Data hk is an online portal designed to make it easier for individuals in Hong Kong to access, obtain and share their personal data. It was developed by the Hong Kong Privacy Commissioner for Personal Data (“PCPD”) and various public organisations.

The PCPD website offers comprehensive details on its data hk initiative, from how it works and current legislation, to an informative FAQs section covering frequently asked questions (FAQs).

No matter the outcome of the data hk initiative, its success or otherwise depends on individual compliance with new laws. There may be various obstacles preventing people from availing themselves of its services – concerns over costs and implications on business activity as well as time and effort required to meet compliance regulations being among them.

The GDPR defines personal data as any information about an identifiable natural person, with “identifiable” being key here. This can include things such as name; identification number; location data; online identifier and factors specific to an individual’s physical, physiological, genetic, mental economic cultural or social identity.

As such, there will likely be much debate surrounding how this definition will be interpreted within the new law.

Hong Kong’s primary legislation for data processing is the Personal Data Protection Ordinance (PDPO). This law establishes clear rights and obligations for both data subjects and controllers through six data protection principles.

Under the Personal Data Protection Ordinance (“PDPO”), any person who controls the collection, holding, processing or use of personal data in Hong Kong or from outside Hong Kong is considered a “data user.” Under this statute, data users are held liable for breaches committed by agents or contractors acting on their behalf that occur in Hong Kong – regardless of where such processing takes place.

Data users’ obligations under the PDPO include providing notice to individuals before collecting their personal data about its intended uses and possible recipients – an obligation which must be fulfilled through voluntary and express consent from data subjects.

The PDPO requires that any transfer of personal data outside the jurisdiction of its original user take account of all six data protection principles, which means taking any supplementary measures necessary to bring its level of protection up to Hong Kong standards – this may involve technical or contractual measures like encryption, anonymisation or pseudonymisation; additional contractual provisions could impose obligations regarding audit, inspection and reporting as well as beach notification obligations; compliance support/cooperation could also be included among them.