HK is one of the most carrier-dense network hubs in Asia. Equinix provides colocation services in Hong Kong, allowing customers to build a direct connection into this rich industry ecosystem. Our data centers also provide a variety of connectivity options for customers, including direct connections to leading cloud service providers.
The key issue in a data transfer is whether the transferred personal data constitutes “personal data” within the meaning of the PDPO. The PDPO defines personal data as data relating directly or indirectly to an individual, and from which it is practicable for the individual to be identified. This is a wide definition, which can include information such as name; identification number; location data; online identifier; and factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
If the transferred data does not meet this definition, then it will not be subject to the PDPO. However, this can be a grey area and it is important to consider all of the implications carefully. This is particularly the case in relation to international transfers of personal data, where it may be necessary to consider whether the PDPO applies at all.
In addition, it is important to consider whether the PDPO’s provisions on consent and disclosure apply to the transfer of personal data overseas. These require a person to expressly inform a data subject, on or before collecting his personal data, of the purposes for which his personal data will be used and the classes of persons to whom his personal data may be transferred. This can be difficult to do in practice, given the volume of personal data that is collected and processed by organizations.
In addition, the PDPO requires organisations to keep detailed records of their use of personal data. This includes a record of the purpose for which the data was collected, the categories of persons to whom the data will be transferred, and the processing steps taken. It also requires organisations to keep a record of any disclosure of personal data, including to a third party. This is a significant additional requirement, which may have a considerable impact on the way organisations operate their business processes. This is particularly the case where it may be necessary to share personal data with third parties to carry out their normal business activities. For example, it may be necessary to share customer or employee data with suppliers, contractors and service providers. This data can be extremely sensitive and the potential impact on the organisation’s reputation should not be underestimated.