Global Data Privacy Laws 2019: New Eras for International Standards

(2019) 157 Privacy Laws & Business International Report, 19-20

4 Pages Posted: 30 May 2019

See all articles by Graham Greenleaf

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: February 7, 2019


In 2017-18 there have been major changes to some of the international agreements affecting privacy, in terms of both their contents and their parties. This article details, and explains the significance of:

(i) The implications of the EU GDPR's coming fully into force on 25 May 2018 for countries which wish to obtain or retain a finding that they ‘ensure an adequate level of protection’ satisfying the requirements of GDPR art. 45.

(ii) The completion of the ‘modernisation’ of data protection Convention 108 on 18 May 2018 (now 'Convention 108+); its prospectsof coming into force is assessed; its three new parties since 2017; and the UN Special Rapporteur on the Right to Privacy (SRP)'s recommended that all UN member states should accede to it.

(iii) The African Union Convention on Cyber Security and Protection of Personal Data (2014) growth in signatories and ratifications, bringing it closer to entering into force. Nine of the fifteen ECOWAS states in West Africa have enacted data privacy laws to comply with their obligations under the ECOWAS Supplementary Act.

(iv) Of the 11 new countries with data privacy laws, all except two have ratified the International Covenant on Civil and Political Rights, 1966 (ICCPR), Article 17 of which requires privacy protections. The position is slightly less impressive concerning ratifications of the 1st Optional Protocol to the ICCPR.

(v) APEC CBPRs is of negligible practical significance as yet, because only the US (24 companies certified since 2013 ) and Japan (3 companies certified since 2016 ) are fully participating.

(vi) In 2017-18 the previous Trans Pacific Partnership (TPP) was scrapped after US withdrawal, but it was then replaced by the 11 other parties proceeding with the Comprehensive and Progress TPP (CPTPP), which came into force between its six ratifying parties (to date) on 30 December 2018. It has provisions limiting data export limitations and data localisation. At least three of these parties may already have made contrary commitments.

This paper is based on data in the 2019 Global Tables of Data Privacy Laws and Bills at

Keywords: data protection, privacy, GDPR, Convention 108, APEC CBPRs, ICCPR

Suggested Citation

Greenleaf, Graham, Global Data Privacy Laws 2019: New Eras for International Standards (February 7, 2019). (2019) 157 Privacy Laws & Business International Report, 19-20, Available at SSRN:

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)


Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics