there is an adverse impact on the protection of personal data. In some cases, a data exporter may be able to continue the transfer without implementing supplementary measures if it is able to demonstrate and document that the data importer has taken reasonable steps to protect the personal data transferred. In other cases, it may be necessary to suspend the transfer or take immediate supplementary measures. In any event, the data exporter must keep proper records of all efforts made to fulfil its obligations under the PDPO and the model clauses. If it fails to do so, the PDPO may impose substantial fines on it. Moreover, the data exporter will be liable to the data subjects for any loss or damage suffered by them as a result of the non-compliance with the PDPO and the model clauses.