No lawyer nor privacy professional can be unaware of the EU General Data Protection Regulation (GDPR) and the gold standard that it has set on data protection as a core compliance requirement.
GDPR is now influencing laws in other parts of the world and there are an increasing number of new laws in the wings that copy aspects of GDPR.
California has recently announced a GDPR style law, The California Consumer Privacy Act of 2018, and Brazil, Bahrain, India, Kenya and South Africa are all implementing similar legislation granting enhanced rights to individuals and holding businesses more accountable
It is no surprise that legislators are bringing in laws and regulations that give greater power to individuals over their personal data given the tradeable value in personal information and the increasing use of technology to profile individuals and their habits in the digital world.
Whilst GDPR seems to set the standard, we should not forget that history plays a large part in the spread of privacy laws given that countries like France, Spain, Portugal and the British Isles have been so influential in other parts of the world for hundreds of years.
The Data Protection laws in South Africa, the Middle East, Canada and much of Asia are heavily influenced as a result of the British Commonwealth and former British rule.
It is no surprise that the new Brazilian law looks similar to the Portuguese data protection law and equally that the laws in other parts of South America are based on Spanish data protection law. Similarly data protection laws in North Africa and in certain parts of Asia are heavily influenced by French privacy principles.
Global data protection principles are also based upon the OECD Guidelines on Data Protection which were first published in 1980 and then updated in 2013 and which contain fair processing principals and guidance in international data transfers which have influenced data protection laws around the world including the US Safe Harbor programme and Privacy Shield.
In addition the Council of Europe Convention 108 is yet another international accord that has countries such as Russia and Mauritius as members and which again encapsulates guiding principles on the protection of personal data, very much in line with GDPR.
The result of the globalisation of data protection rules must mean that multinationals are more likely to adopt a more “one size fits all’ approach and it would seem that right now the GDPR coupled with the new law in California is going to set the standard.