Tag Archives: data protection laws

It took 15 years for UK to pass it's Data Protection Act

The history of data protection legislation section of this blog continues today with the story of how UK needed 15 years to transform the initiative data protection regulation into law. The process started in 1969 and ended in 1984. You will further find a detailed history of the struggle to pass this bill:

It was end sixties that the United Kingdom Parliament began to be worried by increasing computerization and its consequences for the privacy of the individual citizen. Several Members of Parliament introduced Bills, but without success. (See for example the Data Surveillance Bill 1969 by Kenneth Baker and the Personal Records (computers) bill 1969 by Lord Windlesham).

The debate in and outside Parliament only really got under way with the publication in 1970 of a report by Justice, the British section of the international Commission of Jurists, entitled Privacy and the law. The Right of Privacy Bill contained in an annex to the report was introduced into Parliament virtually unchanged as a Private Member’s Bill by Brian Walden, M.P..

The ensuing debate in the House of Commons let to the setting up of the Committee on Privacy, also known as the Younger Committee, which presented its final report in 1972.

Following on from the Younger Report, three years later the Government published a White Paper, entitled Computers and Privacy.

The need for a data protection law was recognized both by the Government and the Parliament.

To this end a Committee on Data Protection was set up under the chairmanship of Lindop. The Lindop Report was published in December 1978. It contained thorough recommendations both as to the aims to be achieved and on the substance of future data protection legislation.

Following the Lindop Report, the government published in April 1982 a new White Paper containing a proposed Bill.

The first reading of the DPA Bill took place in the House of Lords on December 21, 1982. Passage of the Bill was stopped when Parliament was dissolved on May 13, 1983. An amended version was discussed in the House of Lords on June 23, 1983. It passed to the House of Commons on November 3, of that year, returning to the House of Lords on June 29, 1984. The DPA received the Royal Assent on July 12, 1984.

The Bill did not pass through the house of Parliament without a struggle. Compared to other British statutes it had relatively long Parliamentary history. It appears from the debates that this was due in great part to the complexity of the subject-matter. Members of both Houses were regularly perplexed by the technical subject matter of the Bill and the complexity of its structure.

Source: A.C.M. Nugter, Transborder Flow of Personal Data within the EC, Springer, Netherlands, 1990 (p. 107 – 109)

You can find the book here: Transborder Flow of Personal Data Within the EC (Computer/law series)

Advertisements

DP history: Which was the first country to adopt a Data protection law?

Why did governments and legislatures thought that the personal information collected by different entities should be protected? When did they discover the society needs such regulations?

I will try to answer these questions in my new category “DP history”. I keep reposting news about countries which pass for the first time data protection legislation. But how about the ones that first discovered this need in their societies? So, I figured I should provide valuable information in this regard also.

I will start by answering the question “Which was the first country to adopt a Data Protection law?”.

The answer is Germany. Well, Germany was a “door opener” not only in nation-wide data protection regulation, but also in data protection law in general, as its land of Hesse adopted the first ever law with regard to the protection of personal data in 1970.

However, I will write today a few facts about the Federal law on the protection of personal data adopted by the German Parliament: Bundesdatenschutzgesetz.

It was as early as 1969 that the German Parliament requested the Government “to introduce without delay a statute regulating the computerized processing of personal information.”

The first draft of the Bill appeared in 1973, but it was not until November 10, 1976 that the Bundestag approved the Act on the Protection against the Misuse of Personal Data in Data Processing. The President of the Republic signed the definitive version on January 1, 1977.

However, in the intervening period a number of lander (German states) had passed laws on the protection of personal data as far as public bodies were concerned.

The Federal Act covers processing of personal data at Federal Level, at Land level to the extent that no Land regulation exists, and also data in the private sector.

So, it took about 8 years to transform the recognized need of protection personal data into law. But you will see tomorrow that in one European country it took 15 years! Why do you think such legislation was so problematic to be passed?

Source: A.C.M. Nugter, Transborder Flow of Personal Data within the EC, Springer, Olanda, 1990. You can find the book here:

Transborder Flow of Personal Data Within the EC (Computer/law series)

Way to go Jamaica! The first data protection act, to be enforced this year

Jamaica will soon join the club!

At least this is what Latonya Linton writes here http://www.jis.gov.jm/news/111-energy-mining/31463-data-protection-law-to-be-promulgated-this-year :

“Minister of State in the Ministry of Science, Technology, Energy and Mining, Hon. Julian Robinson, has informed that the Data Protection Act will be promulgated within this financial year.

Making his contribution to the 2012/13 Sectoral Debate in the House of Representative on July 31, Mr. Robinson said the Data Protection Act will seek to protect the privacy of individuals in relation to personal data and the regulation of the collection, processing, keeping, use and disclosure of certain information relating to individuals.

“There was a need for more uniform, robust and clear mandate to protect privacy and personal information,” Mr. Robinson said.

The State Minister also informed that the Government will be establishing a single Information and Communication Technology (ICT) Regulator within the next financial year (2013/14).”

What's new in research – Global Data Privacy Laws: 89 Countries, and Accelerating

Graham Greenleaf (Faculty of Law, University of New South Wales) published recently a research paper titled “Global Data Privacy Laws: 89 Countries, and Accelerating”, in which he analyzes the fast pace of legislating data protection around the world.

Here’s the abstract:

“It is almost forty years since Sweden’s Data Act 1973 was the first comprehensive national data privacy law, and was the first to implement what we can now recognize as a basic set of data protection principles. How many countries now have data protection laws? This article surveys the forty years since then of global development of data privacy laws to the start of 2012. It expands and updates ‘Global data privacy laws: Accelerating after 40 years’ ((2011) Privacy Laws & Business International Report, Issue 112, 11‐17) which showed that at least 76 countries had enacted data privacy laws by mid‐2011. Six months later, further investigation shows that there are at least 89 countries with such laws. The picture that emerges is that data privacy laws are spreading globally, and their number and geographical diversity accelerating since 2000.

There are some surprising inclusions, and some illuminating trends in the expansion of these laws. The total number of new data privacy laws globally, viewed by decade, shows that their growth is accelerating, not merely expanding linearly: 8 (1970s), 13 (1980s), 21 (1990s), 35 (2000s) and 12 (2 years of the 2010s), giving the total of 89. In the first two years of this decade 11 new laws have been enacted (Faroe Islands, Malaysia, Mexico, India, Peru, Ukraine, Angola, Trinidad & Tobago, Vietnam, Costa Rica, Gabon and St Lucia) and the Russian law came into force, making this the most intensive period of data protection developments in the last 40 years.”

You can find the whole paper on the Social Science Research Network, HERE.