PCPD News

私隱專員公署通訊

•

Issue no. 29

20

PCPD in Action

公署動態

Mark Your Diary

活動日誌

Resources Updates

資源快訊

Statistics

統計

Glossary

詞彙

Technology Updates

科技新知

加緊規管個人資料的跨境轉移

Push for Regulation on the Transfer of Personal Data

Outside Hong Kong

私隱條例第

33

條對轉移個人資料至香

港以外地區的安排具非常嚴謹和全面的

規管。該條文明確禁止持有資料的資料

使用者把個人資料轉移至香港以外的地

區，除非符合指定的條件，例如：

(1)

該地區是在專員制訂的「白名單」內，

即這些地區實施的有關個人資料保

障的法律，與本港私隱條例大體上

相似，或其目的與私隱條例的目的

相同

[

第

33(2)(a)

條

]

；及

(2)

資料使用者已採取所有合理的預

防措施及已作出所有應作出的努

力，以確保資料轉移該地區後被處

理的方式不違反私隱條例規定

[

第

33(2)(f)

條

]

。

但是，私隱條例自

1995

年實施以來，第

33

條遲遲未生效，而政府當局亦未有訂

立落實該條文的時間表。換言之，現時

香港有關個人資料由香港轉移海外的保

護相當薄弱，有欠全面。

私隱專員蔣任宏指出：「私隱條例於

九十年代制定，時至今天，全球數據流

動的模式已大大不同。科技進步，加上

機構的業務模式和行事方式演變，個人

資料的轉移已變成個人資料的數據流。

數據跨境，連綿不絕和大規模地流動。

政府是時候正視私隱條例第

33

條相關

的議題，確保香港維持國際金融中心和

數據樞杻的地位。」

為此，公署在

2013

年對香港以外

50

個司

法管轄區的個人資料保障法例進行研

究，結果擬備了一份『白名單』，臚列出

正實施大體上近似本港私隱條例或達致

相同目的之法律的地方。研究報告和『白

名單』已交給政府考慮。

Section 33 of the Ordinance provides

a very stringent and comprehensive

regulation of the transfer of data outside

Hong Kong. It expressly prohibits all

transfers of personal data ‘to a place

outside Hong Kong’ except in specified

circumstances such as:–

(1) t h e p l a c e i s s p e c i f i e d b y t h e

Commissioner as one which has in

force a data protection law which

is substantially similar to, or serves

the same purpose as the Ordinance

[section 33(2)(a)]; and

(2) the data user has taken all reasonable

precautions and exercised all due

diligence to ensure that the data

will not, in that place, be handled

i n a ma nn e r t a n t amoun t t o a

contravention of a requirement under

the Ordinance [section 33(2)(f)].

The only problem is that section 33 has

not been brought into force since its

enactment in 1995 and the Government

has no timetable for its implementation in

future. As a result, the current protection

for personal data transferred overseas is

weak and far from comprehensive.

Privacy Commissioner Mr Allan Chiang

commented, “Advances in technology,

along with changes in organisation’s

business models and practices have

turned personal data transfers into

personal data flows. Data is moving

across borders, continuously and in

greater scales. It is high time for the

Government to have a renewed focus on

section 33 of the Ordinance to ensure

that the international status of Hong Kong

as a financial centre and a data hub will

be preserved.”

To assist the Government in this area,

the PCPD completed in 2013 a survey

of 50 jurisdictions and come up with a

white list of places which has in force a

data protection law substantially similar

to, or serves the same purpose as the

Ordinance. A copy of the report has been

forwarded to the Government.