Hong Kong’s New Data Protection Office
Hong Kong is set to establish a new office to draw up digital policies to boost the city’s digital economy and advance smart-city initiatives. This move comes as a result of the city’s rising need to harness technology and data to drive productivity, which is considered an indispensable factor in pushing Hong Kong’s economy toward high-quality development.
The office will focus on setting up the right framework for digital policy, including clear guidelines to govern the use of data. In addition, the office will also seek to create a new regulatory regime that can respond to rapid changes in technology development. It will also strive to build a vibrant ecosystem for the exchange of ideas and best practices on leveraging data.
According to the Hong Kong Special Administrative Region’s Personal Data Protection Ordinance (PDPO), which was enacted in 1996 and significantly amended in 2012 and 2021, data privacy is primarily governed by six core principles. These include establishing data subject rights, specific obligations to data controllers, and regulating the collection, processing, storage, and disclosure of personal data.
The PDPO also stipulates that personal data must be collected for a lawful purpose, and that the collection of personal data should be adequate but not excessive in relation to its purpose. Moreover, it must be retained for no longer than necessary for the purposes of its processing. The law also prohibits unauthorized access, modification, erasure, loss, or disclosure of personal data, and prohibits the dissemination of personal information without consent. It also requires data users to take reasonable security measures to protect personal data from unauthorised or accidental access, processing, erasure, modification, loss, or disclosure. Data transfers are a common business practice, but it is important to understand the implications of these regulations.