Global Data Privacy 2019: DPAs, PEAs, and their Networks
(2019) 158 Privacy Laws & Business International Report, 11-14
7 Pages Posted: 12 Aug 2019 Last revised: 29 Aug 2019
Date Written: March 30, 2019
The networks of Data Protection Authorities (DPAs) and (as they are sometimes called) Privacy Enforcement Agencies (PEAs) have continued to expand in numbers of members, and in their activities, in 2017-18. This article analyses the details of those networks set out in the 2019 Global Tables of Data Privacy Laws at https://ssrn.com/abstract=3380794. The last two columns of the Table identify the DPA/PEA, where one exists, in each of the 132 countries with data privacy laws, and each network of which they are a member.
Three main conclusions from the analysis of each DPA/PEA network.
Only 10% of national laws do not create specialised DPAs, and only very rarely are explicitly subject to government control. Another 10% have not appointed a DPA within a reasonable time (or in three cases brought their law into force). The result is that 80% of the 132 countries with data privacy laws have them administered by appointed and functioning, specialised DPAs (almost always independent). How well they do their job as regulators is another question, but specialist, functioning DPAs are the rule, not the exception.
Where a DPA or PEA has been established, and the law is more than two years old, the record of national DPAs and PEAs in joining these networks is reasonably good. There are only 13 such DPAs that are not a member of at least one such association. Almost all of the above associations have obtained modest increases in membership in 2017-18.
While membership of most of the above policy and enforcement-oriented associations has not yet reached its maximum extent, progress toward this goal continues for most of them. This is valuable for the future of data protection in that it promotes consistent development of principles in polities with common interests and traditions, and facilitates collective action.
Keywords: Data Protection, Privacy, Data Protection Authorities, DPA, PEA
Suggested Citation: Suggested Citation