Day: April 11, 2025

Data hk provides users with easy access to a wealth of open data available in Hong Kong. Users have access to over one million open datasets from international, EU, national and regional portals as well as exclusive Hong Kong data sets – making this platform ideal for research and innovation.

To facilitate cross-boundary services development by Mainland businesses, Hong Kong’s Innovation, Technology and Industry Bureau (“ITIB”) has unveiled the GBA Standard Contract as part of their cross-boundary initiative. This contract facilitates service provision between consumers in both Hong Kong and Mainland China while streamlining compliance arrangements between enterprises. This move reinforces Hong Kong as an innovation hub while supporting growth of digital economies on both sides.

Before using the GBA Standard Contract, however, businesses must first determine if they qualify as data users under PDPO. A key consideration here is control; data users are defined based on operations relating to collection, holding, processing or use of personal data collected, held or processed within Hong Kong or from there; with some exceptions; for instance if non-personal data transfers occur then data user obligations do not apply under PDPO.

The PDPO defines “personal data” as any information relating to an identified or identifiable natural person, and has not changed since its first enactment in 1996. This definition aligns with that found elsewhere such as in China’s Personal Information Protection Law and EU’s GDPR regulations.

Data users must notify data subjects at or before collecting their personal data of its intended uses and any third-party recipients it will be shared with. Under PDPO rules, they must obtain explicit consent before sharing this data for non-PICs purposes.

Data users must ensure their agents and contractors adhere to the requirements of the PDPO, specifically DPP2 (Responsibilities of a Data User) and DPP3 (Personal Data Security). They should take reasonable measures to ensure no breach by agents or contractors occurs and are held liable if such breaches do occur.

Padraig Walsh from Tanner De Witt’s Data Privacy practice group leads you through a checklist for any personal data transfer between organisations. This includes issues like determining who should be the data controller, establishing legal basis for transfer, complying with PDPO requirements for contract signing with data exporter and meeting other compliance obligations. His advice can help anyone involved with personal data transfers within Hong Kong or outward to other locations.