162 national data privacy laws and 20 Bills

We mark this 36th Anniversary edition of PL&B International Report by proudly publishing the latest list, now of 162 national data protection laws – representing around three-quarters of United Nations Member States - and 20 Bills.

They have been researched and presented by our universally respected Asia-Pacific Editor, Professor Graham Greenleaf. His pioneering work in this field and on enforcement is unrivalled, and has been cited for years by the United Nations, the OECD, the European Commission, the European Data Protection Supervisor and many others.

Here at Privacy Laws & Business we have been tracking these laws and Bills since our first Newsletter in February 1987 when our chart showed 10 national laws (PL&B International Report Issue 1 - p.9). A common theme then was their coverage of automated data, natural persons, a right of correction and the availability of penalties as sanctions. But there were also differences between the laws regarding the possibility of appealing against a decision of the Data Protection Authority, the role of the courts and whether the DPA had a role in giving an authorisation for the export of personal data.

The relevance today is that despite the 162 laws having broadly similar aims, in principle, they achieve them through widely differing scope, rights and duties reflecting the different societies from which they have emerged.

The EU GDPR remains the leading global influencer but while European laws assert the notion of the protection of personal data as a fundamental right, this is not the case in some countries. As a result, the balance between privacy and other values differs according to the norms of each society. The People’s Republic of China does not meet Western European standards of a democratic society. Nevertheless, it has produced a strong framework of privacy and cybersecurity law for which sanctions are imposed by the courts. At the top end, a fine exceeding $US 1 billion on companies and personal fines on top management more than match those elsewhere.

The few but growing number of US states with privacy laws, led by California, have different provisions for collective action which are largely absent in Europe, although available, in principle, in the EU GDPR.

As always, companies have to keep up to date as governments adapt their national privacy laws to reflect their interaction with specific sectoral laws, as shown by our contributor working at HSBC in Turkey. There banks have to be alert to ensure that their international transfers of personal data meet the changing demands of both data protection law and banking regulations.

National DPAs flourish most when they can call on top academic talent to advise them to ensure that they can benefit from experience in other countries.

In this context, I pay tribute to our late contributor to PL&B International Report from Brazil, the always helpful Professor Danilo Doneda, who sadly died last December. He advised Brazil’s government and provided PL&B with insights and information starting in 2009. He contributed to our Reports and was a speaker at our international conferences first in 2012 and most recently in 2019.

We are pleased to have contributions to both PL&B UK and International Reports written by a wide range of specialists in different disciplines including such high powered academics as Associate Professor Dr Elizabeth Coombs on Australia’s newly adopted law. She is a former New South Wales Privacy Commissioner and now serves as a member of the UK Data Transfer Experts Council.

Data protection in practice is the title of a useful research study published by Sweden’s Data Protection Authority on 31st January. Moving from understanding what the laws require to implementing them in daily business is the appropriate theme to mark 2023 as the 50th Anniversary of Sweden’s Data Law, the world’s first national data protection law. The main lines were established in this law which remains as the inspiration for all the subsequent laws around the world.

Who’s Watching Me? is the title of this year’s PL&B 36th International Conference. We have published the titles of 24 sessions and speakers from 15 countries. Registration is open now and the lowest fees are available until 30 March.

As we move into our 37th year since I established Privacy Laws & Business in February 1987, I thank you for your continuing subscription and we look forward to meeting you at St. John’s College, Cambridge 3-5 July.

Best regards,

Stewart Dresner
Publisher, Privacy Laws & Business

February 2023

News & Blogs

February 2023 Report Contents