Data hk is an information portal that aggregates open government data from local, regional and international resources. Users can browse and analyze an abundance of public data sets in different formats – line graphs, cross sectional plots and maps among them – in an easily navigable interface. Furthermore, an interactive map displays where various public datasets reside within Hong Kong.

Government departments and agencies, as well as independent data providers, have made available an abundance of datasets related to public health statistics, economic information and environmental protection. You can access these on their respective websites.

Some datasets can be downloaded free of charge while others require payment; they may be used for research and development or commercial purposes, with those downloading adhering to any specific terms and conditions laid down by each agency.

Current projects underway to modernise data protection laws in Hong Kong include creating a new privacy code and tighter enforcement measures, but businesses should understand their obligations under the existing framework, which may differ from that found elsewhere.

While other data privacy regimes include extraterritorial application provisions, this isn’t the case in Hong Kong; their Personal Data Protection Ordinance only extends its jurisdiction over those operating from or controlled from within Hong Kong.

An important distinction to note between Hong Kong and Europe relates to their definition of personal data, which varies significantly. While GDPR broadly defines personal data as information that identifies or can identify natural persons, Hong Kong limits it more tightly – potentially subjecting data transfers out of Hong Kong to stricter compliance arrangements even if that data doesn’t identify an identifiable individual.

Therefore, businesses must ensure they understand whether a particular activity will trigger the PDPO and its six Data Protection Principles (DPPs), including whether a PICS is needed (DPP 1) and informing subjects on or prior to collection about how their data will be used and any proposed transfers (DPP 3).

One issue that can arise is the requirement to provide a list of classes of people to whom personal data may be transferred (DPP 6), which may be more stringent in some jurisdictions.

Finally, the PCPD has provided model contractual clauses which aim to reduce the risk of data transfer between entities that do not abide by PDPO and DPPs; these can be found here and here. While the PCPD will not conduct audits to verify if model clauses have been implemented properly for transferred personal data transfers, data exporters should carefully examine their PICS documents to ensure that their transfer meets its obligations under PDPO.