2 February 2021
The number of data privacy laws around the world has skyrocketed in recent years. As of January 2021, 133 jurisdictions around the world have enacted omnibus data privacy laws; 102 of those laws [1] are in jurisdictions outside the European Economic Area (EEA). [2] Sixty of these laws were enacted in the past 10 years and half of those within the past five years. In the next couple of years alone, we may see as many as 12 or more new or updated laws enacted or introduced into national legislatures.
One-third of the laws outside the EEA are in the Africa and the Near East region (34) while the rest of the laws are distributed relatively equally among the Americas (25), Europe/Eurasia (24), and Asia‑Pacific (19). While most of these laws share the same core data protection principles, they each have their own specific rules that differ from each other and make it challenging for companies to develop global or regional privacy compliance approaches.
These four insights provide an overview of global privacy for 2021:
-
A One Size Fits All Approach Doesn't Work for Europe and Eurasia
-
Out of Africa (and the Near East): Privacy Rules Come at Rapid Pace
-
Assessing the Current and Future Privacy Landscape in the Americas
Click the image to enlarge
Venantius Tan, Partner, Morrison Foerster
vtan@mofo.com
[1] This includes three jurisdictions (China, India, and Indonesia) that have de facto national privacy laws and one jurisdiction (the United Arab Emirates) that has omnibus privacy laws applicable to their two free trade zones.
[2] With the departure of the United Kingdom from the European Union (EU) in January 2020, there are now 30 Member States of the EEA: the current 27 EU Member States (Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Italy, Ireland, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Spain, Slovakia, Slovenia, and Sweden), Iceland, Liechtenstein, and Norway. The EU General Data Protection Regulation (GDPR) applies in all EEA countries. Effective January 1, 2021, the UK has agreed to maintain its current General Data Protection Regulation (GDPR) data protection rules for up to six months (until June 30, 2021) under the terms of the Trade and Cooperation Agreement reached between the EU and the UK. Therefore, we are still grouping the UK together with the EEA Member States in this article for the purpose of distinguishing between jurisdictions covered by the GDPR and those that are not.