In the weeks and months to come, the international community will see the deployment of a number of new privacy initiatives. The new privacy laws are likely to have been spurned by several factors including: the need to update existing laws that are nearly 20 years old; data breaches and government leaks; and the increasing pressure to come into compliance with the privacy standards established by the European Union.
Noteworthy developments are coming from across the globe, with some of the most recent reforms coming out of Malaysia, South Africa and Ukraine.
Malaysia’s Personal Data Privacy Act came into effect last November, but a deadline requiring companies to register by February 15th is fast approaching. The PDPA will require stricter data management standards for businesses and impose large fines on those who fail to comply. This hurdle will come quickly for many small and medium-sized business owners who may not know how or have difficulty implementing the required changes. Despite the government’s efforts, there are many who are still in the dark about the Act.
Also in November, South Africa signed into law the Protection of Personal Information Act, but has yet to see an enforcement date. The Act expands on a general ‘right to privacy’ that had been established in 1996. The aims of the Act were to give effect to the constitutional right to privacy and bring South Africa into alignment with the existing data protection framework. A noteworthy provision for businesses is that much like the E.U. Safe Harbor requirements, the Act places restriction on the flow of personal data outside of South Africa.
The regulatory structure responsible for data protection in Ukraine has undergone major reform. One of the biggest changes was the abolition of the Data Protection Office and creation of the Ombudsman—an independent official appointed by the Parliament. The move brings Ukraine into line with E.U. policies on Data Protection.
Although the trend seems to be that countries are implementing policies and statutes to come into compliance with E.U. standards, the European Union is expected to vote to replace the 1995 EU Data Protection Directive (95/46/EC). Although the reform has been in the works since 2012, a vote to finalize the issue has been delayed and may not take place until 2015. Changes, initially expected to broaden data exchange between the U.S. and E.U., may have different implications for the existing Safe Harbor framework following the exposure of widespread NSA surveillance.
The expansion of privacy regulation is good news for consumers worldwide, but also important for businesses who handle personal data.
Jordan Edmondson is a Staff Editor for the Denver Journal of International Law and Policy.