Data Hub – Data Protection in Hong Kong
Data hk is a world-leading technology hub where companies connect to a diverse industry ecosystem in one of Asia’s busiest network hubs. Our Hong Kong colocation facilities offer access to a wide range of networks and cloud service providers, enabling customers to expand their digital supply chains into one of the most carrier-dense markets in the region. Our customers also benefit from a close relationship with Equinix’s global sales and account management teams, which can help them develop their business in this market.
Data protection in Hong Kong is regulated by the Personal Data (Privacy) Ordinance, which establishes data subject rights, and specific obligations to data controllers, through six data protection principles. These principles set out the restrictions on collecting, processing, holding and using personal data, as well as the limits on disclosure. The PDPO was first enacted in 1996, and was amended in 2012 and 2021.
The definition of personal data in the PDPO is unchanged from that in other legal regimes, including the General Data Protection Regulation (GDPR) and the Personal Information Protection Law of mainland China. It includes any information identifying an individual, including name; identification number; location data; and online identifiers. This can include any data that relates to the physical, physiological, genetic, mental, economic, cultural or social identity of an individual.
While a large number of jurisdictions now have a version of extra-territorial application for their data privacy laws, this is not the case in Hong Kong. The territorial jurisdiction of the PDPO is restricted to data users with operations controlled in, or from, Hong Kong. This is based on the principle that a data user controls the entire life cycle of personal data (i.e. the collection, processing, holding and use of personal data) to satisfy the PDPO’s requirements.