Data & Legal: what are the data regulations around the world?
Data protection has become a major issue for businesses and organizations around the world. With the rise of digital technology and the increasing collection of personal data, it is essential to understand the regulations that govern the collection, processing and protection of this data. In this article, we'll explore the main data regulations and their impact on businesses.
1. General Regulations on the Protection of Personal Data (GDPR)
The GDPR is a European regulation that aims to protect the personal data of individuals within the European Union (EU). Adopted in 2016 and entered into force in May 2018, the GDPR establishes a legal framework for the processing of personal data, imposing strict obligations on companies that collect, process and store this data. The main provisions of the GDPR include the explicit consent of individuals for the processing of their data, the right to erasure of data ("right to be forgotten"), and severe sanctions for non-compliance with the rules.
2. California Consumer Privacy Act (CCPA)
The CCPA is a California law that aims to protect consumers' personal data in California. Coming into force in January 2020, this law grants California consumers certain rights regarding their personal data, such as the right to access their data, the right to delete it, and the right to prohibit its sale to third parties. The CCPA applies to businesses that operate in California and meet certain size or income criteria.
3. Personal Data Protection Act (LGPD)
The LGPD is a Brazilian law that regulates the collection, processing and storage of personal data in Brazil. Entered into place in September 2020, this law is largely inspired by the European GDPR and aims to strengthen the protection of individual data in Brazil. The LGPD requires Brazilian companies to respect fundamental principles regarding data processing, such as transparency, purpose, data minimization and security.
4. New Data Protection Act (nLPD)
Switzerland is adopting new legislation to better protect personal data. Businesses across the country must comply from September 1, 2023. Companies that had already complied with the EU General Data Protection Regulation (GDPR) will have few changes to make.
5. Other data protection laws in the United States
- The CPRA (California Privacy Rights Act) strengthens the CCPA by adding the right to limit the use of personal data, the right of rectification, the right of access and the right of withdrawal. The CPRA created a new regulatory body, the CPPA (California Privacy Protection Agency), responsible for enforcing the data protection rights of California residents.
- The VCDPA (Virginia Consumer Data Privacy Act) came into force on January 1, 2023. This law applies to public and private organizations that control and process specific volumes of personal data.
- The CPA (Colorado Privacy Act) will take effect July 1, 2023, providing Colorado residents with the opportunity to opt out of processing their personal data for targeted advertising or sales purposes.
- The CDPA (Connecticut Data Privacy Act) will be effective from July 1, 2023. It gives Connecticut consumers options regarding the collection of their personal data by companies operating in the state.
- L’UCPA (Utah Consumer Privacy Act) will take effect on December 31, 2023. This law takes a more business-friendly approach, applying only to companies with annual sales of at least $25 million and imposing less stringent requirements, such as no requirement for assessments of data protection for certain types of processing.
- Last year, lawmakers in nearly 30 other states considered proposed laws offering varying levels of consumer privacy protections. Some of these bills could be reintroduced during the 2023 legislative sessions, in addition to new bills in preparation.
6. Other data protection laws around the world
- The PIPEDA (Personal Information Protection and Electronic Documents Act) is Canada's federal privacy law, which regulates how private sector organizations collect, use and disclose personal information in the course of commercial activities.
- There Bill C-27 (Digital Charter Implementation Act) was introduced by the Canadian federal government in June 2022. It includes three proposed laws: the CPPA (Consumer Privacy Protection Act), the PIDPTA (Personal Information and Data Protection Tribunal Act) and l’AIDA (Artificial Intelligence and Data Act), covering consumer privacy, data protection and AI systems.
- The PIPL (Personal Information Protection Law) is China's first comprehensive law to regulate online data and protect the personal information of Chinese consumers. Entered into force in November 2021, on PIPL requires consent as the primary basis for data collection and processing, restricts cross-border data transfers, and imposes severe revenue-based fines for non-compliance.
- The POPIA (Protection of Personal Information Act) is South Africa's data protection law, aimed at protecting the personally identifiable information (PII) of South African citizens.
Conclusion
Data protection has become a major concern for businesses around the world, due to the growing importance of personal data in the digital economy. Data regulations aim to protect the privacy and rights of individuals by regulating the collection, processing and protection of personal data. It is essential for businesses to comply with these regulations to avoid sanctions and risks associated with violating individual privacy.
