Data security has become a requirement for any public or private entity, from governments, businesses, and organizations. Even your personal computer at home also needs data protection. No matter the size, every organization and individual should recognize the basic protection measures in securing online and offline data.
Every year on the 28th day of January, Canada, the U.S., and Israel, along with 47 countries in Europe, celebrate Data Privacy Day. This momentous event in history serves to raise awareness of the importance of preserving online privacy. This educational initiative aims to spark discussions among businesses and individuals to strengthen their effort to enable trust, secure data, and respect privacy.
But before many nations observe Data Privacy Day, data protection laws have been around longer than you might imagine. These data security initiatives revolve around implementing data protection plans, from Cybersecurity Maturity Model Certification (CMMC), firewalls, access controls, data encryption, and other data security practices and policies.
But before all these efforts began, how did data privacy laws turn into a “thing”? Continue reading as we explore the history of data privacy acts.
The 1970s — The beginning of data privacy laws
Data privacy law initiatives began in Hesse, Germany. Lawmakers established the first modern law concerning data privacy in response to worsening concerns on computing privacy and advancements, especially in processing personal data. By 1973, Sweden enacted the first privacy law, entitled Data Act. The law seeks to criminalize data theft and provide data subjects with the freedom to access important records.
Five years later, Germany passed the Federal Data Protection Act, which establishes data security levels, such as providing consent before processing private data. The following year, plenty of EU countries included data privacy laws into the legislation as a part of an individual’s fundamental rights.
By the early 1980s, the Organization for Economic Cooperation and Development presented data protection guidelines, stating the increasing use of computing devices for processing business transactions. A year later, the Council of Europe created Treaty 108 or the Data Protection Convention, manifesting the right to privacy as a legal imperative.
The 1980s — Important milestones in data privacy
In 1983, Germany made a significant milestone in data privacy. The German Federal Constitutional Court reaches an important decision in a momentous case concerning the intrusive nature of the national census. The court states that citizens should observe their right to self-determination when giving out personal data. As a ruling, the Right of Informational Self-Determination establishes that everyone deserves protection against unlimited disclosure, collection, use, and storage of personal data.
Fast forward to 1995, computing technologies rapidly advanced along with the widespread flow of online information. In that same year, the European passed the Data Protection Directive, establishing standards on personal data protection among member states and protecting rights involving personal data movement between EU nations.
Through the directive, citizens obtain their access to supervisory authorities and the right to access, while data gets transferred beyond the EU as long as there is sufficient protection. It also highlighted technological advances and introduced new terms, such as consent, sensitive personal data, and processing. But the European Union implemented the law differently in every EU nation, resulting in oversight and the lack of stronger laws in some states.
The 2000s — Modern laws in data privacy
In 2000, the U.S. and the European Union established the Safe Harbor Arrangement, a set of standards concerning different data protection laws between EU states and the U.S. to better facilitate information flow between two regions. By 2015, the European Court of justice invalidated the arrangement because, according to U.S. law, agencies in U.S. intelligence had unlimited data access among EU citizens. By 2016, the Safe Harbor Arrangement was replaced by the EU-US Privacy Shield, but its plans remain in question.
In the U.S., there has been plenty of data privacy violations despite legislation governing health and financial information. In fact, there was no concrete federal legislation protecting the citizen’s personal data. To settle data protection concerns, the government proposed a bill in 2009 increasing personal data protection by government agencies and companies, setting data sharing restrictions, and criminalizing data security violations and identity theft. Unfortunately, the state never passed the bill.
As cybersecurity scandals and data breaches continue to soar, companies worldwide strengthen their efforts in updating security protocols and measures. These initiatives led to the largest standards of data privacy legislation. Their purpose is to create a set of strict rules concerning affirmative concern, timely and comprehensive notifications in a data breach, fines for violating data privacy, and more.
The European Union’s data privacy laws have been regarded as an excellent standard worldwide. Over the past years, these laws helped every organization create, implement, and maintain a comprehensive data protection plan. Accordingly, data privacy should remain an essential element in every organization’s risk management analysis and strategic planning.
