Protection of personal data in different countries
Every one of us tells others information about ourselves: name, date of birth, details of documents, health information, etc. But this is not just any information; this is personal data, i.e., data that allows a person to be identified. With the advent and development of technology, personal data is spreading faster and faster. In today’s digital reality, this information can be used against a person. Therefore, states around the world are trying to protect the personal data of their citizens.
To protect personal data, the European Union has adopted the General Data Protection Regulation (GDPR). This document was adopted in April 2016 and entered into force in May 2018. It applies not only to EU member states, but also to any legal entity, even a foreign one, that processes personal data of EU citizens.
The basic principles of the GDPR are:
1. Principle of legality, fairness and transparency. Personal data must be obtained by lawful and fair means with the consent of the data subject.
2. purpose limitation. The purpose of the data collection must be specified at the time of collection and the data must not be used for other purposes.
3. data minimization. No more data should be collected than is required for a particular purpose.
4. accuracy. Personal information must be accurate, complete, and current. Errors and inaccuracies in personal data must be corrected.
5. Restriction of retention. Data may not be retained longer than necessary to fulfill the purposes of processing the information.
6. Integrity and confidentiality. Personal data must be protected by security safeguards against loss, unauthorized access, destruction, etc.
7. Accountability. Companies that handle data are responsible for complying with GDPR requirements. There are huge penalties for violating these requirements.
European countries are adopting domestic laws to protect personal data. Germany, Denmark, Iceland, Spain, France, and Germany, for example, have such laws. They are based on the above principles and essentially clarify and specify the provisions of GDPR.
UNITED STATES OF AMERICA .
In the United States, federal legislation defines only the obligations of government agencies regarding the protection of personal data. Regulations that apply to legal entities processing personal data are adopted at the state level. For example, the state of California passed a law in 2020 regulating the rules for data collection and handling. Under this law, an individual who uses the services of Internet companies has the right to know
– what information the Internet company collects about him or her;
– The purposes for which the company collects the information;
– How the data will be used.
Individuals also have the right to demand the destruction of their data and prohibit its transfer to third parties.
It should be noted that after the 9/11 attacks in the U.S. it was allowed to collect data on Americans at the government level for security purposes.
Here, a law has been in effect since 2017 that requires Internet service providers to obtain users’ consent for the collection of their personal data. China’s legislation in this area is largely guided by European experience and GDPR regulations.
The Land of the Rising Sun has had a law on personal data protection since 2005. Among other things, the law is designed to guarantee the right to privacy of the Japanese people. Thus every Japanese website handling personal data is obligated to publish the Policy on Personal Data Protection. The policy has to specify what measures the site is taking to protect users’ personal data.