Regulation of Cross-Border Data Transfers

When Hong Kong was at the crest of the wave of modern data privacy laws in 1995, regulation of cross-border data transfers was a key element. This was reflected in the fact that the PDPO contains a provision (section 33) which prohibits the transfer of personal data outside Hong Kong unless certain conditions are fulfilled. This provision was intended to be a means of ensuring that personal data transferred outside of Hong Kong is given a similar level of protection as provided under the PDPO. However, resistance from the business community to implementation of this policy objective was significant, mainly on the basis that the burden of compliance would be onerous and not necessarily conducive to the operation of the business.

In addition, there was also a perception that section 33 did not actually accomplish its objectives. In particular, a transfer impact assessment would be required in some circumstances regardless of whether or not the transfer was subject to PDPO provisions. This was largely because the PDPO recognises that a data user may be responsible and liable for acts carried out by their agents, including those operating outside Hong Kong, and therefore it is important that such an assessment be performed.

Despite the above concerns, there is still a need to regulate cross-border data transfers, particularly as Hong Kong’s economic and business activities increasingly take place across jurisdictions. This is mainly because cross-border data flows provide access to the broader international market, which can be advantageous for businesses operating in Hong Kong.

As a result, the Government and the PCPD are re-examining how best to implement the provisions of section 33 of the PDPO. As part of this, they are reviewing the latest global regulatory framework on cross-border/boundary data flow and exploring ways forward which best suit local circumstances in Hong Kong.

In the meantime, it is also worth bearing in mind that a transfer impact assessment does not necessarily have to be conducted for all data transfers. This is because the PDPO defines “personal data” to mean any information relating to an identified or identifiable person. So, if the data being transferred does not relate to an individual, obligations under the PDPO do not apply.

Togel hk pools data hongkong merupakan salah satu tempat yang sah dan akurat yang bisa dijadikan oleh semua para member togel hk. Dengan bermain taruhan togel hk, para member wajib mengetahui hasil keluaran togel hongkong hari ini secara lengkap dan tersedia. Setelah hasil terbaru togel hongkong tersimpan dalam data hk pools para member mungkin bisa mengetahui jumlah hasil undian togel hongkong yang diberikan oleh hongkong pools data hongkong.