Home | Databases | WorldLII | Search | Feedback University of New South Wales Faculty of Law Research Series

Greenleaf, Graham --- "Sheherezade and the 101 Data Privacy Laws: Origins, Significance and Global Trajectories" [2013] UNSWLRS 40

Last Updated: 11 July 2013

Sheherezade and the 101 Data Privacy Laws: Origins, Significance and Global Trajectories

Graham Greenleaf, University of New South Wales


This paper is available for download at Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2280877

Citation

This paper was published in Journal of Law & Information Science, 2012. This paper may also be referenced as [2013] UNSWLRS 40.

Abstract

It is forty years since Sweden’s Data Act 1973 was the first comprehensive national data privacy law, and the first such national law to implement what we can now recognize as a basic set of data protection principles. The core of this paper is the question 'How many countries now have data privacy laws?'. First, a definition is provided of a 'data privacy law', based largely on the requirements of the earliest international data protection instruments, the OECD privacy guidelines, and Council of Europe data protection Convention 108. 'Countries' are considered to include separate legal jurisdictions.

The answer to the question – documented in the Global Table of data privacy laws at http://ssrn.com/abstract=2280875 - is that, as of mid-2013, 99 countries have such laws, a number considerably higher than earlier commentators had assumed. By looking at the related questions of the date at which such laws were enacted, and the regions of the world in which they have arisen, we can see trends in development which indicate the future direction of global development of data privacy laws. The conclusion reached is that, given the continuing accelerating growth in the number of such laws, it seems likely that, within a decade, data privacy laws will be ubiquitous in that they will be found in almost all economically more significant countries, and most others. This conclusion is supported by the number of official data privacy Bills currently before legislatures or under government consideration in at least 20 more countries.

The article also analyses which international agreements or requirements concerning data privacy (OECD, EU directive and 'adequacy', APEC, ECOWAS etc) affect which countries, and how many relevant parties have enacted laws in accordance with the various agreements or requirements. The extent to which data protection authorities (DPAs) are required as part of data privacy laws is analysed, and existing DPAs identified. The associations of DPAs in which each is involved are also identified, and some conclusions drawn concerning their overlapping but incomplete memberships.

In summary, this paper gives a global snapshot of data privacy laws and the international agreements relevant to each, and of Data Protection Authorities and their interlocking associations.

The Global Tables of Data Privacy Laws and Bills (3rd Ed, June 2013) analysed in this article are at http://ssrn.com/abstract=2280875.