In this chapter we’ll provide information about data privacy regulations and laws, and cover the following topics:
What Are Data Protection and Data Privacy Laws?
Data protection and data privacy laws are rules and regulations set by different countries and states to define relevant rights, responsibilities, and liabilities with regards to protection of data and privacy. In many cases, these rules and regulations aim to limit the impact of technology on individual’s right to privacy and to require organizations to properly protect their data.
What Are Some of the Laws that Provide Protection for the Privacy of Personal Data?
- EU GDPR (General Data Protection Regulation) is probably the most well-known data protection regulation, which came into effect on May 25, 2018. GDPR sets guidelines for collection and processing of personal information belonging to individuals who live in the European Union.
- UK DPA (Data Protection Act) is the UK’s implementation of GDPR, which came into effect on May 25, 2018 as well. It adds additional details to the generic GDPR instructions.
- CCPA (California Consumer Privacy Act) came into effect on July 1, 2020. The CCPA enhances privacy and consumer protection for California consumers.
Which Countries Are Very Strict on Privacy Protection Laws?
- EU countries have strong personal data protection driven by GDPR.
The United States has various data privacy and protection laws in different states.
- Australia added the privacy amendment (Notifiable Data Breaches) to its privacy act in 2018, which enforces disclosure of data breaches by companies.
- Japan has the Protection of Personal Information Act, which sets limitations on companies processing data belonging to Japanese citizens. Japan also has an agreement with the European Union for cross approval of companies with high data protection standards.
- South Korea has the Personal Information Protection Act, which enforces several GDPR-like limitations, and is one of the oldest acts, dating back to 2011.
Other countries like India & Brazil have strict data protection acts which are pending approval in 2020-2021.
What US States Have Data Privacy Laws?
In the US, all states have some laws in place to address at least some aspects of data protection and privacy (e.g. data breach disclosure and handling sensitive data).
The following states have implemented additional comprehensive privacy laws in the last few years:
- California (with the CCPA)
- Nevada (with Senate Bill 220)
- Maine (with the Act to Protect the Privacy of Online Consumer Information)
What Information Is Protected By Privacy Laws?
Various privacy laws protect different types of information. Sometimes the same data protection law requires different standards for different types of data. For example, some personal information may only prove an individual’s identity, while other personal information can be more sensitive, such as political views and health related information, and must be further protected.