Since the IAPP last published a privacy casebook in 2011, new data protection laws have been adopted by countries around the world, resulting in a significant uptick in privacy enforcement actions globally. Although by no means exhaustive, this casebook presents noteworthy privacy cases from around the world. These cases offer organizations insights into regulators’ priorities and expectations, which can inform the development of privacy programs that align with them.
The casebook is organized by geographic region. Prior to presenting cases in a particular region or country, a brief overview of key laws and regulators is provided to assist the reader in understanding the legal landscape in which the cases were brought. While countries have adopted different legal frameworks and approaches to regulating the collection, use, storage and flow of personal information, all are largely based on the same overarching fair information practice principles: (1) collection limitation; (2) data quality; (3) purpose specification; (4) use limitation; (5) security safeguards; (6) openness; (7) individual participation; and, (8) accountability.
Each case presented is tagged with one or two FIPPs to serve as an organizing principle (see index) and highlight the commonalities that cross borders, laws, frameworks and regimes. As widely accepted principles, relevant FIPPs are identified to assist organizations in analyzing privacy risks across jurisdictions and identifying suitable mitigation strategies.
The cases and laws presented here are summarized to capture the important elements for a practicing privacy professional. This casebook does not offer legal advice and is intended to be used for informational purposes only. Given the rapidly evolving legal and technological environment, it is important
All IAPP textbooks can be found in the IAPP Store.