Hong Kong, mainland China to launch scheme this month to make sharing of personal data easier in Greater Bay Area, first phase to cover banking, healthcare sectors
The bay area is Beijing’s ambitious plan to integrate Hong Kong, Macau and nine southern mainland Chinese cities into an economic powerhouse.
The scheme, which will be implemented in phases, will allow individuals and organisations in the bay area to voluntarily enter a standard contract, which outlines the responsibilities and obligations of both parties in protecting personal information, according to the bureau.
Under the first phase of the programme, set to launch this month, Hong Kong and mainland authorities will invite the banking, credit referencing and healthcare sectors to take part in the scheme, which is led by the Office of the Government Chief Information Officer (OGCIO) and the Cyberspace Administration of Guangdong Province.
Compliance requirements for the flow of personal data among nine mainland cities within the area and Hong Kong would be streamlined, the bureau said.
The contract would also lift restrictions imposed by mainland authorities on the amount of personal data that could be transferred and simplify the information required for assessing the protection of personal data, it added.
Hong Kong watchdog finds healthcare chain shared customer data without consent
The bureau said it would review the “early and pilot implementation” arrangement in due course, with a view to further extend the measure to other sectors.
The new measure was voluntary and privacy would be protected under city laws, it added.
“The GBA Standard Contract is an administrative measure. It does not affect the supervisory and regulatory roles of the Office of the Privacy Commissioner for Personal Data in ensuring compliance with the Personal Data (Privacy) Ordinance,” the bureau spokesman said.
According to the contract’s implementation guidelines, staff are required to maintain the confidentiality of personal data, commercial secrets and business information. They are also prohibited from sharing this information with others, or using it unlawfully.
Veteran drug firm boss seeks more public-private partnerships in Hong Kong
Any parties can lodge a complaint to the bureau, the city’s privacy commissioner, as well as the Cyberspace Administration of China and the Cyberspace Administration of Guangdong Province if a data processor or a recipient is found in breach of their obligations.
In case of a breach, complaints can be filed with the bureau, the city’s privacy commissioner, as well as the Cyberspace Administration of China and the Cyberspace Administration of Guangdong Province. Upon receiving a complaint, relevant departments can request a rectification if they detect a high security risk.