Data HK and the PDPO

In the digital age, information is the new currency. However, the collection and use of personal data is not without its risks. Data hk aims to balance the protection of personal data with the free flow of information and the promotion of economic development. This is a challenging task, but one that has the potential to benefit all stakeholders.

The PDPO defines the term “data user” to include any person who controls the collection, holding, processing or use of personal data within Hong Kong. It is intended to be a broad definition, but it has some limitations, which are not explicitly addressed by the text. The PDPO also contains provisions for the regulation of cross-border transfers of personal data. It prohibits the transfer of personal data outside Hong Kong, unless certain conditions are met.

This means that a data user may not transfer personal data outside Hong Kong, unless the data subject is notified of the purposes for which his or her personal data will be used and of the classes of persons to whom it will be transferred. This notification must be made on or before the original collection of the data.

It is therefore essential that data users comply with these provisions. Failure to do so can have serious consequences. For example, the PDPO provides for substantial fines in the event of a breach, and in some cases the transfer of personal data may be prohibited altogether.

The PDPO also allows a data subject to request access to personal data held by the data user, and to request rectification or deletion of such data. In some circumstances, the data user is obliged to provide this information within 30 days of the request. This is a crucial provision in the PDPO, and it will help ensure that personal data are not misused or lost.