Abstract

http://ssrn.com/abstract=1946700
 
 

References (4)



 
 

Citations (3)



 


 



Global Data Privacy Laws: Forty Years of Acceleration


Graham Greenleaf


University of New South Wales, Faculty of Law

October 10, 2011

Privacy Laws and Business International Report, No. 112, pp. 11-17, September 2011
UNSW Law Research Paper No. 2011-36

Abstract:     
It is almost forty years since Sweden’s Data Act 1973 was the first comprehensive national data privacy law, and the first to implement what we can now recognize as a basic set of data protection principles. This article surveys the forty years since then of global development of data privacy laws to mid-2011. How many countries now have data privacy (‘data protection’) laws that at least cover most of their private sector and include privacy principles meeting or exceeding the minimum standards of international data protection and privacy agreements? As of mid-2011there are now seventy six such countries (or otherwise independent legal jurisdictions), as identified in this article for the first time. A Table lists all such countries and their main data privacy laws, when first enacted and most recent versions, and the international commitments of each country, or the international recognition their laws have received.

The picture that emerges is that data privacy laws are spreading globally, and their number and geographical diversity accelerating since 2000. There are some surprising inclusions, and some illuminating trends in the expansion of these laws. The total number of new data privacy laws globally, viewed by decade, shows that their growth is accelerating, not merely expanding linearly: 7 (1970s), 10 (1980s), 19 (1990s), 32 (2000s) and 8 (1.5 years of 2010s), giving the total of 76. In the first 18 months of this decade 8 new laws have been enacted (Faroe Islands, Malaysia, Mexico, India, Peru, Russia - more accurately, brought into force - Ukraine and Angola), making this the most intensive period of data protection developments in the last 40 years. Geographically, almost two thirds of data privacy laws are in European states (48/76), EU member states are little more than one third (27/76), even with the expansion of the EU into eastern Europe. There are data privacy laws in all 27 member states of the European Union, and a further 21 laws in other European countries or jurisdictions. There are now 27 data privacy laws outside Europe, which considered by region are as follows: Latin America (6); North America (1); Caribbean (1); Asia (7); Australasia (2); North Africa/Middle East (3); Sub-Saharan Africa (6); Central Asia (1); Pacific Islands (0).

For over two decades the rate of adoption of new data privacy laws per year has been steadily increasing, and the regions of the globe that have such laws has been steadily expanding. If the current rate of expansion is continued, at least 50 new laws will result in this decade. The most economically significant countries currently missing from the list are the USA, China and Brazil, now that India has adopted a data privacy law in 2011. The omission of Brazil is also expected to be remedied this year. Most other countries that do not yet have data privacy laws are of relatively low significance in international trade, though some countries with large populations are among them, particularly in sub-Saharan Africa (eg Nigeria), and in Asia (eg Indonesia).

The article and Table also summarize the international commitments to data privacy made by each of the countries included, covering the EU Directive, Council of Europe data protection Convention and Additional Protocol, OECD privacy Guidelines, APEC Privacy Framework, and ECOWAS data protection Act. Recognition of non-EU laws by the EU as ‘adequate’ is also noted.

This research presented in this article and its Tables has now been updated (to 1 June 2013) by the article available at: http://ssrn.com/abstract=2280877 and by the Tables available at: http://ssrn.com/abstract=2280875

Number of Pages in PDF File: 7

Accepted Paper Series


Download This Paper

Date posted: October 20, 2011 ; Last revised: February 1, 2014

Suggested Citation

Greenleaf, Graham, Global Data Privacy Laws: Forty Years of Acceleration (October 10, 2011). Privacy Laws and Business International Report, No. 112, pp. 11-17, September 2011; UNSW Law Research Paper No. 2011-36. Available at SSRN: http://ssrn.com/abstract=1946700

Contact Information

Graham Greenleaf (Contact Author)
University of New South Wales, Faculty of Law ( email )
Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)
HOME PAGE: http://www2.austlii.edu.au/~graham

Feedback to SSRN


Paper statistics
Abstract Views: 1,809
Downloads: 408
Download Rank: 37,677
References:  4
Citations:  3

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo8 in 0.344 seconds