When you travel to Hong Kong, a local data plan is a must. Without it, you will struggle to stay connected when ordering a taxi, using Google Maps, checking social media and online banking, or navigating the city’s crowded streets. If you want to make the most of your trip, we suggest choosing a 3G or 5G SIM card from one of the many mobile providers in the city. It will be a lot cheaper than using a roaming service and will allow you to keep up with all of the latest developments in the world of data hk.
A recurring topic in the news is how cross-border data flows impact privacy in Hong Kong. The Hong Kong Privacy Commissioner for Personal Data (“PCPD”) has recently released two sets of recommended model contractual clauses designed to facilitate such transfers by ensuring that they comply with the six data protection principles (“DPPs”) set out in the PDPO.
The PCPD’s discussion paper also explores a potential change to the definition of “personal data” in the PDPO. Currently, personal data means information that concerns an identifiable person. The mooted change would extend that definition to include data which, although it does not necessarily concern an identifiable person, is likely to have a significant effect on that person. This may seem like a small change, but it would have a significant impact on the types of activities which fall within the scope of the PDPO’s DPPs.
Increased cross-border data flow was one of the key drivers behind the introduction of section 33 of the PDPO back in 1995. Originally, the purpose of this provision was to prohibit a transfer of personal data outside Hong Kong unless certain conditions were fulfilled. However, the PCPD has moved away from a firm commitment to implementing this provision due to concerns from the business community about its perceived adverse impacts on their operations and the difficulty of achieving compliance.
Another area of consideration is the need for data users to formulate a clear data retention policy and to expressly inform data subjects of the duration of their personal data, as well as how that data will be retained and processed by businesses. While the PCPD has not indicated that it will impose a mandatory uniform data retention period, the fact that it is reviewing this issue at all shows that there remains a strong interest in regulating such transfers.