Hong Kong is one of the most important global financial centers. It is a special administrative region that maintains a separate political and economic system from China. It is also a major interconnection hub for digital services.
Personal data is regulated in Hong Kong under the Privacy Ordinance (the “PDPO”). The PDPO was enacted in 2012 and covers all aspects of personal data privacy including, but not limited to, collection, storage, processing and use.
There are many things you need to know about the PDPO, such as what are the requirements for collection of personal data in Hong Kong, and how you can protect yourself from infringements of the law. Among other things, the PDPO requires that your personal data is collected by means which are lawful and fair in the circumstances. It also requires that the data subject has given his or her consent to the use of that data for certain purposes.
When you provide personal data through GovHK on a voluntary basis, the Government will specify its intended usage and use of your data and advise you how you can make a request for access or correction of the personal data provided. You may also be asked to agree to the transfer of your personal data outside Hong Kong where the data is used by a third party.
You should consider whether the third party transferring your data to you is a data controller or a data processor under the PDPO. If they are, you should ensure that they have a lawful and effective privacy framework in place. If they are not, you should seek legal advice from a specialist in Hong Kong before providing any personal data to them.
If you are a data controller, you should ensure that the data you are collecting is relevant and accurate. This is especially true if you are a financial institution or an online gambling platform. You should also consider the level of security and encryption your system uses. If your data is being transferred to a remote location, you should consider whether your network infrastructure provides sufficient protection.
Data processing is the process of storing, recording, retrieving, modifying or deleting personal data. This includes processing such data on the basis of your consent or for other lawful purposes. Typically, personal data is stored on computer databases, but it can also be recorded or retrieved from paper records.
The main purpose for which the data is used is to offer you a service or product that meets your specific needs. This can be through an online or offline form, a telephone call, a physical visit or a social media interaction. You can also receive news and information about products or services that you are interested in, but this should be done in accordance with the data privacy rules of the governing jurisdiction.
You have a right to object to the use of your personal data for direct marketing purposes. This is usually achieved through a written request to the data user. Alternatively, you can submit a complaint to the Privacy Commissioner in Hong Kong.