Data HK – How Personal Data is Protected in Hong Kong

Data hk provides reports, statistics and forecasts on industries, economies and consumers around the world. Browse by industry or region, or use the search box to find articles, podcasts and more. Fees apply for access to detailed data.

The law governing data protection in Hong Kong is the Personal Data Protection Ordinance (PDPO), which established the basic rights of data subjects and specific obligations on data controllers. The law, which was first implemented in 1996 and amended in 2012 and 2021, also regulates the collection, processing and usage of personal data through six data protection principles.

One of the key elements of the PDPO is that personal data must only be collected for a specified purpose and not used for other purposes without the consent of the data subject, or with the explicit permission of the Data Protection Commissioner. It also stipulates that personal data should be adequate but not excessive in relation to the purpose for which it is collected.

While it may seem obvious that the PDPO is designed to prevent the misuse of personal information, the law is not always clear on how to interpret some of its provisions. For example, some people believe that if an individual’s name and HKID number appear on the public domain, the information must be considered as part of the common pool and therefore cannot be restricted from being used for other purposes. However, the PDPO requires that an individual’s name and HKID data should not be publicly displayed together and that a person’s name and HKID data should only be disclosed to those with a legitimate need to know it.

Other data experts disagree with this interpretation, saying that while a person’s name and HKID number can be considered to be “personal data” under the PDPO, it should not be interpreted as being part of the common pool of personal data because they are only required to be collected for the purposes for which they are intended.

Despite the controversy over how to interpret some of the PDPO’s provisions, it is evident that authorities in Hong Kong are using data from social media platforms to investigate a wide variety of crimes. According to transparency reports from Apple, Google and Facebook, the three companies received hundreds of requests for data on users in Hong Kong between July 2019 and June 2020, with most of the requests granted until the enactment of the national security law caused the tech giants to stop cooperating. It is not clear from the reports whether the data was content or non-content data, but the companies said they would notify their customers about government requests unless explicitly banned from doing so under local law or if notification could risk causing injury or death to an identifiable individual or endanger children.

The spokesman for Google Hong Kong, which did not reply to a request from HKFP, said that it would continue to seek the cooperation of technology providers outside the United States for investigations in Hong Kong through diplomatic procedures if needed.

Posted in: Gambling Blog