Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore. Over 80 countries and independent territories, including nearly every country in Europe and many in Latin America and the Caribbean, Asia, and Africa, have now adopted comprehensive data protection laws. The

European Union The European Union (EU) is a supranational political and economic union of member states that are located primarily in Europe. The union has a total area of and an estimated total population of about 447million. The EU has often been ...

has the General Data Protection Regulation (GDPR), in force since May 25, 2018. The United States is notable for not having adopted a comprehensive information

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...

law, but rather having adopted limited sectoral laws in some areas like the California Consumer Privacy Act (CCPA). These laws are based on fair information practice guidelines developed by the U.S. Department for Health, Education and Welfare (HEW) (later renamed Department of Health & Human Services (HHS)), by a Special Advisory Committee on Automated Personal Data Systems, under the chairmanship of computer pioneer and privacy pioneer

Willis H. Ware Howard George Willis Ware (August 31, 1920 – November 22, 2013), popularly known as Willis Howard Ware was an American computer pioneer who co-developed the IAS machine that laid down the blueprint of the modern day computer in the late 20th ...

. The report submitted by the Chair to the HHS Secretary titled "Records, Computers and Rights of Citizens (07/01/1973)", proposes universal principles for the privacy and protection of consumer and citizen data: * For all data collected, there should be a stated purpose. * Information collected from an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by

consent Consent occurs when one person voluntarily agrees to the proposal or desires of another. It is a term of common speech, with specific definitions as used in such fields as the law, medicine, research, and sexual relationships. Consent as und ...

of the individual. * Records kept on an individual should be accurate and up to date. * There should be mechanisms for individuals to review data about them, to ensure accuracy. This may include periodic reporting. * Data should be deleted when it is no longer needed for the stated purpose. * Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited. * Some data is too sensitive to be collected, unless there are extreme circumstances (e.g., sexual orientation, religion).

By Jurisdiction

The German state of Hessia enacted the World's first data privacy law on 30SEP1970. In Germany the term

informational self-determination The term informational self-determination was first used in the context of a German constitutional ruling relating to personal information collected during the 1983 census. The German term is informationelle Selbstbestimmung. It is formally define ...

was first used in the context of a German constitutional ruling relating to

personal information Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The abbreviation PII is widely accepted in the United States, but the phrase it abbreviates ha ...

collected during the 1983

census A census is the procedure of systematically acquiring, recording and calculating information about the members of a given population. This term is used mostly in connection with national population and housing censuses; other common censuses in ...

Asia

China

China passed its Personal Information Protection Law in mid-2021, to go into effect November 1, 2021. Based loosely on the EU's

GDPR The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in partic ...

, it focuses heavily on

, rights of the individual, and transparency of data processing.

Philippines

In the

Philippines The Philippines (; fil, Pilipinas, links=no), officially the Republic of the Philippines ( fil, Republika ng Pilipinas, links=no), * bik, Republika kan Filipinas * ceb, Republika sa Pilipinas * cbk, República de Filipinas * hil, Republ ...

, The Data Privacy Act of 2012 mandated the creation of the National Privacy Commission that would monitor and maintain policies that involve information privacy and personal data protection in the country. Modeled after the EU Data Protection Directive and the

Asia-Pacific Economic Cooperation The Asia-Pacific Economic Cooperation (APEC ) is an inter-governmental forum for 21 member economies in the Pacific Rim that promotes free trade throughout the Asia-Pacific region.

(APEC) Privacy Framework, the independent body would ensure compliance of the country with international standards set for data protection. The law requires government and private organizations composed of at least 250 employees or those which have access to the personal and identifiable information of at least 1000 people to appoint a Data Protection Officer that would assist in regulating the management of personal information in such entities. In summary, the law identifies important points regarding the handling of personal information as follows: # Personal information must be collected for reasons that are specified, legitimate, and reasonable. # Personal information must be handled properly. Information must be kept accurate and relevant, used only for the stated purposes, and retained only for as long as reasonably needed. The law required entities to be active in ensuring that unauthorized parties do not have access to their customers’ information. # Personal information must be disposed in way that unauthorized third parties could not access the discarded data.

Europe

The right to data privacy is relatively heavily regulated and actively enforced in Europe. Article 8 of the

European Convention on Human Rights The European Convention on Human Rights (ECHR; formally the Convention for the Protection of Human Rights and Fundamental Freedoms) is an international convention to protect human rights and political freedoms in Europe. Drafted in 1950 by t ...

(ECHR) provides a right to respect for one's ''"private and family life, his home and his correspondence"'', subject to certain restrictions. The

European Court of Human Rights The European Court of Human Rights (ECHR or ECtHR), also known as the Strasbourg Court, is an international court of the Council of Europe which interprets the European Convention on Human Rights. The court hears applications alleging that a ...

has given this article a very broad interpretation in its

jurisprudence Jurisprudence, or legal theory, is the theoretical study of the propriety of law. Scholars of jurisprudence seek to explain the nature of law in its most general form and they also seek to achieve a deeper understanding of legal reasoning ...

. According to the Court's case law the collection of information by officials of the state about an individual without their consent always falls within the scope of Article 8. Thus, gathering information for the official

, recording

fingerprint A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfa ...

s and

photograph A photograph (also known as a photo, image, or picture) is an image created by light falling on a photosensitive surface, usually photographic film or an electronic image sensor, such as a CCD or a CMOS chip. Most photographs are now creat ...

s in a police register, collecting medical data or details of personal expenditures, and implementing a system of personal identification has been judged to raise data privacy issues. What also falls under "privacy-sensitive data" under the GDPR is such information as racial or ethnic origin, political opinions,

religious Religion is usually defined as a social- cultural system of designated behaviors and practices, morals, beliefs, worldviews, texts, sanctified places, prophecies, ethics, or organizations, that generally relates humanity to supernatural, ...

philosophical Philosophy (from , ) is the systematized study of general and fundamental questions, such as those about existence, reason, knowledge, values, mind, and language. Such questions are often posed as problems to be studied or resolved. Som ...

beliefs and information regarding a person's sex life or

sexual orientation Sexual orientation is an enduring pattern of romantic or sexual attraction (or a combination of these) to persons of the opposite sex or gender, the same sex or gender, or to both sexes or more than one gender. These attractions are generally ...

. Any state interference with a person's privacy is only acceptable for the Court if three conditions are fulfilled: # The interference is in accordance with the law # The interference pursues a legitimate goal # The interference is necessary in a democratic society The government is not the only entity which may pose a threat to data privacy. Other citizens, and private companies most importantly, may also engage in threatening activities, especially since the automated processing of data became widespread. The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was concluded within the Council of Europe in 1981. This convention obliges the signatories to enact legislation concerning the automatic processing of personal data, which many duly did. As all the member states of the

are also signatories of the

and the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the

European Commission The European Commission (EC) is the executive of the European Union (EU). It operates as a cabinet government, with 27 members of the Commission (informally known as "Commissioners") headed by a President. It includes an administrative body ...

was concerned that diverging data protection legislation would emerge and impede the free flow of data within the EU zone. Therefore, the European Commission decided to propose harmonizing data protection law within the EU. The resulting

Data Protection Directive The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, is a European Union directive which regulates the processing of personal data within the European Union (EU) and the free movement of such data. The Data Pro ...

was adopted by the

European Parliament The European Parliament (EP) is one of the legislative bodies of the European Union and one of its seven institutions. Together with the Council of the European Union (known as the Council and informally as the Council of Ministers), it adop ...

and ministers from national governments in 1995 and had to be transposed into national law by the end of 1998. The directive contains a number of key principles with which member states must comply. Anyone processing personal data must comply with the eight enforceable principles of good practice. They state that the data must be: # Fairly and lawfully processed. # Processed for limited purposes. # Adequate, relevant and not excessive. # Accurate. # Kept no longer than necessary. # Processed in accordance with the data subject's rights. # Secure. # Transferred only to countries with adequate protection. Personal data covers both facts and opinions about the individual. It also includes information regarding the intentions of the data con