Hong Kong Data Protection Ordinance
Whether it’s a digital supply chain, an international trading exchange or a global data center, our customers are connected to one of the most carrier-dense network hubs in Asia through our Hong Kong colocation facilities. This dense concentration of enterprises, networks and IT service providers creates a vibrant business ecosystem in one of the world’s busiest cities for finance and trade.
The Hong Kong Data Protection Ordinance (“PDPO”) aims to protect personal data by establishing rights of the data subject and specific obligations on the data user. The PDPO is based on six key data protection principles.
In Hong Kong, personal data is defined as information relating to an identifiable natural person. This definition has not changed since the PDPO was first enacted in 1996 and is consistent with the definition in other data privacy laws, such as those in mainland China and the European Union.
The PDPO does not expressly provide for extra-territorial application, but the PDPO applies where a data user controls the entire data processing cycle in or from Hong Kong. The PDPO does not expressly regulate processors or agents of the data user, but the data user is liable for breach of the PDPO by its agents or contractors, regardless of where they are located. Therefore, it is important for the data user to review its contracts with these parties in light of the PDPO’s territorial scope and principles.