Anyone who deals with global privacy issues on a regular basis knows how useful it can be to have a “one-stop” source of information on the data privacy laws of various countries. Although we should hesitate to rely too heavily on secondary sources for an analysis of a particular country’s privacy laws, it can be incredibly valuable to have a high-level overview, if only to better equip ourselves to ask the right questions when consulting local experts or to know what to look for when reviewing the laws themselves.
Attendees at the IAPP’s Global Privacy Summit are likely familiar with Baker & McKenzie’s excellent—and complimentary—Global Privacy Handbook, published in conjunction with the IAPP. Several other law firms, including DLA Piper and Morrison Foerster, make available online surveys of international data protection laws.
Covington & Burling entered this rather crowded field two years ago with Data Protection & Privacy and has just issued an updated second edition. I’ve been perusing this new edition for the past few weeks, and I’m finding it to be an incredibly useful tome to have at my elbow. (The fact that the pages of my copy are already getting dog-eared attests to its value.)
Data Protection & Privacy covers 38 jurisdictions—eight more than the first edition. Each chapter, focused on a particular country, is written by a leading local data protection expert. In addition, there is a chapter contributed by the European Commission’s data protection officer as well as regional summaries covering the Asia-Pacific and Latin America.
The book is cleverly arranged. All of the country-by-country surveys are structured identically, allowing for ready cross-jurisdiction comparisons. Some of the features I found particularly valuable:
- Description of the data protection authority in each jurisdiction, including its roles, powers and priorities;
- Restrictions on international data transfers and what exceptions are available;
- Rules applicable to specific sectors, including employment, health, finance and telecommunications, among others;
- Data breach notification requirements;
- Overview of cybersecurity laws;
- Coverage of hot topics in data privacy such as big data, mobile apps, cloud computing, privacy impact assessments and BYOD, and
- Discussion of pending legislation, which provides a sense of what legal changes may be coming down the pike.
Covington recruited several data protection luminaries to write forwards for the volume, including Article 29 Working Party Chairwoman and CNIL President Isabelle Falque-Pierrotin, California Attorney General Kamala Harris, Hielke Hijmans of the EDPS and Jean Gonié of Microsoft.
Gonié notes that the adoption of privacy laws around the world has accelerated from laws in fewer than 10 jurisdictions in the 1970s to more than 100 today, which certainly underscores the need for a book like Data Protection & Privacy.
I do have a couple of quibbles.
First, while Covington naturally had to make judgment calls in deciding which countries to include in the survey and which to exclude, I wish it had included Korea, which arguably has the strictest data protection laws in Asia, and New Zealand, the latest country to be recognized as providing “adequate protection” by the European Commission, over countries such as Estonia and Slovenia. Second, I would have appreciated more frequent citations to the specific laws or regulatory guidance underlying the summaries to make it easier for me to check out the primary sources myself.
Despite these minor limitations, this is a book you’ll be glad to have available as a starting point for navigating complex global privacy laws and conducting quick comparisons between various legal regimes.
If you want to comment on this post, you need to login.