No matter whether you are planning on transferring data to or from Hong Kong for personal or professional reasons, or an organization which relies upon cross-border data transfer for business reasons, it is vital to fully comprehend all legal provisions that pertain. Though Hong Kong privacy law does not impose restrictions on transfers outside its jurisdiction, there are important protections available which can help facilitate such cross-border data transfers to and from the city.
Step one in complying with the PDPO is determining whether the personal data being transferred falls under its purview, which involves considering who collects this information – “data user” under this statute being defined as any person or group who independently or jointly or collectively controls collection, holding, processing and use of personal data (similarly defined under other privacy laws such as mainland China’s Personal Information Protection and Protection Law (PIPL) and EU GDPR).
Once someone is identified as a data user, there are certain statutory obligations he or she must fulfill, including maintaining a Personal Information Compliance Statement (“PICS”). He or she cannot transfer personal data without first consulting their PICS; use any data subject’s personal data other than for purposes specified there without receiving prior and explicit consent – this means any contract that entails personal data transfer must abide by these requirements.
Preparing contracts involving the transfer of personal data requires extensive guidance. This is available from both the PCPD’s guidelines on contractual arrangements for cross-border personal data transfers, and its recommended model clauses designed to easily accommodate commercial agreements between data users while still protecting substantively.
Data exporters should take note of what additional measures may be necessary in the foreign jurisdiction to bring up to Hong Kong standards, whether these be technical measures such as encryption or pseudonymisation or contractual provisions covering audit and inspection, beach notification and compliance support and cooperation.
Equinix provides a secure and reliable platform to interconnect data centers and networks in Asia, including Hong Kong data centers located nearby customers and data. Our Hong Kong data centers can connect your customers directly to multiple cloud service providers and networks for on-demand access. Whether your needs involve connecting to Tier-1 datacenters, global cloud providers, local partners or both – Equinix experts are always on hand to discuss options that meet performance and security goals and find optimal solutions that fit. Contact us now so we can begin speaking!