Hong Kong () is the former British crown colony and current Special Administrative Region of the People’s Republic of China, serving as an international financial center and one of the world’s densest carrier-dense data centers. Additionally, HK hosts regional Internet exchanges as well as being an emerging market for cloud services.
Equinix data centers in Hong Kong offer convenient access to dense clusters of enterprises, networks and IT service providers who help companies effortlessly enter or leave Asia’s most significant economic hub.
Our data centers are located within a secure, highly connected and carrier-dense network infrastructure that makes them the perfect option for enterprises looking to enter China’s dynamic economy, growing consumer base and strong regulatory environment. In these facilities we offer data storage and interconnection solutions – including our global exchange platform: Equinix Marketplace.
Hong Kong’s Personal Data Protection Ordinance (PDPO) requires data users to create a clear personal information retention policy, setting forth how long personal data may be kept for. The policy must then be made available to data subjects for their consent before processing occurs. This requirement has been at the core of Hong Kong’s PDPO since its inception and is consistent with international norms.
Changes are proposed that would significantly expand the definition of personal data, altering its scope and alter its scope significantly. At present, the Personal Data Protection Order defines personal data as any information related to an identifiable individual – this definition dates back to 1996 and aligns with similar legislative regimes such as China’s Personal Information Protection Law or European Economic Area General Data Protection Regulation.
The broad definition would encompass more expansively, and could include data such as name, identification number, location information or factors related to physical, physiological, genetic, mental, economic cultural or social identity of an individual. As such, this proposed change could have an enormously consequential effect on how data is utilized in Hong Kong – particularly data transfers as a form of processing personal information. As such, organizations using data in Hong Kong should carefully consider this change and plan accordingly. With the newly defined personal data requiring stricter safeguards during transfers of personal information. Data users should create and implement a plan to safeguard personal information against breaches, and be prepared to respond immediately if any are detected. Plan should include an intricate process for responding to inquiries from data subjects regarding how their personal data is being used and tested against an appropriate risk-based framework to determine if its protection of interests of data subject is sufficient.