Uncertain paths for international standards

Graham Greenleaf explains what is happening in different regions and globally.

The period 2019-20 has been one of slower progress for international data privacy standards than the watershed period of 2017-18. Developments are analysed in this article, and the countries affected are detailed in the accompanying Tables.

EU GDPR creates two types of international standards: emulation and adequacy

The EU’s General Data Protection Regulation (GDPR) finalised in 2016 and in force since 25 May 2018 created two types of international data privacy standards. My 2021 survey of new and revised laws (see p.1) confirms the conclusion, already apparent in 2017-18(1), that the GDPR has established a new “global benchmark” (often called a “gold standard”) for data privacy protection, to which non-EU countries are already aspiring to align their laws, both new and revised, in very varying degrees. Only some of the 18 or so innovations in the GDPR are being widely emulated, and it is too early to assess which ones will eventually be fully part of this “3rd generation” of data privacy laws.

Continue Reading

International Report subscribers please login to access the full article.

If you wish to subscribe please see our subscription information.