Data is the raw information from which statistics are created. Statistical analysis of the data can lead to insights, such as trends or patterns that can be used by business managers for decision-making, or by government agencies to formulate policies. Data can be collected from primary sources such as field observations and surveys, or secondary sources like published reports. It is often combined with other data to form more useful and actionable statistics. For example, the results of a customer satisfaction survey can be turned into an analysis report, which can help businesses understand their customers’ needs and identify areas for improvement.
In Hong Kong, the Personal Data (Privacy) Ordinance sets out a number of core obligations for data users. These include DPP1 (purpose of collection) and DPP3 (use of personal data). In addition, the PDPO requires that data users expressly inform a data subject on or before collecting their personal data of the purposes for which the information will be used, as well as the classes of persons to whom the information may be transferred.
This requirement can pose challenges when a business engages a service provider located overseas to process personal data on its behalf, as it must consider whether or not the agreement between the two parties meets the requirements of the PDPO. The PDPO does not contain any express provisions conferring extra-territorial application, so its jurisdiction is determined by the control of the processing of the personal data. This is the correct test, rather than a more narrow test of whether or not the processing occurs in Hong Kong.
Padraig Walsh from Tanner De Witt explores the key considerations for data transfers in this article. He explains how understanding the interpretation of key privacy concepts can reduce risk and promote efficient compliance in cross-border data transfers, both within Hong Kong and between locations around the world.
