These reports describe the data protection laws of the European Union and of Australia, Canada, France, Germany, Israel, Italy, Japan, Netherlands, Portugal, Spain, Sweden, and the United Kingdom. They describe the legal framework for the collection, use, and transfer of data, and examine whether existing laws are adequate to deal with online privacy in an era of rapid technological development and globalization.
European Union Report (June 2012; updated May 2014) (PDF, 535KB).
Foreign Countries Report (June 2012) (PDF, 2.48MB).
The right to data protection and the right to privacy are two distinct human rights recognized by the European Union. This report discusses the draft regulation, including the introduction of two distinct rights: the right to portability and the right to be forgotten.
The federal Privacy Act 1988 of Australia provides the framework for the protection of personal information in the online context. The law sets out a principle-based approach that can be tailored to apply to different situations. Major privacy reforms are begin considered
In Canada, personal data protection is primarily regulated on the federal level, but existing provincial-level statutes may take precedence over the federal law. The federal act has attracted criticism due to its weak oversight and enforcement mechanisms and its general nature.
In France, data subjects have been given the right to consent (for their data to be collected), the right to be informed, the right to object, the right of access, the right to correct and delete information, and the right to be forgotten.
In Germany, data protection has constitutional dimensions that flow from the guarantees of human dignity and personhood. German law prohibits the collection and use of data without informed consent.
Online privacy protection in Israel is based on the constitutional right to privacy and requires a person’s informed consent before data storage, involves transparency in information collection and storage, and supports the right to request the removal or blockage of information.
Italy governs all types of data processing, and generally prohibits the collection, storage, and use of personal data, unless the data subject has given his or her prior informed consent. Italy guarantees the rights to object to the processing of data and to obtain the updating, correction, integration, or erasure of such data.
In Japan, a general law on protecting personal information establishes basic rules of online privacy. Data subjects can request disclosure of their information held by business operators and businesses self-regulate as there is no data protection agency.
The processing of any personal data in the Netherlands requires the data subjects’ unambiguous consent; certain types of personal data may not be processed, however. Internet service providers have an obligation to protect the privacy of users and subscribers.
Constitutional principles guarantee the protection of personal data in Portugal. The Constitution determines that the law must establish effective guarantees against the acquisition and abusive use, or use that is contrary to human dignity, of information concerning individuals and families.
Spain’s data protection agency has been very active and responsive to citizens’ complaints and imposes heavy fines on violators of data protection laws. Spain has some of the strictest legislation on personal data protection among the EU countries.
Swedish legislation focuses primarily on protecting integrity and regulating the use of personal data by the government or private users without consent, rather than on private companies. Even if consent is given for the use of personal information, this consent may be revoked at any time.
Data protection legislation in the UK aims to protect the rights of individuals to ensure that their personal information remains private and secure. It provides individuals with a number of rights, including a right to access information and correct any errors.
Last Updated: 06/05/2015