ARTICLE
31 January 2022

Data Privacy Day Around The World: January 28, 2022

OD
Ogletree, Deakins, Nash, Smoak & Stewart

Contributor

Ogletree Deakins is a labor and employment law firm representing management in all types of employment-related legal matters. Ogletree Deakins has more than 850 attorneys located in 53 offices across the United States and in Europe, Canada, and Mexico. The firm represents a range of clients, from small businesses to Fortune 50 companies.
Without further ado, below are some of the privacy laws from around the world that we anticipate will go into effect in 2022 or that recently went into effect.
Worldwide Privacy

By 2023, 65 percent of the world's population will have its personal data covered under modern privacy regulations, up from 10 percent in 2021, according to a technology and consulting company. In light of this, 2022 will see regions such as the Asia Pacific region, Europe, the Middle East, and the United States introducing new data privacy and protection laws.

In celebration of Data Privacy Day, we are highlighting some of these laws as well as some global data privacy and protection questions, expectations, and trends that lie ahead in 2022.

Without further ado, below are some of the privacy laws from around the world that we anticipate will go into effect in 2022 or that recently went into effect.

Australia

2022 will see draft anti-trolling legislation, renewal of the Privacy Act 1988, and the introduction of the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 to Parliament.

China

2022 will see numerous national-level and local-level laws regulating the processing of data and personal information, many of which have a cross-border element (e.g., the Administrative Regulations on Network Data Security and the Measures for Security Assessment of Cross-Border Data Transfer).

Germany

2022 welcomed Article 327q of the German Civil Code, which went into effect on January 1, 2022. Article 327q enhances consumer personal data protections.

India

2022 will likely see the passage of India's Personal Data Protection Bill, 2019, which will cover both personal and nonpersonal data.

Ireland

2022 will see the commencement of the final sections of the Data Sharing and Governance Act 2019.

Israel

In 2022, two amendments to the Protection of Privacy Law, 5741-1981 may be enacted.

Japan

On April 1, 2022, amendments to the Act on the Protection of Personal Information will go into effect.

Qatar

On May 21, 2022, the Data Protection Regulations 2021 and the Data Protection Rules 2021 will take effect.

South Korea

2022 will likely see significant amendments to the Personal Information Protection Act.

Sri Lanka

In 2022, the Act to Provide for the Regulation of Processing of Personal Data may go into effect.

Switzerland

In 2022, the revised Swiss Federal Act on Data Protection and its revised ordinances are expected to go into effect.

Thailand

In 2022, the Personal Data Protection Act 2019 may go into effect.

Turkey

2022 may see amendments to the most controversial provisions of the Law on Personal Data Protection (Law No. 6698).

European Union

2022 will see a wave of data protection legislation, including the Digital Services Act and Digital Markets Act, Data Governance Act, ePrivacy Regulation, NIS II Directive (Security of Network and Information Systems), Artificial Intelligence Act, and the Data Governance Act.

United States

Several privacy laws will go into effect within the next 18 months in California (the California Privacy Rights Act (CPRA), which is effective on January 1, 2023), Colorado (the Colorado Privacy Act (CPA), which is effective on July 1, 2023), Virginia (the Consumer Data Protection Act (CDPA), which is effective on January 1, 2023), and New York (the employee monitoring amendment to the New York Civil Rights Law, which is effective on May 7, 2022). In addition, privacy rights legislation is under consideration in the following states:

The Big Questions, Expectations, and Trends for 2022

The big questions

  • Will 2022 see a comprehensive U.S. federal privacy law?
  • Will the UK's data adequacy decision remain valid?
  • Will 2022 be the year the cookie jar is emptied? Will there be a cookie-less future?

The expectations

Employers can expect the following developments in 2022.

  • More General Data Protection Regulation (GDPR) enforcement;
  • Results from the UK government's consultation on the data reform, which may result in new legislation during 2022;
  • The UK government may be advancing its own program of data adequacy partnerships with Australia, Colombia, Dubai International Finance Centre, Singapore, South Korea, and the United States;
  • The results from the UK Information Commissioner's Office (ICO) consultation on the draft international data transfer agreement (IDTA) and guidance, which replace Standard Contractual Clauses (SCCs);
  • More clarity on international data flows following an Austrian Data Protection Authority ("Datenschutzbehörde" or "DSB") ruling that the use of search engine analytics violates the "Schrems II" decision; and
  • A harmonized position across Europe and the United Kingdom on the processing of COVID-19 vaccination data in the workplace.

The trends

Here are some trends that have emerged have data privacy legislation and court decisions.

  • Organizations may start striving to amend contracts; whilst the old SCCs were repealed on 27 September 2021, organizations have a grace period until December 27, 2022, to amend contracts executed before September 27, 2021;
  • The rise of transfer impact assessments: the new SCCs require data exporters to conduct an assessment of the laws and practices of the third country of destination that are applicable to personal data transferred;
  • Further regulatory scrutiny on privacy notices following the Digital Preservation Coalition (DPC) imposing a fine of ?225 million on an app for failing to discharge its transparency obligations under the GDPR in the context of its privacy notice.
  • Further regulatory scrutiny on data minimisation following the DPC's decision in a December 2020 case coupled with a complaint filed against a dating app for requesting excessive information from individuals when exercising their GDPR rights;
  • A rise of data protection of children and other vulnerable groups, for example, through the use of end-to-end encryption technologies (which the ICO's position advocates) and various regulatory strategies (such as Ireland's Data Protection Commission's (DPC) Regulatory Strategy for 2022-2027); and
  • A rise of claims related to privacy and data protection, in particular, data breach claims following the likely rise of ransomware attacks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More