...

WhatConvention.org

International legal search engine

861 conventions multilatérales en droit de l'Environnement, droits de l'Homme, droit Humanitaire et droit de la Mer

Introduction to Privacy and Data Law

Data law applies to all sorts of data processing, from personal data protection to artificial intelligence, financial transactions, and cybersecurity.

Privacy and Data Protection

In the context of Data Law, Privacy and Personal Data Protection play an important role. They are commonly recognised as two complementary but distinct rights. The right to privacy, private life, and private communications is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). It aims at protecting individuals against intrusion by third parties in their private life. Data protection is aimed at protecting personal data and ensuring the fair processing (collection, use, storage) of any information relating to an identified or identifiable natural person (data subject). Personal data protection continues to apply to data that have been voluntarily disclosed. Both set of rights complement each other and partially overlap.

Institutional oversight

In many countries, compliance with privacy and data protection law is overseen by independent supervisory or regulatory authorities. As established in the Council of Europe (CoE) Convention for the Protection of Individuals with regard to the processing of personal data (Convention 108+) the powers and duties of such an authority may include:

PRIVACY PRINCIPLES

Privacy Principles are specified in several instruments, including Convention 108+ of the Council of Europe and the OECD Privacy Principles.

DATA PROTECTION PRINCIPLES

Building upon the existing principles, the General Data Protection Regulation (GDPR), constitutes an important example of a comprehensive regulation of data protection and privacy, setting a new threshold for international good practices. Article 5 of the GDPR, enshrines the core data protection principles, requiring that personal data shall be:

DATA TRANSFER: INTERNATIONAL CERTIFICATION FRAMEWORKS

The Global Cross-Border Privacy Rules (CBPR) System

The Global Cross-Border Privacy Rules (CBPR) System is an international certification framework designed to facilitate secure and responsible data transfers across different jurisdictions. Established to build on the APEC CBPR System, the Global CBPR aims to create an interoperable data protection standard that accommodates diverse regulatory approaches while ensuring high standards of data privacy. The system is voluntary and relies on Accountability Agents to certify that organizations' privacy policies meet the established requirements. Participating economies include the United States, Canada, Japan, South Korea, the Philippines, Singapore, and Chinese Taipei, among others. This framework helps enhance consumer trust and supports global data flows critical for business operations and innovation.

EU-US Data Privacy Framework

The EU-U.S. Data Privacy Framework ensures the secure transfer of personal data between the EU and the U.S. by addressing concerns from the Schrems II decision. It includes binding privacy obligations for U.S. companies, limits U.S. government access to what is necessary and proportionate, and introduces a Data Protection Review Court (DPRC) for EU individuals to seek redress. This framework provides a reviewed and strengthened mechanism for data protection which seeks to be comparable to EU standards and is subject to periodic reviews to ensure ongoing compliance and effectiveness.

Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) System

The APEC CBPR System was developed by APEC economies to protect personal information and facilitate data flows across the region. This system aims to harmonize privacy protections across member economies, thus reducing barriers to cross-border data flows and supporting global trade. By implementing data privacy regulations and policies consistent with the APEC Privacy Framework, businesses can gain certification that demonstrates their commitment towards privacy protection while promoting the harmonization of differing national privacy laws within the APEC jurisdictions.

Standardisation Organizations

CYBERSECURITY LAW

Cybersecurity law encompasses a range of regulations, standards, and guidelines aimed at protecting information systems, networks, and data from cyber threats and attacks. These laws are designed to ensure the confidentiality, integrity, and availability of information.

Examples of cybersecurity laws

TELECOMMUNICATIONS LAW

Telecommunications laws are essential for managing the complex landscape of modern communication technologies. They ensure that telecommunications services are delivered efficiently, competitively, and fairly, protecting both consumers and service providers. These laws cover a wide range of issues, including licensing, spectrum management, consumer protection, and data privacy, adapting to technological advancements and changing market dynamics. By implementing robust telecommunications regulations, governments aim to foster innovation, expand service access, and safeguard the rights of all stakeholders in the telecommunications ecosystem.