Data Hk – A Case Study in Data Governance and Individual Data Practice
Data hk is a portal to access more than one million open data sets from international, EU and Hong Kong government agencies, national and regional statistical organisations, and public domain sources. It includes the ability to visualize these datasets in line graphs, cross sectional plots and on maps. It also supports the development of innovative applications through an API for accessing data from different sources.
Under current statutory and common law in Hong Kong, only personal data is protected by the Personal Data Protection Ordinance (“PDPO”). Thus, the protection of personal data requires that a person must obtain the voluntary and express consent of the data subject before the person can transfer the personal data outside Hong Kong or use the personal data for a purpose other than those contemplated by the PICS. This step is markedly less onerous than the requirement under GDPR, which requires that a data user notify the data subject of the planned transfer and give them an opportunity to opt-out.
The networked and datafied contentious performances witnessed during the 2019 Hong Kong anti-ELAB movement provide a unique context to reexamine the nexus between data-driven governance and individual data practice during times of contention. While scholars have previously highlighted the dual nature of data as both an object and a weapon in repertoires of political struggle (Flesher Fominaya & Gillan, Citation2017; Bitso et al., Citation2019), this case study demonstrates how two ideologically opposed camps can weaponize data in the same way (doxing) but with different moral justifications.
As part of its efforts to promote the digital economy, the HKSAR government actively promotes personal data flows and encourages departments to share information with private enterprises. It is also exploring ways to facilitate the sharing of research data and nurturing talent in the area of data science. In addition, the government is developing a comprehensive platform for data infrastructure and hastening the transformation of scientific research findings into commercial products.
Padraig Walsh, a partner in the data privacy practice group at Tanner De Witt, provides an overview of data transfers in and out of Hong Kong and their implications for the application of the six step framework published by the European Data Protection Supervisory Authority (“EDPB”).
Under current statutory and common law in Hong Hong SAR, only personal data is protected by the PersonalData Protection Ordinance (“PDPO”). Thus, the protection of personal data requires that the person must obtain the voluntary and express consent of a data subject before the person can transfer the personaldata outside Hong Kong or use the personal data for any other purposes other than those contemplated by the PICS. Furthermore, a data user must notify the data subject of the planned transfer and of the purpose for which it is being used. The notification may be provided in a separate personal information collection statement or as contractual provisions within the main commercial agreement between the data exporter and the data importer.