Data hk is a free online resource that provides access to open data from more than one million international, European and national data sources. This is an invaluable source of information for researchers and businesses who need to gather and analyse information. It contains a variety of open government and business data, including statistics, maps, economic indicators, climate forecasts, industry data, demographics and more.
It is a common practice for a data exporter to carry out a transfer impact assessment before transferring personal data abroad. This is a good measure to ensure that the data exported will be subject to appropriate levels of protection in the destination country. However, it is important to note that this is not a legal requirement under the PDPO.
A transfer impact assessment is a process that involves an evaluation of the risks associated with a specific transfer of personal data from Hong Kong to another jurisdiction. It looks at the underlying grounds for the transfer, the extent to which those reasons are legitimate and whether the sensitivity of the data involved in the transfer is sufficiently considered. In addition, it evaluates the impact on data subjects and the likelihood of adverse consequences arising as a result of the transfer. The result of this evaluation can be used to help data users determine whether the transfer is compliant with the PDPO.
Section 33 of the PDPO requires data users to fulfil a number of obligations in respect of cross-border data transfers. This includes the obligation to expressly inform a data subject on or before collecting his personal data of the purposes for which it will be collected, and of the classes of persons to whom the data may be transferred (DPP1 and DPP3). This must be done by means of a personal information collection statement.
The PCPD has also taken steps to encourage compliance with this provision by providing guidance on the issue and recommended model clauses for use in contracts dealing with data transfers. However, resistance to implementation by the business community has held back progress on this matter.
Regardless of the statutory restriction in Section 33, it is essential to remember that a person can only be considered a data user under the PDPO if he has operations controlling the collection, holding, processing or use of personal data in Hong Kong. Therefore, data users should always keep in mind that their obligations and responsibilities in respect of transfers of personal data abroad are not limited to compliance with the PDPO. Instead, they must take into account best practices and ethical standards in respect of their governance of global information transfers. In particular, they should consider the implications of their governance structures on the statutory restrictions and safeguards that exist under the PDPO.