Data hk is one of the world’s premier global financial centers and connectivity hubs, boasting some of the world’s leading global financial centres as well as world-class AI deployment infrastructure. Equinix’s multiple locations in Hong Kong form an interconnected campus where customers can deploy geographically distributed high-availability deployments with high availability requirements. We provide direct connections to leading cloud providers as well as liquid cooling infrastructure for AI deployments allowing our data centers in Hong Kong help your digital infrastructure presence in one of Asia’s premier business hubs.
Hong Kong provides a more straightforward definition of personal data than many other jurisdictions do, according to its Personal Data Protection Ordinance (“PDPO”). Under this definition, personal data refers to information pertaining to an identifiable or identifiable individual, such as their name, address, telephone number, email address, occupation details, credit or bank account numbers and any other details which could identify an individual.
Personal data managers in Hong Kong must fulfil six core obligations that form the core of privacy law, such as being transparent about how personal data will be used (DPP1) and notifying individuals of specific purposes for which personal data was collected (DPP3). There are also restrictions on the way personal data may be transferred outside Hong Kong (DPP6 and DPP7).
Notably, any entity which breaches these obligations and breaks the law could face penalties of up to HK$500,000. Enforcing these provisions remains a top priority for the PDPO Commissioner; investigation and prosecution of direct marketing practices continue to be one of their key areas of focus, although this should become less of an emphasis in 2022.
As for what constitutes personal data, several other data privacy regimes have included an element of extraterritorial application in their definition of the concept; unfortunately, however, no such provision has been included within PDPO.
Concerns have been expressed that the current interpretation of personal data under the PDPO leaves companies vulnerable to abuse when collecting, storing and processing personal information that can help predict an individual’s behaviour. As an example, personal data that appears on staff cards containing an individual’s name, company name, photograph and employee number might constitute personal information that violates PDPO regulations. At this juncture, it would be prudent to consider adopting a stricter definition of personal data that conforms with international norms and best practice. Doing so would provide individuals with greater protection while simultaneously improving compliance measures among businesses who handle personal data.