It’s incredible how fast data protection laws spread in the whole world. The most impressive part is how much they look alike… Recently, Angola passed a personal data protection law. It’s main characteristics are:
- The law establishes a Data Protection Agency and sets forth data processing principles, including transparency, lawfulness, proportionality, purpose, accuracy and length of retention period.
- The Data Protection Agency must approve international data transfers to countries that do not ensure an adequate level of protection, and data controllers must notify the Agency of personal data transfers to adequate countries.
- Processing personal data is permitted only with (1) the express consent of the data subject, and (2) notification to the Data Protection Agency. Additional restrictions apply to the processing of sensitive data (which includes genetic data), credit and solvency data, video surveillance data and phone call recordings.
- Data subjects may restrict the use of their personal data for certain postal mail and electronic advertising purposes.
- Data subjects have the right to access, object to, rectify, update and delete their personal data.
These guidelines are also encompassed in European data protection laws, starting with the Data Protection Directive 95/46.
On October 7, 2011, the Constitutional Court of Colombia approved a landmark omnibus data protection law. According to its press release, the Court approved almost all provisions in the legislation, known as Ley estatutaria No. 184/ 10 Senado, 046/10 Cámara, but it took issue with Article 27 (which addresses the government’s processing of certain data), Article 29 (which addresses the expunging of certain criminal records) and Articles 30 and 31 (which both address intelligence and counterintelligence databases). Many of the remaining provisions reflect a strong European influence.
I’m starting to believe that regulating data protection is the ultimate trend in the legislative process around the world, as data protection laws appear where there were no regulations in this field, and amendments to data protection laws also appear where such regulations existed. I think we can talk about a phenomenon called “global law in motion”.
PS: I guess you can tell I’m happy with the theme of my thesis 😉