Recently, WhatsApp courted controversy for making changes in its privacy policy. The one significant upside of the whole episode was the rightful outcry from a considerable section of people who vehemently opposed the tech company’s overreach.

The Data Privacy Day, observed on January 28, aims to raise awareness among individuals and organisations on the importance of privacy and its continued protection.

The world has come a long way in terms of how data privacy is looked at since the first Data Privacy Day in 2007. Many countries now have formulated policies and rules around data privacy.

Data Privacy Around The World

Source: United Nations

As per the statistics from the United Nations (UN), 128 out of 194 countries have legislation to ensure data protection.

Leading the pack in terms of stringency is the European Union’s privacy regulation called the General Data Protection Regulation. GDPR came into force in 2018 and has since inspired similar laws worldwide, including in Thailand, Brazil, the UK, and South Korea. GDPR deals with the data subject’s rights, duties of data controllers, supervisory authorities, remedies, liabilities and penalties, transfer of personal data to third parties etc. Thanks to an airtight GDPR, WhatsApp’s policy changes were not applicable in the European Union.

Iceland has often been referred to as ‘Switzerland of data’. The Nordic Island country’s Data Protection Act of 2000 stands steadfast on the condition of ‘unambiguous and informed consent’ for harvesting individual data. 

The Chilean government amended the country’s Constitution in 2018 to make data privacy a human right. 

China’s first draft of the Personal Information Protection Law was made available for public comment recently. The draft brings together existing privacy laws under one umbrella. Further, it adds to the protection of personal data in China, with provisions for steep fines, extraterritorial applicability, deployment of data protection officers etc.

Even after the Cambridge Analytica scandal, the US still doesn’t have any Federal laws governing data protection. However, there are privacy rules in states, of which the California Consumer Privacy Act (CCPA), modelled after GDPR, is the most notable.

India & Data Privacy

The Personal Data Protection Bill was introduced in the Indian Parliament in 2019. The idea was to build a system for personal data protection and set conditions for access by the public and private organisations. The bill contains expansive rules on collection, storage, and handling of personal data and outlines the punishments and compensation for breaches. However, almost two years later, the bill is yet to become an Act.

The bill has also faced criticism. Justice BN Srikrishna, who chaired the drafting committee of the first PDP draft bill in 2017, criticised the revised version of 2019. He called it an attempt to turn the country into an ‘Orwellian State’, by exempting government bodies from data access restrictions.

The PDP Bill is expected to be tabled before the Parliament this year. 

Partly because of the absence of concrete data protection laws, the Indian government faced several run-ins with private players such as Facebook and Cambridge Analytica. The good news, however, is that there is heightened awareness of privacy rights than ever before.

“India desperately needs a strong data protection policy. Particularly the one which protects individuals’ data from all actors–public or private. It will need an independent enforcement body, vested with enough power and authority to ensure that such a policy is implemented in letter and spirit, with a clear goal of safeguarding the rights of citizen. It is also important to educate people about the value of their data,” says Aparna Ashok, AI Ethics researcher and founder of EthicsSprint.