Data hk is becoming increasingly important to society as it allows us to better understand the world around us. This information can be used to improve services, make informed decisions and ensure that people are treated fairly. It is therefore crucial to protect this data. This is particularly true when it is transferred across borders. When this happens, it is necessary to carry out a transfer impact assessment. This is a thorough review of both the destination and exporting jurisdiction’s laws, practices and national security issues that could impact the protection of personal data during a transfer. This information can help companies determine if a particular transfer is appropriate.
The first step in this process is to establish whether or not the person transferring the data is a “data user”. This is defined by reference to control over the collection, holding, processing and use of personal data. It is important to note that the definition of personal data in Hong Kong differs from that used in many other legal regimes. In Hong Kong, personal data refers to “information relating to an identifiable individual”, which is a narrower pool of information than is used in other jurisdictions. This can lead to some surprising applications. For example, a photograph of a crowd at a concert would not be considered to be the collection of personal data under Hong Kong law as long as it is not taken with the intention of identifying individuals (despite the fact that specific individuals can be clearly identified). This principle can also apply to CCTV recordings of persons entering car parks and logs of persons attending meetings.
Once the data exporter has established that it is a data user, the next step in the process is to identify the purpose for which the personal data is being transferred. This should be documented in a PICS, which should also include an indication of the level of protection available in the destination country. In the event that the assessment reveals that the level of protection is inadequate, the data exporter must take steps to mitigate the adverse effect on data subjects’ privacy by implementing adequate supplementary measures. This may involve technical or contractual measures.
The recent protests in Hong Kong provide a valuable case study for considering the position of data as both weapon and object. The protests have reaffirmed the importance of data practices in social movement repertoires and led to new forms of mobilization/conflict (Flesher Fominaya & Gillan, Citation2019). The doxing that occurred during the protests highlights the different moral justifications for this practice. This raises the question of how we might further rethink the relationship between data as weapon and data as object. This is especially important given the increasing convergence of these two components, and the ways in which they are perceived by the public. This is a key point for future research and policy development. This article will explore the complexities of this issue and consider what might be done to address it.