The government has announced a deal to facilitate the transfer of mainland data to Hong Kong. It hopes that the move will lower compliance costs for companies and allow Hong Kong to build a global data hub. It is also part of the strategy to boost fintech development and bolster the city’s economic growth. The new deal is expected to reduce the amount of time that banks have to spend transferring data between each other. In addition, the deal will allow Hong Kong to use mainland data more easily.
The HKMA will also work with the mainland to develop a data infrastructure that can support financial innovation. The infrastructure will connect banks and sources of commercial data, allowing them to share information more quickly. This will help to create new products and services for consumers. The goal is to make the banking system more efficient and improve financial inclusion in Hong Kong.
HKMA Chief Executive Carrie Lam announced the agreement in a speech. She said that the memorandum will promote Hong Kong’s role as a data hub and enhance the country’s economic development. She added that the memorandum will reduce barriers to cross-border data flows and provide a more level playing field for businesses. The memorandum will also enable a wider range of businesses to access the Chinese market.
In order to comply with PDPO, a person who collects personal data must obtain the voluntary and express consent of the data subject on or before the collection of his personal data. This includes any processing, including data transfer. Data users must ensure that they have a valid PICS and only transfer personal data to classes of persons or for purposes that are included in the PICS. In addition, a data user must notify the data subject of any such transfers or uses before they take place.
A data user’s obligations include compliance with a range of core data protection principles (DPPs). These include the requirement to inform a data subject of the purposes for which his personal data is collected; and to only process personal data for specified, explicit and legitimate purposes. A data user must also obtain the consent of a data subject to transfer his personal data to a third party.
In the PDPO, the term “personal data” refers to information that can identify a natural person. This definition is in line with international norms and has been adopted by other legislative regimes, such as the Personal Information Protection Law in mainland China and the General Data Protection Regulation in the European Economic Area.
The PCPD has clarified that an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. The scope of the definition is broad, ensuring that it covers most of the data collected by data users.