The Data Protection (Privacy) Ordinance is the legal and regulatory framework for data protection and privacy in Hong Kong.
The Ordinance governs 'data users', that is, private and public organizations who take part in the collection, processing and use of personal data. The personal data protected by the Ordinance must be data that relates directly or indirectly to an identifiable living individual. Such a living individual is referred as a 'data subject' in the Ordinance. The full text of the Ordinance can be found or downloaded at the website of the Office of Privacy Commissioner at http://www.pco.org.hk/english/ordinance/ordfull.html. In this section of the unit, we will examine the Ordinance in detail and then discuss the role of the Privacy Commissioner for Personal Data.
The objective of the Ordinance is to protect the privacy rights in respect of the personal data of living individuals in Hong Kong. Therefore, it does not cover the data of corporate bodies. The Ordinance follows international standards of data privacy protection and aims to ensure the free flow of information and personal data to Hong Kong from other countries. Many countries that deal with Hong Kong (particularly those from the European Union) have a high level of data protection. If Hong Kong wants to ensure the free flow of information between itself and these trading partners, it is important for Hong Kong to demonstrate through its legislation that it has the same or equal standards of personal data protection.