Global Data Privacy Laws: 89 Countries, and Accelerating
Privacy Laws & Business International Report, Issue 115, Special Supplement, February 2012
14 Pages Posted: 6 Feb 2012 Last revised: 2 Jul 2017
Date Written: February 6, 2012
For the 2017 update to this paper, now covering 120 laws, see http://ssrn.com/abstract=2993035.
It is almost forty years since Sweden’s Data Act 1973 was the first comprehensive national data privacy law, and was the first to implement what we can now recognize as a basic set of data protection principles. How many countries now have data protection laws? This article surveys the forty years since then of global development of data privacy laws to the start of 2012. It expands and updates ‘Global data privacy laws: Accelerating after 40 years’ ((2011) Privacy Laws & Business International Report, Issue 112, 11‐17) which showed that at least 76 countries had enacted data privacy laws by mid‐2011. Six months later, further investigation shows that there are at least 89 countries with such laws. The picture that emerges is that data privacy laws are spreading globally, and their number and geographical diversity accelerating since 2000.
There are some surprising inclusions, and some illuminating trends in the expansion of these laws. The total number of new data privacy laws globally, viewed by decade, shows that their growth is accelerating, not merely expanding linearly: 8 (1970s), 13 (1980s), 21 (1990s), 35 (2000s) and 12 (2 years of the 2010s), giving the total of 89. In the first two years of this decade 11 new laws have been enacted (Faroe Islands, Malaysia, Mexico, India, Peru, Ukraine, Angola, Trinidad & Tobago, Vietnam, Costa Rica, Gabon and St Lucia) and the Russian law came into force, making this the most intensive period of data protection developments in the last 40 years.
Geographically, more than half (56%) of data privacy laws are still in European states (50/89), EU member states making up only slightly more than one third (27/89), even with the expansion of the EU into eastern Europe. The geographical distribution of the 89 laws by region is therefore: EU (27); Other European (23); Asia (9); Latin America (8); Africa (8); North Africa/Middle East (5); Caribbean (4); North America (2); Australasia (2); Central Asia (1); Pacific Islands (0). So there are 39 data privacy laws outside Europe, 44% of the total. Because there is little room for expansion within Europe, the majority of the world’s data privacy laws will soon be from outside Europe, probably by the middle of this decade.
The article also shows that we can expect the pace of legislation to continue accelerating. There are Bills currently before legislatures in at least five countries although some have been withdrawn for redrafting. There are official draft Bills known in another five during the past year.
Now that we have this more accurate picture of the global development of data privacy laws, further research becomes possible. It has already made possible an assessment of the influence of European privacy standards on legislative developments outside Europe. Further research is required on such questions as the implications of the increasingly interlocking data export restrictions in this legislation; on the effectiveness of the enforcement regimes in various countries; on the extent of judicial interpretation of these laws, and on other comparative aspects of data privacy laws. All of this requires an accurate account of the world’s data privacy laws.
This research presented in this article and its Tables has now been updated (to 1 June 2013) by the article available at: http://ssrn.com/abstract=2280877 and by the Tables available at: http://ssrn.com/abstract=2280875.
Keywords: privacy, data protection, data privacy, legislation, regulation
Suggested Citation: Suggested Citation