Data Privacy Around The World
An insight into data privacy around the world and the way digital transformation is enabling new legislation.
The digitization of data, enabled by Digital Transformation is changing the face of data privacy, forcing organisations to change their current mechanisms and welcome the new digital reality.
Symmetrically, the change in data privacy regulations accelerates digital transformation for the purpose of gaining compliance with the new legislation.
Data privacy, also called information privacy, is the aspect of information technology (IT) that deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties.*
When it comes to data privacy, there rarely is a universal law applicable to all countries’ legislation. Oftentimes there is a significant discrepancy between data privacy regulation and enforcement harshness, which makes cross-border data transfers burdensome.
Interest around the world: Top 5 regions by search volume
Over the past 5 years, there has been a slow, but steady interest increase in data privacy around the world. Together with the new digital revolution, the interest in the topic is expected to gain more traction in a more accelerated fashion.
According to Google Trends, the top 5 Regions in terms of interest in Data Privacy for the past 5 years were as follows:
Of the 5 regions with high search volumes for “Data Privacy”, Hong Kong and United Kingdom have the heaviest regulation and enforcement of data privacy legislation in place, with “The Personal Data (Privacy) Ordinance (Cap. 486)”, respectively the “EU Data Protection Directive 95/46/EC”.
Singapore and Australia have a robust data privacy legislation in place, with Personal Data Protection Act 2012 (№26 of 2012) (‘Act’), respectively Australia’s legislation, which is currently composed of a mix of Federal and State/Territory legislation.
Unlike the other regions above, Philippines has a limited regulation and enforcement of data privacy, called the Data Privacy Act of 2012 (the ‘Act’) or Republic Act №10173.
Despite the interest in data privacy in these 5 regions is the highest in terms of Google searches, this is not a consequence of the legislation strictness and enforcement, as shown by the difference in application.
Data privacy in the top 10 economies
The top 10 economies by continent and their share in the global GDP are:
Depending on the level of Regulation and Enforcement of Data Privacy laws, the color codes for the countries in question are classified as follows:
North America
There are about 20 data privacy and security laws in the US, specific to sectors and mediums, as well as hundreds other such laws across its 50 states and territories.
Canada has 28 privacy statues that regulate the protection of personal information in the public, private and health sectors, varying in scopes and provisions, but pursuing the same purpose of protection of personal information.
Asia
Despite its robust approach to data privacy, the People’s Republic of China does not have a comprehensive data protection law, but more like rules regarding personal data protection scattered across its legislation.
Be that as it may, the base of general data protection rules lie in “The Decision on Strengthening Online Information Protection” and the “ National Standard of Information Security Technology — Guideline for Personal Information Protection within Information System for Public and Commercial Services”
Japan’s approach to data privacy is expressed by the The Act on the Protection of Personal Information (APPI), which requires business operators to perform their activities with a personal information database of no more than 5,000 persons in the past 6 months.
Amendments that go into effect in September 2017 introduce 2 new classes of information and new requirements for the notion of “opt out”.
Even though there isn’t a specific legislation on data privacy and protection, the Information Technology Act, 2000 includes the specific provisions intended for protecting digital data.
Europe
Until the enforcement of European Union’s General Data Protection Regulation, each member state will continue with its current data privacy legislation.
Germany has a main legislative source regarding data protection, which is the Federal Data Protection Act (BDSG). In addition to it, each state has its own law, which is applied depending on the jurisdiction the data controller is under.
The EU Data Protection Directive 95/46/EC was implemented in March 2000 through the Data Protection Act 1998 (Act), and its enforcement is performed through the Information Commissioner’s Office (ICO).
France’s main law that regulates data privacy is Law №78 17 of 6 January 1978 on ‘Information Technology, Data Files and Civil Liberty’ (‘Law’). Enforcement of the Law is mainly pursued through the ‘Commission Nationale de l’Informatique et des Libertés’ (CNIL).
The EU Data Protection Directive 95/46/EC was implemented through Law №2004–801 of 6 August 2004.
The Legislative Decree no. 196 of 30 June 2003 (Codice in materia di protezione dei dati personali, the ‘Privacy Code’) is the law that applies for privacy issues, implementing the Directives 95/46/EC, 2002/58/EC and 2009/12/EC.
South America
Even though for now, Brazil doesn’t have a single data protection framework in place, but two bills, namely №330/2013 and №5.276/2016, which are being analyzed by the Congress.
As organisations around the world begin their digital transformation revolution, it is crucial for them to be aware of their options and limitations in terms of Data Privacy rules and regulations, as they have the potential to make or break their business.
Transparency and increased rights for individuals are a common themes for laws around the world, regardless of the countries’ levels of Regulation and Enforcement of Data Privacy laws.
Curious to find out more?
