If you’re a reporter at The Hong Kong Standard, you’ll be familiar with the importance of finding and analyzing data to add hard numbers to anecdotal reporting and uncover trends. You’ll be responsible for pitching and working on your own ideas, as well as collaborating with editors, reporters and other data journalists in your region to handle the data component of larger stories and projects. You’ll also be expected to work with your fellow data journalists across the world on a variety of projects, including research, investigations and large scale special projects.
Data hk is where you’ll find our team’s blogs, insights and resources about all things data – from the technical and legal to the ethical and the political. We aim to share our knowledge and experience in ways that are helpful, informative and accessible to readers – whether you’re a casual observer or an expert in your field. Our topics range from identifying what constitutes personal data to the implications of data transfers, and we cover both legal and policy issues that are relevant to you and your work as a journalist.
As part of our ongoing commitment to improving the way we deal with privacy matters, our team has been looking into how the PDPO currently addresses cross-border data transfer and whether it can be improved. One proposal that has been raised is to expand the definition of personal data so that it only needs to concern an identifiable person, rather than being limited to information relating to an individual. This change would bring Hong Kong into line with global norms and make it easier for businesses to understand how the PDPO applies to them.
However, such a change would not be as straightforward as it sounds. It would require a substantial overhaul of the PDPO and the establishment of a separate regulatory framework for data transfer, which would need to be approved by the legislature. This would have to be done alongside the introduction of new extra-territorial application provisions, which could create significant uncertainty and cost for some businesses.
The statutory prohibition on the transfer of personal data outside Hong Kong is found in section 33 of the PDPO. The PCPD has published two sets of recommended model clauses to address the transfer of personal data between two entities both of which are controlled by a Hong Kong data user; and the transfer of personal data between a Hong Kong entity and a non-Hong Kong entity.
Both sets of recommended model clauses require that the transferring data user undertake not to permit the transferred personal data to be used in a place outside Hong Kong other than places that have been expressly agreed with that transferring data user; and that it will ensure that the transferred personal data is processed only for the purposes stated on or before the original collection of the data, and that such processing is adequate but not excessive for those purposes.