Have you ever wondered how and when Data Privacy Day became a "thing"? Known as Data Protection Day in Europe, the holiday is celebrated in the U.S. Canada, Israel and 27 countries in the EU.  

The initiative to set aside one day to observe data privacy began in Europe after polling showed European citizens did not fully understand their data protection rights. In 2007, the Council of Europe, along with the support of the European Commission, held the first Data Protection Day Jan. 28. That date is significant as it marks the day the Council of Europe opened the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) in 1981. Commemorating it aims to encourage citizens to become more aware of personal data protection, as well as their rights and responsibilities.  

US follows suit 

Prior to 2009, Data Privacy Day was not observed in the U.S. By contrast, privacy’s conceptual sibling, "freedom of information," is observed March 16, the birthdate of James Madison, who is regarded as the father of the Constitution and the foremost advocate for openness in government (the Freedom of Information Act was enacted July 4, 1966). In that case, each year, groups such as the American Library Association observe Freedom of Information Day and present awards to recognize those individuals or groups that have championed, protected and promoted public access to government information and the public’s right to know.

It was not until 2009, when Rep. David Price, D-N.C., took notice of the EU’s Data Protection Day and introduced House Resolution 31 that Jan. 28 was to be declared National Data Privacy Day. The resolution passed by a unanimous vote of 402–0, encouraging:

  • State and local governments to promote data privacy awareness.
  • Privacy professionals and educators to discuss data privacy and protection issues with teens in high schools.
  • Individuals to be aware of data privacy concerns and take steps to protect their personal information online.

Two days later, the U.S. Senate passed a nearly identical resolution. The only noticeable difference between the resolutions is that the Senate version recognized National Data Privacy Day for only 2009, while the House of Representatives version recognized the date indefinitely. Neither resolution acknowledges the shared date with the European Convention 108 nor U.S. Privacy Act.  

Asia-Pacific's celebration

By contrast, the Asia-Pacific region's privacy authorities host Privacy Awareness Week during the month of May. The event, aimed at promoting privacy awareness across the Asia-Pacific region, was initiated by the Privacy Authority of Victoria in 2001. In 2006, it developed into an annual event, initially held during the last week of August. However, in 2009, with the involvement of Canada and South Korea, it was moved to May.

Reconciling global calendars: It ain't easy 

One of the biggest challenges is reconciling observance of Data Privacy Day in the Northern and Southern hemispheres. Jan. 28 is the height of the summer in the Southern Hemisphere and the middle of the summer holidays. So observing then would be problematic there.

The Global Privacy Assembly considered how they might reconcile calendars and speak globally with one voice. In October 2008, at the 30th International Conference of Data Protection and Privacy Commissioners, the group passed a resolution to explore establishing an International Privacy/Data Protection Day. The resolution called for the group to:

  • Work toward designating a day on which privacy and data protection are celebrated and promoted each year on a global basis.
  • Establish a working party to identify a suitable day and explore related issues, with a special direction to the working party to reach out to other international stakeholders having an interest in promoting privacy and data protection.
  • Receive a report from the working party at the 31st ICDPPC with a recommended day and suggestions for effectively promoting data protection and privacy.

In addition, the resolution proposed a working group, which Australia offered to coordinate.

In 2009, the Australian Working Group formed conducting extensive polling from data protection authorities around the world, and their findings supported celebrating privacy the fourth week in October as the best week to recognize data privacy globally. The group provided conflicting feedback:

  • The Swiss representatives opposed the suggested resolution, noting Jan. 28 was already consolidated in Europe and there was already a tradition of carrying out activities not only among the European data protection authorities, but also by industry.
  • The U.K. supported the resolution, seeking more flexibility from the continental Europeans.
  • Denmark favored Australia's resolution.
  • The Council of Europe’s opinion said it was necessary to conserve Jan. 28, as it is the anniversary of the approval of Convention 108.
  • Italy’s view was that it was useful to establish an international week but expressed the opinion that it should be the last week of January.
  • Luxembourg sought to continue the discussion at the next conference.
  • The representative from Ontario concluded it might be better to establish two different days.

Australia was forced to concede that having two different days would frustrate the purpose of the group. Given the division between the members of the conference, no vote was held on this resolution.

Without a reconciliation of regional data privacy calendars, different regions continue to mark data privacy during two different occasions. Europe and North America continue to observe Jan. 28, and the Asia-Pacific region continues to mark the occasion in May. If global privacy authorities could not agree on a single data privacy date, it may be a symbolic lesson in how challenging it is to create a global privacy framework. 

Happy Data Privacy Day — whenever you celebrate it.

Photo by Jason Leung on Unsplash