‍17 / 06 / 2020

Evolving privacy landscape

The Evolving Global Privacy Landscape


There are few certainties in 2020 given the current global geo-political, social and economic climate. What in January looked like an already complicated year changed immeasurably as Covid-19 spread around the globe. The global response by nation states to the pandemic, unprecedented in the modern era, brought the privacy of citizens to the fore yet again as governments sought to use smart devices to track the spread of the virus by collecting and processing data about the user’s movements and behaviour. It is timely to reflect on the impact of the GDPR on the evolving global privacy landscape, as the GDPR reaches its second anniversary with mixed reviews. Although the GDPR has received headlines, it is crucial for organisations to realise that it is not the only law that impacts data-driven businesses. The increased awareness in the public and the media about privacy as a result of Covid-19 contact tracing measures means that the global privacy framework is likely to become even more complicated. Therefore, as the volume of these laws is ever-increasing, it is difficult for businesses to keep on top of compliance requirements from one market to the next.

To put this in context, as of February 2020, 11 US States have privacy Acts or developing Bills in place, with a number of other states having privacy task forces in place. A US federal privacy law has been proposed. It is still some time away, but the momentum is growing. Brazil, South Africa and India’s new data protection laws are passed or are at an advanced stage in the legislative process, joining countries that already have modernised data protection and privacy laws, such as Canada, Russia, Japan, Singapore, South Korea, Malaysia and Nigeria – and many others which are on that journey. Although Covid-19 has delayed the legislative processes, with Brazil, South Africa and India’s laws being postponed, more than 60 counties have now introduced privacy laws in response to their citizens desire for control over their privacy and data protection rights. In increasingly globalised markets and with the ever-increasing adoption of cloud computing and PaaS, IaaS and SaaS services, few large organisations can ignore what we can call the ‘global privacy framework’.

With this evolving global privacy framework, the compliance burden is considerable. Some jurisdictions, such as Russia, have data localisation laws. Others differ in subtle but significant ways from GDPR, the law which most companies seek to align to. Brazil’s LGPD has ten lawful bases of processing, compared to GDPR’s six. South Africa’s POPIA protects the data of natural (i.e. living) persons and juristic persons (i.e. corporations). When companies start to dig into the requirements of these differing laws, they realise the difficulty of a ‘one size fits all’ approach. This poses significant Boardroom-level risk. Forrester are predicting a 300% increase in privacy class actions.[2] With so many different flavours and approaches to data protection, managing and analysing data while maintaining customer trust is becoming increasingly difficult for companies with global footprints.


To view the full article, discussing the evolving global privacy landscape visit www.informationsecuritybuzz.com

Click here to learn more about the Truata solutions and their benefits.


André Thompson, Privacy Council
André Thompson is the Privacy and Ethics Counsel at Trūata. He is a qualified solicitor with over 20 years’ experience in a commercial legal environment, working in-house, in private practice and consultancy. He has worked in privacy and data protection law since 2001 as the data protection lead in a large Irish multi-national with additional professional experience in intellectual property and information technology law.