The State of Global Privacy Rules

The State of Global Privacy Rules

Where we are succeeding and where we need change

Do you value your privacy? Whether online or offline, most people want control over their data.

We share so much online, and the amount of information the public has access to far exceeds years prior. This means that data protection affects us all. Whether we act as individuals, businesses, websites, or their worldwide operators. In turn, global privacy rules strive to give us the right to access, control, and delete our data. While these rules vary regionally, these rules have meaningful commonalities. There is harmonization in enforcement provisions, obligations, and rights. On paper, the General Data Protection Regulation (GDPR) covers the European Union (EU) and its citizens. In reality, this legislation has achieved status as the global standard. These regulations show how businesses can protect people’s online privacy worldwide. They also show real challenges. Global privacy rules are making a difference, but ample room for improvement remains.

GDPR – The Gold Standard

The GDPR regulates how EU citizens’ data can be collected and processed. With the GDPR, individuals have more control of their personal information, including where it is sent and how it is used. The GDPR also focuses on the international transfer of personal data and streamlines regulations for businesses operating globally. The regulatory nature of the GDPR grants flexibility in adjusting certain aspects to individual member states and has brought consistency in data security law across the entire EU. This streamlined framework has proven to be impactful in numerous ways. Following the GDPR’s implementation in 2018, it has been used as a model for privacy laws across the globe. For example, the California Consumer Privacy Act (CCPA) provides several of the transparency and compliance rights outlined in the GDPR. Many other territories have also incorporated principles from the GDPR into their regulations, such as Turkey, Chile, Japan, and Brazil. The GDPR has also impacted information policy, sparking significant developments to ensure personal data is protected by regulatory means.

But, with any policy or regulation, there are areas of challenge and dispute. In general, obtaining legal and informed consent has been a challenge. Also, falsified versions of GDPR-related emails have become popularized phishing scams, and some argue whether anti-spam laws are being broken. Implementation of the GDPR means general challenges to organizations and businesses, as individuals’ personal data is of great value to them. By giving people the right to manage their data, the GDPR obstructs easy opportunities for organizations to collect and manage personal data in large quantities. Some organizations attempt to dodge this challenge by using deceptive tactics to encourage customers to lower their privacy settings. Other international websites have sometimes opted to block all EU users or only allow access to minimized versions of their services to avoid any liability altogether. Inconsistencies also still exist between the practical and technical implementation of GDPR, and tightened authority control is somewhat lacking. Generally, GDPR has evolved to provide data protection and privacy to citizens of the EU, along with protecting international data transfer. The GDPR’s successes are apparent in that it has become an international model for privacy laws in other areas. Generally, the positive impacts of the GDPR are extensive, but it still faces numerous challenges.

The GDPR’s Influence

Internationally, a variety of global privacy rules are implemented. Each law has unique aspects, but similarities exist as well—particularly around obligations, rights, and provision enforcement.

  •  Argentina and Singapore’s Personal Data Protection Acts seek to open public and private databases and registries, giving people access to any information stored, and protecting personal data privacy.
  • Similarly, the Australian Privacy Principles Guidelines give individuals the right to access, correct, and delete data, as well as the right to opt-in for sensitive data processing.
  • On the other hand, developing a digital economy and broadband infrastructure are the objectives of the stricter legislation of the Digital Code in the Benin Republic.
  • The Personal Information Protection and Electronic Documents Act in Canada provides rights and protections in the hopes of promoting and supporting electronic commerce.
  • Columbia’s Law 1266/2008 focuses on the regulation of processing credit records, financial data, and commercial information either collected abroad or in Colombia.
  • Through the Data Protection Principles (PDPO Schedule 1), Hong Kong protects data collection purposes and means; data accuracy and retention; data use, security, openness; and access and correction.
  • New Zealand’s rules have similar protections to Hong Kong. They implemented the Privacy Act 2020, which is an updated version of their old rules, adjusting towards a more international and technologically advanced world. Universally, different laws, acts, and codes are applied to ensure privacy for individuals.

While they share specific characteristics compliments of the GDPR’s leadership, there are many different perspectives reflected. Some countries allow individuals maximal privacy rights, while other countries are less protective. It is important to analyze the different rules, as it can provide beneficial insight into the application and potential of privacy regulations.


No alt text provided for this image


Noteworthy Developments

Recently, China, India, and Brazil have introduced seen considerable legislative changes regarding data privacy regulations.

CHINA

China, for example, passed the Data Security Law (DSL) in 2021, which filled many previous holes that existed in their earlier data privacy laws. The DSL applies to all data processing done in connection with electronic and non-electronic information, both personal and non-personal. These changes allow Chinese consumers more rights in accessing, correcting, and deleting personal data while stressing national security, cross-border transfers, and enforcement. Additionally, China has implemented the Personal Information Protection Law (PIPL). The PIPL has many similarities to the GDPR, and applies to any person or company, regardless of nationality or residency, that processes the personal information of individuals in China. For China, these recent changes bring higher specifications to areas that were relatively unclear before these laws, including data export, data protection, and data localization requirements.

INDIA

India has also seen recent changes in its privacy rules—through the Data Protection Bill, which aids in individuals’ privacy rights protection and promotes fair and transparent handling of personal data by companies to unlock the digital economy. With these changes, India is better equipped to match the strong data protection laws of other countries.

BRAZIL

Privacy rule changes have also occurred in Brazil. The provisions of Brazil’s LGPD are in line with those found in the GDPR and California’s CCPA and may affect any organization that processes or has controls over the personal data of those living in Brazil. It requires any organization that processes personal data to meet specific data protection obligations and allows individuals many rights over their data. In short, the recent changes in China, India, and Brazil give citizens more rights to control their personal data while closing gaps that existed in previous laws.

 Moving Forward

The world’s legislation includes a wide variety of laws and regulations. Some are succeeding. Circumstances resulting from others implore decision-makers to act. Rights and protections around personal data are relevant to both individuals and organizations. Enforcement of these regulations is crucial. The EU's GDPR has become a globally used model for privacy rules. Recent changes in China, India, and Brazil reflect positive progress. Protecting personal data will continue to be important. Creating improvement in legislation requires dialogue and change on an ongoing basis.

  

Are you as interested in this topic as I am? Do you agree or disagree with me? Leave a comment below!👇

Aashima Sharma

Senior Digital Marketing Specialist- Data Dynamics

9mo

Great, thought-provoking article, Su! Balancing data privacy (real choice, consent) with lawful commercial/public use is a critical issue. Achieving this in an increasingly nationalistic data environment, while also adapting to new technologies ethically and harmonizing global regulations, is paramount for all stakeholders

Like
Reply
Carla Tavares

Head of Legal, Middle East & Africa| Pharma & Aesthetics| FMCG| Tech| Commercial, legal compliance & Data Privacy | Aspiring NED & Lecturer

2y

Su Le interesting, thank you for sharing.

Like
Reply
Dale Waterman

Strategic Market Solutions | Governance, Risk, Compliance, Responsible AI, Data Ethics, ESG, Data Protection, Digital Transformation

2y

A well researched and thought provoking article. Thank you for sharing Su. Finding the balance between protecting personal data (including meaningful choice and consent) and enabling the lawful use of personal data from a commercial and public services perspective is one of THE key issues of our times. Combine that with a need to harmonize global regulations to facilitate global trade (in a nationalistic landscape where a trend seems to be developing where countries increasingly view personal data as national data) and the need to develop regulations that cater for modern technologies and essentially move with the times, in a principled and ethical manner - clearly this is an area of critical importance for citizens, businesses and governments alike as we plan for the future.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics