This may come as a shocker, but it wasn’t until three years ago, that data protection laws came into being. The European Union’s General Data Protection Regulation (or GDPR) came into effect on May 25, 2018. GDPR replaced the former rudimentary standards for processing data provided in the Data Protection Directive of 1995 – even before Google was registered as a domain name.
Although many of the principal concepts and rules from the Directive underpin the GDPR, there remain critical updates intended to address the sophistry in workings of the digital age and the ways in which consumers’ and citizens’ data is
collected, analyzed, and transmitted by evolving business practices and models, such as social and professional networks, mobile applications, and e-commerce.
The GDPR Clearly Defines The Terms:
- Personal Data: “Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data”. Examples include first name and last name, a home address, and email address, etc
- Data Protection: “Data protection is about protecting any information relating to an identified or identifiable natural (living) person, including names, dates of birth, photographs, video footage, email addresses, and telephone numbers.
Other information such as IP addresses and communications content – related to or provided by end-users of communications services – are also considered personal data”.
Data privacy, or data protection, laws are enforced to regulate the use of ‘personal data’ by organizations to protect certain rights of individuals. This emphasizes that organizations are not free to use personal data at will.
All this along with a broad classification of those the entities that must abide by GDPR:
“A controller determines the purposes and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller. If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities.
You will have legal liability if you are responsible for a breach. However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR”
Worldwide Legislation on Digital Transaction
As the world warms up to the digitally processed commercial transaction, it is only appropriate that there exist e-transaction laws to validate such transactions and establish their legal equivalence with paper-based transactions.
Regulations have been enforced in 158 countries comprising 81% of the world. Out of this 68 are developing or transition economies and 30 feature as Least Developing Countries.
All but one European country (44 out of 45 countries) have in place e-transaction laws. 91% in the Americas and 61% in Africa.
Worldwide Data Protection and Privacy Legislation
As the world population gets more involved and active socially and economically on the worldwide web, the importance of privacy and data protection gains more relevance.
Concerns over capture, use, and sharing of personal information with third parties without notice or consent of consumers surface as threats. Several countries, precisely 128 out of 194 countries have implemented legislation to secure the protection of data and privacy.
Africa and Asia show a similar level of adoption with 55 percent of countries have adopted such legislation of which 23 are the least developed countries.
Cybercrime Legislation Laws
Addressing the rising threat of cybercrime is crucial for the development of economies. The invasion of cyberspace by criminals need to be arrested to maintain economic security and theft of sensitive information.
While 154 countries (79 percent) have enforced cybercrime legislation, the percentage varies regionally: Europe has the highest adoption rate (93 percent), and Asia and the Pacific the least (55 percent).
The evolving cybercrime landscape and lack of protection measures pose a significant challenge for law enforcement agencies and prosecutors, especially for cross-border enforcement.
Online Consumer Protection
Despite the seriousness of consumer confidence for business-to-consumer e-commerce, many developing and transition economies have failed to wall up with laws to protect consumers online.
As many as 57 countries have no charted route through which to obtain data, suggesting that online consumer protection is being neglected.
Out of 134 countries for which data are available, 110 have enacted legislation on consumer protection related to e-commerce. That percentage varies from 73% in Europe to 46% in Africa and 72% in the Americas.
As is Apparent…
While the GDPR may be endorsed and promoted globally, it could be ambitious to assume that it will impact all nations worldwide any time soon. This is considering that many countries across the globe are yet to put data protection laws in place or finalize existing draft legislation.
The chosen components of strong online privacy and data protection rights listed below reveal the gravity of the challenge for the developing and underdeveloped countries, particularly where obligations on service providers were complicated by the issue of data control across borders.
- Establishment of state and regional policies that strengthen data protection frameworks like an oversight from independent bodies
- Pulling away from a patchwork of sector-based regulation and moving towards a single legislative data-protection mandate to protect individuals’ privacy
- Compulsory breach notification requirement
- Enforcing penalty upon non-compliance
- Developing a consent-based model for data protection regulation where data is moderated on the basis of a common set of data protection principles across industry sectors without distinction.
- Implementing data portability which will eclipse the extraterritorial nature of data collection and transmission
- Enforcing data subject rights such as the right to be forgotten etc
Given the constantly advancing and increasing use of networking for transmission of data and transfer of funds, countries are adopting the data protection laws in varying degrees on a faster footing. It’s only a matter of time before most continents should be under the data privacy carpet.