![[2018 Global Cloud Computing Readiness Scorecard]](/public/ssi/pubs/pub_1.png)
Asia-Pacific Region at the Privacy Crossroads (2008)
6. Emergence of a global privacy norm?
In establishing legislation to govern privacy issues relating to electronic data, the most prominent legal instruments remain the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data of 1980,[36] the EU Data Protection Directive of 1995,[37] and the APEC Privacy Framework of 2005.[38]
Of these instruments, an argument can be made that the EU approach to privacy protection is rapidly becoming the global norm. In the list of ‘advanced economies’ developed by the International Monetary Fund (IMF), 29 of the 31 economies have privacy legislation that is broadly aligned with the EU approach. Only the US and Singapore have a different approach to the protection of privacy (and even in the US many companies have joined the US Safe Harbour regime established to ensure compliance with the EU Directive).
The following Table summarises the privacy approach taken by the 31 Advanced Economies recognised by the IMF.[39] Advanced Economies are modern market economies that have a high level of GDP per capita, but excludes countries that rely predominantly on a single source of income (e.g. oil reliant economies such as Brunei and Saudi Arabia).
|
|
Country |
Privacy Law |
Coverage |
EU Directive – Adequacy |
1 |
Australia |
The Privacy Act 1988 |
Comprehensive legislation |
Awaiting assessment. Unlikely to be assessed as adequate while current exemptions for small business and employees remain in place. The Australian Law Reform Commission has recommended the removal of both exemptions. |
2 |
Austria |
Federal Act concerning the Protection of Personal Data 2000, (Datenschutzgesetz 2000 - DSG 2000) |
Comprehensive legislation |
EU Member |
3 |
Belgium |
Comprehensive legislation |
EU Member |
|
4 |
Canada |
Personal Information Protection and Electronic Documents Act 2000 (PIPEDA) |
Comprehensive legislation |
Assessed as Adequate by EU on 20 December 2001[40] |
5 |
Cyprus |
|
Comprehensive legislation |
EU Member |
6 |
Denmark |
Comprehensive legislation |
EU Member |
|
7 |
Finland |
Comprehensive legislation |
EU Member |
|
8 |
France |
Comprehensive legislation |
EU Member |
|
9 |
Germany |
Federal Data Protection Act 2001 (Bundesdatenschutzgesetz - BDSG) |
Comprehensive legislation |
EU Member |
10 |
Greece |
Law 2472/1997 on the Protection of Individuals with regard to the Processing of Personal Data |
Comprehensive legislation |
EU Member |
11 |
Hong Kong SAR |
Comprehensive legislation |
Unlikely to be assessed as adequate until trans-border data provisions come into force. |
|
12 |
Iceland |
Act on the Protection and Processing of Personal Data, No. 77/2000 |
Comprehensive legislation |
European Free Trade Association (EFTA) Member |
13 |
Ireland |
Comprehensive legislation |
EU Member |
|
14 |
Israel |
The Protection of Privacy Law 5741-1981, 1011 Laws of the State of Israel 128 |
Comprehensive legislation |
Reforming laws as part of the EU assessment process. Likely to be assessed as adequate before 2010. |
15 |
Italy |
Italian Personal Data Protection Code (Legislative Decree no. 196 of 30 June 2003) |
Comprehensive legislation |
EU Member |
16 |
Japan |
Comprehensive legislation |
Awaiting assessment. May be some concerns regarding adequacy of access to data provisions and exemption for small record holdings. |
|
17 |
Korea |
Act on the Protection of Personal Information Maintained by Public Agencies 1999 |
Partial legislation covering the government and parts of the private sector. |
Proposed law reform in Korea may result in comprehensive private sector coverage, increasing prospects of an adequacy assessment. |
18 |
Luxembourg |
Law of 2 August 2002 on the Protection of Persons with regard to the Processing of Personal Data |
Comprehensive legislation |
EU Member |
19 |
Malta |
Comprehensive legislation |
EU Member |
|
20 |
Netherlands |
Personal Data Protection Act 2000 (Wet bescherming persoonsgegevens) |
Comprehensive legislation |
EU Member |
21 |
New Zealand |
Comprehensive legislation |
May be assessed as adequate once trans-border data provisions are strengthened. New Zealand commitment to amending law and seeking EU Adequacy assessment by 2011. |
|
22 |
Norway |
Comprehensive legislation |
European Free Trade Association (EFTA) Member |
|
23 |
Portugal |
Act on the Protection of Personal Data (Law 67/98 of 26 October), (Lei da protecçao de dados pessoais) |
Comprehensive legislation |
EU Member |
24 |
Singapore |
|||
25 |
Slovenia |
Comprehensive legislation |
EU Member |
|
26 |
Spain |
Organic law 15/99 of 13 December 1999 on the Protection of Personal Data, (Ley Orgánica 15/1999, de 13 de diciembre de Protección de Datos de Carácter Personal) |
Comprehensive legislation |
EU Member |
27 |
Sweden |
Comprehensive legislation |
EU Member |
|
28 |
Switzerland |
Comprehensive legislation |
Assessed as Adequate by EU on 26 July 2000[41] |
|
29 |
Taiwan |
Partial legislation (covering some industry) |
Proposed law reform in Taiwan may result in comprehensive private sector coverage, increasing prospects of an adequacy assessment. |
|
30 |
United Kingdom |
Comprehensive legislation |
EU Member |
|
31 |
United States |
Partial legislation (covering the public sector and some private sector organisations) |
Safe Harbour regime covers US businesses who opt-in. Assessed as Adequate (for those businesses who comply) by EU on 26 July 2000.[42] |
The Table shows that, at least for modern advanced economies, a clear global norm has developed for privacy protection, based on comprehensive legislation with conditions for the transfer of personal information to third countries. Singapore finds itself in perhaps an uncomfortable position as the only advanced economy on the list to have no privacy legislation at all.
[36] OECD Guidelines; refer to footnote 17.
[37] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, 24 October 1995,
<http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML>.
[38] APEC Privacy Framework; refer to footnote 3.
[39] International Monetary Fund, World Economic Outlook 2008: Country Composition of WEO Groups, April 2008, <http://www.imf.org/external/pubs/ft/weo/2008/01/weodata/groups.htm>.
[40] Commission Decision 2002/2/EC of 20.12.2001 on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act, Official Journal L 2/13, 4 January.2002,
<http://eur-lex.europa.eu/LexUriServ/site/en/oj/2002/l_002/l_00220020104en00130016.pdf>.
[41] Commission Decision 2005/518/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland, Official Journal L 215/1, 25 August 2000,
<http://eur-lex.europa.eu/LexUriServ/site/en/oj/2000/l_215/l_21520000825en00010003.pdf>.
[42] Commission Decision 2000/520/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce, Official Journal L 215/7, 25 August 2000,
<http://eur-lex.europa.eu/LexUriServ/site/en/oj/2000/l_215/l_21520000825en00070047.pdf>.
print this page
sitemap
rss news feed
manage email subscriptions
