Practical ways to bridge national differences

It is a tribute to the importance of privacy issues on the global political agenda that Elizabeth Denham, the United Kingdom’s Information Commissioner, gave an address at the G20 Conference in Tokyo on 3 June. She spoke in her capacity as Chair of the International Conference of Data Protection and Privacy Commissioners which brings together 122 Privacy and Data Protection Authorities across the world.

I am sure that we can all identify with her statement: “Significant differences in data protection approaches across our jurisdictions can have a confusing and damaging effect on consumer and business understanding of how laws operate and what they are there to safeguard.” She then added “But I’m not here today to advocate for homogeneity and uniformity in law. Rather, I am here to advocate for acknowledgement and respect for our differences and to find practical ways to bridge them.”

She then referred to both legal and management routes to interoperability: “Japan and the EU struck a new path in the mutual recognition of each other’s laws. Japan could show us the way as a bridge between APEC and EU systems. There is further work for governments to do to consider the merit of a wider application of such an approach – that could include codes, standards and certification systems that allow data transfers with trust.”

Privacy Laws & Business is now in its 33rd year providing a record of these developments, now more accessible than before via the search function on our new website. A table of the national privacy laws adopted in each decade 1973 to 2019 (pp. 22-23) was prepared by Professor Graham Greenleaf, our Asia-Pacific Editor.

We naturally devote much attention to the way in which the EU Data Protection Regulation (GDPR) has a rippling effect not only across Europe but also around the world. In this June edition, we cover consequential changes to the data protection laws in Brazil (p.1) and policy Canada (p.1). For the first time, we address gender related privacy issues (pp. 24–26).

Data protection certification in Singapore (p.23) is progressing faster than in the EU but coordinating the efforts of 28 countries (p.30) is clearly more complex than taking decisions in one country.

We have presentations by Andrea Jelinek, Chair of the European Data Protection Board in her first presentation in the UK, Elizabeth Denham, and speakers from the countries mentioned above and many more at GDPR’s influence ripples around the world, PL&B’s 32nd Annual International Conference, 1-3 July in Cambridge.

We look forward to meeting you there in just three weeks from now.


Stewart Dresner, Publisher

International Report 159

Lead story:

Brazil’s GDPR-style DP law is a game-changer

Data Protection Laws are like waiting for a London bus – you wait ages for one and then they all come at once! Felipe Palhares and Robert Bond of Bristows analyse Brazil’s new law.

Contents also include:

  • Comment: Happy Birthday, GDPR
  • ‘On again, off again’ consultation for Canadian policy on data transfers
  • GDPR: 25 of the 28 EU Member States now have national laws
  • A US Federal privacy law?
  • Is revising the OECD privacy guidelines worthwhile?
  • Countries with data privacy laws by year 1973 to 2019
  • UN examines whether gender influences privacy protection
  • The Czech Republic: GDPR legislation becomes effective
  • Liechtenstein’s GDPR adaptation law now in force
  • GDPR – the way forward
  • Ireland’s DP law in practice
  • Spain issues a list of processing activities requiring a DPIA
  • EU issues a study on certification
  • Ireland approves BCRs
  • Statutory Investigation of Google
  • Thailand’s new law now in force
  • Singapore’s DP Certification
  • EU Council still debating e-Privacy Regulation
  • CNIL sees its workload increase
  • Facebook case referred to CJEU
  • First GDPR case in Finland
  • Nordic DPAs continue cooperation
  • EDPB on Codes of Conduct
  • GDPR: Large fines expected soon
  • GDPR fines mostly moderate so far