Data Privacy Day Around the World on Data Privacy Day: January 28, 2022
Friday, January 28, 2022
Global Data Privacy and Protection on Data Privacy Day
Print Mail Download i

By 2023, 65 percent of the world’s population will have its personal data covered under modern privacy regulations, up from 10 percent in 2021, according to a technology and consulting company. In light of this, 2022 will see regions such as the Asia Pacific region, Europe, the Middle East, and the United States introducing new data privacy and protection laws.

In celebration of Data Privacy Day, we are highlighting some of these laws as well as some global data privacy and protection questions, expectations, and trends that lie ahead in 2022.

Without further ado, below are some of the privacy laws from around the world that we anticipate will go into effect in 2022 or that recently went into effect.

Australia

2022 will see draft anti-trolling legislation, renewal of the Privacy Act 1988, and the introduction of the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 to Parliament.

China

2022 will see numerous national-level and local-level laws regulating the processing of data and personal information, many of which have a cross-border element (e.g., the Administrative Regulations on Network Data Security and the Measures for Security Assessment of Cross-Border Data Transfer).

Germany

2022 welcomed Article 327q of the German Civil Code, which went into effect on January 1, 2022. Article 327q enhances consumer personal data protections.

India

2022 will likely see the passage of India’s Personal Data Protection Bill, 2019, which will cover both personal and nonpersonal data.

Ireland

2022 will see the commencement of the final sections of the Data Sharing and Governance Act 2019.

Israel

In 2022, two amendments to the Protection of Privacy Law, 5741-1981 may be enacted.

Japan

On April 1, 2022, amendments to the Act on the Protection of Personal Information will go into effect.

Qatar

On May 21, 2022, the Data Protection Regulations 2021 and the Data Protection Rules 2021 will take effect.

South Korea

2022 will likely see significant amendments to the Personal Information Protection Act.

Sri Lanka

In 2022, the Act to Provide for the Regulation of Processing of Personal Data may go into effect.

Switzerland

In 2022, the revised Swiss Federal Act on Data Protection and its revised ordinances are expected to go into effect.

Thailand

In 2022, the Personal Data Protection Act 2019 may go into effect.

Turkey

2022 may see amendments to the most controversial provisions of the Law on Personal Data Protection (Law No. 6698).

European Union

2022 will see a wave of data protection legislation, including the Digital Services Act and Digital Markets ActData Governance ActePrivacy RegulationNIS II Directive (Security of Network and Information Systems), Artificial Intelligence Act, and the Data Governance Act.

United States

Several privacy laws will go into effect within the next 18 months in California (the California Privacy Rights Act (CPRA), which is effective on January 1, 2023), Colorado (the Colorado Privacy Act (CPA), which is effective on July 1, 2023), Virginia (the Consumer Data Protection Act (CDPA), which is effective on January 1, 2023), and New York (the Employee Monitoring and amendment to the New York Civil Rights Law), which is effective on May 7, 2022. In addition, privacy rights legislation is under consideration in the following states:

The Big Questions, Expectations, and Trends for 2022

The big questions

  • Will 2022 see a comprehensive U.S. federal privacy law?

  • Will the UK’s data adequacy decision remain valid?

  • Will 2022 be the year the cookie jar is emptied? Will there be a cookie-less future?

The expectations

Employers can expect the following developments in 2022.

  • More General Data Protection Regulation (GDPR) enforcement;

  • Results from the UK government’s consultation on the data reform, which may result in new legislation during 2022;

  • The UK government may be advancing its own program of data adequacy partnerships with Australia, Colombia, Dubai International Finance Centre, Singapore, South Korea, and the United States;

  • The results from the UK Information Commissioner’s Office (ICO) consultation on the draft international data transfer agreement (IDTA) and guidance, which replace Standard Contractual Clauses (SCCs);

  • More clarity on international data flows following an Austrian Data Protection Authority (“Datenschutzbehörde” or “DSB”) ruling that the use of search engine analytics violates the “Schrems II” decision; and

  • A harmonized position across Europe and the United Kingdom on the processing of COVID-19 vaccination data in the workplace.

The trends

Here are some trends that have emerged have data privacy legislation and court decisions.

  • Organizations may start striving to amend contracts; whilst the old SCCs were repealed on 27 September 2021, organizations have a grace period until December 27, 2022, to amend contracts executed before September 27, 2021;

  • The rise of transfer impact assessments: the new SCCs require data exporters to conduct an assessment of the laws and practices of the third country of destination that are applicable to personal data transferred;

  • Further regulatory scrutiny on privacy notices following the Digital Preservation Coalition (DPC) imposing a fine of €225 million on an app for failing to discharge its transparency obligations under the GDPR in the context of its privacy notice.

  • Further regulatory scrutiny on data minimisation following the DPC’s decision in a December 2020 case coupled with a complaint filed against a dating app for requesting excessive information from individuals when exercising their GDPR rights;

  • A rise of data protection of children and other vulnerable groups, for example, through the use of end-to-end encryption technologies (which the ICO’s position advocates) and various regulatory strategies (such as Ireland’s Data Protection Commission’s (DPC) Regulatory Strategy for 2022-2027); and

  • A rise of claims related to privacy and data protection, in particular, data breach claims following the likely rise of ransomware attacks.

© 2024, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.

Current Legal Analysis

More from Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

Beltway Buzz, April 26, 2024
by: James J. Plunkett
2024 Title IX Regulation Update, Part 2: Section 106.2 Definitions
by: Amanda T. Quan , Lisa Karen Atkins
2024 Title IX Regulation Update, Part I: Grievance Procedures for Resolving Complaints of Sex Discrimination and Sex-Based Harassment
by: Lisa Karen Atkins , Bethany S. Wagner
Cross-Border Catch-Up: Setting Up Shop in a New Country, Part 2—Employment Protections Around the World [Podcast]
by: Shirin Aboujawde , Lina Fernandez
New York to Require Paid Prenatal Care Leave Among Other Updates in Budget Legislation
by: Kelly M. Cardin , Zachary V. Zagger
Washington State’s New Warehouse Employee Protections Begin on July 1, 2024
by: James M. Barrett , Laurence A. Shapero
Supreme Court Questions Whether FAA Allows Courts to Dismiss Lawsuits Sent to Arbitration
by: Christopher C. Murray , Alejandro Perez
The New Jersey Mini-WARN Act Amendments—One Year Later
by: Mark Diana , Brandon R. Sher
MSHA Releases Final Rule on Respirable Crystalline Silica
by: Zachary T. Byers
Safety Perspectives From Region 6: Programs and Program Enforcements [Podcast]
by: Frank D. Davis , John Surma

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins