Monday December 9, 2019 12:39pm by Tim Stevens

The Global Expansion of Data Privacy Rules

EU privacy rules are the strictest in the world – now other countries are following suit

When the EU’s General Data Protection Regulation (GDPR) came into effect, it replaced previous law from 1995 and strengthened consumer rights while making data protection law consistent across all EU states. It also made businesses more accountable to those whose data they collect, with much more stringent penalties for non-compliance.

When the new regulation came in 18 months ago, it gave the European Union the world’s strictest rules concerning data privacy. GDPR is also leading the way in that other nations are now (albeit slowly) starting to follow this lead. There’s certainly a firm hope that GDPR will set a ‘gold standard’ for other jurisdictions.

While many of the latest changes relate to consumer data, it’s likely that similar updates for the laws surrounding B2B will soon follow, and so all these changes should be noted. Below, we give some examples of parts of the world that are upgrading their data laws.

Data privacy around the world

In the US, data privacy regulations vary from state to state. The California Consumer Privacy Act (CCPA) is a new data privacy law which applies to some businesses that collect personal information from that state and comes into effect on January 1st 2020.

The CCPA was passed a little more than a month after GDPR, and gives state residents the right to know what personal information is being gathered about them, to say no to the sale of personal data, and to know whether their personal data is sold or disclosed, and, if so, who to. Equally, Californians have the right to access personal data, without fear of discrimination for doing so. They can also ask a business to delete personal information.

Meanwhile, in Washington Senate Democrats are putting forward broad federal data privacy legislation that would allow people to see the information organisations have gathered about them, and demand its deletion. It’s likely to face challenges from both the Republican-controlled Senate and the tech industry. Called the Consumer Online Privacy Rights Act, the bill is similar to the CCPA.

In New York, the SHIELD Security Act, which has already taken effect, expands current law on data security and adds to the section on breach notifications and updating definitions, while adding new cybersecurity rules. At the same time, New Jersey is considering heightened data security and privacy obligations.

Additionally, the EU and US have adopted the EU-US Privacy Shield Framework, providing European and American organisations with a mechanism for complying with EU data protection rules when personal data is being transferred from the EU to the US.

Elsewhere in the world:

  • In Africa, 19 nations have enacted data protection and privacy laws, including South Africa, while six have draft legislation including Kenya, Zimbabwe and Nigeria. The African Union adopted a progressive convention on personal data protection five years ago.
  • In Australia, the government has amended the 1988 Australia Privacy Act to incorporate compulsory breach notification requirements. New Zealand also has data protection legislation.
  • Across Asia 15 nations, including China, India, Hong Kong, Japan and the UAE, have laws in this area, while four are drafting them.

This global rise in data protection laws shows the issue’s increasing importance internationally. However, it’s true that more still needs to be done, especially across continents, with greater harmonisation to ensure a more coherent worldwide policy and reduce confusion when issues arise between countries. And with many countries still without any data protection laws at all, it could be naïve to assume that the whole world will be adopting the EU’s ‘gold standard’ immediately.

But, these days, security breaches clearly attract wide publicity, and consumers are increasingly aware about what happens to their data. In 2016, more than half (57%) of consumers globally said they were more worried about online privacy than they were two years earlier, according to a study from the Centre for Internet Governance Innovation and Ipsos.

So organisations are rightfully much more aware of these matters and how they handle data generally. And it’s important to be aware of and compliant with not just of changing EU legislation, but the many B2B data rules have been updated across the world.

At i-4business, we only supply data that’s 100% accurate and fully compliant with all legislation. To book your free data trial and audit, please get in touch with one of the i-4business team today.