PosterPDF Available


Over 90 countries and jurisdictions around the world have adopted comprehensive data protection/privacy laws to protect personal data held by both governments and private companies. This map shows which countries have adopted laws or have pending initiatives to adopt one. The new version now includes small jurisdictions and island states. Note: This map has been updated- see National Comprehensive Data Protection/Privacy Laws and Bills 2021.
Blue - Comprehensive Data Protection Law Enacted (122:103 UN/19 self gov)
Red - Pending Bill or Initiative to Enact Law (34/3)
White - No initiatives or no information (56)
National Comprehensive Data Protection/Privacy Laws and Bills 2019
David Banisar
April 2019
... Some countries (i.e. separate legal jurisdictions), however, do not have a specific legislation for data privacy [45,6]. This usually does not imply a legal void in the area. ...
... However, these guidelines should be used -if possible -in combination with national legal frameworks that are relevant to your mHealth ecosystem. Today, many countries already have a overarching privacy law in force or at least there is a bill in discussion [6]. ...
... National comprehensive data protection/privacy laws and bills (2018)[6]. ...
Full-text available
Mobile health (mHealth) systems empower Community Health Workers (CHWs) around the world, by supporting the provisioning of Community-Based Primary Health Care (CBPHC) – primary care outside the health facility into people’s homes. In particular, Mobile Health Data Collection Systems (MDCSs) are used by CHWs to collect health-related data about the families that they treat, replacing paper-based approaches for health surveys. Although MDCSs significantly improve the overall efficiency of CBPHC, existing and proposed solutions lack adequate privacy and security safeguards. In order to bridge this knowledge gap between the research areas of mHealth and privacy, the main research question of this thesis is: How to design secure and privacy-preserving systems for Mobile Health Data Collection Systems? To answer this question, the Design Method is chosen as an engineering approach to analyse and design privacy and security mechanisms for MDCSs. Among the main contributions, a comprehensive literature review of the Brazilian mHealth ecosystem is presented. This review led us to focus on MDCSs due to their impact on Brazil’s CBPHC, the Family Health Strategy programme. On the privacy engineering side, the contributions are a Privacy Impact Assessment (PIA) for the GeoHealth MDCS and three mechanisms: (a) SecourHealth, a security framework for data encryption and user authentication; (b) an Ontology-based Data Sharing System (O-DSS) that provides obfuscation and anonymisation functions; and, (c) an electronic consent (e-Consent) tool for obtaining and handling informed consent. Additionally, practical experience is shared about designing a MDCS, GeoHealth, and deploying it in a large-scale experimental study. In conclusion, the contributions of this thesis offer guidance to mHealth practitioners, encouraging them to adopt the principles of privacy by design and by default in their projects.
... Globally more than 100 countries, independent jurisdictions and territories have adopted comprehensive data protection/privacy laws to protect personal data held by governments and private companies (Banisar, 2016). Figure 1presents a map indicating which jurisdictions have adopted laws and which are currently addressing this need: countries highlighted in blue have enacted comprehensive data protection laws, whereas countries in red have a pending obligation to enact such a law. ...
... The PoPI Act will not be compared to all the countries highlighted in Figure 1, but only to a selected few countries, chosen primarily for their territorial location, large economies and mature regulations. Banisar, 2016) The PoPI Act presents a set of conditions and principles that prescribe the way in which personal information may be processed (Michalsons, 2014). The Act was created based on the EU DPD (Birnhack, 2008; DataGuidance, 2013) and the Organisation for Economic Co-operation and Development (OECD) principles (PLI, 2016). ...
Conference Paper
Full-text available
Data protection and management of personal information has become an integral aspect for organisations and individuals in conducting business in the modern era. It has also become a major issue for legislators, regulators and consumers worldwide due to the widespread repercussions when personal information is negligently or maliciously used. Despite increased attention on personal information and the existence of data protection legislation internationally, data breaches remain a common occurrence. It has become crucial now, more than ever, for organisations to manage and safeguard personal information. As a nation, South Africa has addressed the need for increased protection - the Protection of Personal Information (PoPI) Act was signed into law in November 2013. This paper presents a comparison between the South African PoPI Act and other international data protection laws in order to highlight similarities and differences. These privacy legislations will be compared based on the principles set out by the PoPI Act. Other areas to be considered include data protection officers, enforcement, electronic marketing, online privacy and the year enacted. Data protection compliance is not straightforward and having the correct measurements and procedures in place is of utmost importance. These findings can be applied in future work to examine where South Africans can make use of already established international best practices to best enforce their privacy regulation.
... Due to the revolutionary changes in the forms of collecting, storing and sharing data, the State has an obligation to protect the personal and sensitive data of its subjects. Even though many international instruments advocate the data protection principles [14] and many nations incorporating such principles into their municipal law [15] , the Indian data protection law is still in the making. ...
The development of cyberspace as a platform for e-commerce as well as for the interaction between people has given rise to ensure 'cyber security'. In the present information revolution era, there is nothing more costly than the personal data of individuals, companies, and other organizations. The need to talk about cyber security increased further when almost all activities, including business, learning, interaction, entertainment, etc., were confined to cyberspace due to the COVID-19 pandemic. The lack of a data protection law in India adds to the already existing insecurity. The chapter aims to analyze the extent of the right to privacy in the modern cyber-world. It tries to study the concept of cyberspace and the scope and extent of the right to privacy in India-whether the same extends to cyberspace? The chapter also addresses the privacy-related issues and challenges in cyberspace and tries to suggest the way forward.
... More generally, data protection legislation has become an international success story: To date, 120 countries have adopted comprehensive data protection and privacy laws to protect personal data held by private and public bodies. Another almost 40 countries and jurisdictions have pending bills or initiatives (Banisar, 2018). The US is one of the few countries which does not have a nationationwide, federal comprehensive data protection legislation. ...
Full-text available
The article addresses the digital transformation and new power asymmetries and challenges to democracy by the world’s seven largest digital platforms. Four different governance models are examined: The Chinese authoritarian model, the libertarian US-model, the European regulatory model, and the Mexican hybrid model. The challenges of digital sovereignty and democratic governance of platform capitalism are explored.
Discorre-se, no presente artigo, sobre as ameaças que as empresas de tecnologia da informação podem apresentar aos direitos fundamentais e ao constitucionalismo, diante da captura de dados, por particulares, com fins monetários, sem resposta contundente do poder estatal. Ressalta-se a vulnerabilidade das pessoas e a influência comportamental levada a efeito por meio de algoritmos e outros mecanismos ligados à internet. Aborda-se, com base em pesquisa documental, bibliográfica e normativa, o ‘capitalismo de vigilância’, proposto por Shoshana Zuboff, a garantia da privacidade e a transparência das empresas. Identifica-se um modo novo de acumulação de capital e a inadequação dos mecanismos tradicionais de regulamentação para combater seus excessos. Ao final, aponta-se para a necessidade de uma educação digital efetiva como solução à manipulação digital e combate à vulnerabilidade dos usuários - e de seus direitos.
Conference Paper
High productivity and high flexibility are the demands of digital manufacturing industry. The current trend in manufacturing came up with the fourth industrial revolution, i.e. Industry 4.0 [1]. The concept is taking its shape from automated manufacturing systems to intelligent manufacturing systems but is still in its nascent stage. One of the basic components of these systems is a cyber-physical system (CPS) [2], i.e. a mechanism controlled by computer-based algorithms integrated with users over a network. The CPS is the smart system that consists of physical and computational elements; these elements can be distributed into four-layered architecture, which is made up of a sensing layer, networking layer, analyzing layer, and application layer [3]. The benefits of these systems are that they are time saving and flexible, feasible for a demand of even one quantity placed by an individual customer, and do not require reconfiguration of the manufacturing system. The term CPPS (cyber-physical production system) was coined in Germany that proposed a complete automated system in the realm of Industry 4.0: a manufacturing system based on CPS that comprises of physical elements which are robots, conveyors, sensors, actuators, etc. and a cyber-layer based on computational elements [4]. The independent elements of CPPS can cooperate with each other through Internet of Things (IoT) [5], a concept in which components having unique identity can transfer data to each other over a network without requiring any human–computer interaction (HCI), thus creating smart factories [6]. Internet can be one such communication protocol in IoT. A similar case of smart-factory production system is presented in [7]. Though the robots and computers take a major share in the CPS, human presence is essential for productivity either for supervision or complicated jobs that robots cannot undertake. The smart-factory concept exists for large production systems; however, there is very little research that exists for manufacturing at microdomain which is deemed necessary due to the limitations of the macro devices, i.e. their large size, greater power consumption, large cost effect, higher susceptibility to environment conditions, and control loop that is believed to be significantly larger [8]. In this chapter, a smart factory is proposed; a collaboration is envisaged between a human, a cobot, and a multistaged micromilling machine. The related concepts are stated below.
Conference Paper
Full-text available
Decentralized web applications do not offer fine-grained access controls to users’ data, which potentially creates openings for data breaches. For software companies that need to comply with Brazil’s General Data Protection Law (LGPD), data breaches not only might harm application users but also could expose the companies to hefty fines. In this context, engineering fine-grained authorization controls (that comply with the LGPD) to decentralized web application requires creating audit trails, possibly in the source code. Although the literature offers some solutions, they are scattered. We present Esfinge Guardian, an authorization framework that completely separates authorization from other concerns, which increases compliance with the LGPD. We conclude the work with a brief discussion.
‘Right to information’ (RTI), ‘access to information’ (ATI) or ‘freedom of information’ (FOI) has been adopted by countries around the world, as a manifestation of the rights of citizens to freedom of opinion and expression and a prerequisite for human rights. In 1948, the United Nations Universal Declaration of Human Rights Article 19 stated the fundamental ‘right to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.’ In 1966, the International Covenant on Civil and Political Rights declared that ‘…access to information is inextricably tied to freedom of expression.’ The right to information has frequently been linked to trust in public discourse and to enabling accountable and open government. Access to information establishes a right for individuals to seek information held by public authorities, often in a manner defined by the law, and generally subject to exemptions for such things as national security, defence, international relations, police investigations and privacy. Recordkeeping professionals in corporate and public organisations provide access to records for internal business use to support current activities, as well as ensuring access to records needed over the longer term for the study of cultural heritage and the history of communities and families. In addition, in the accountability domain, records can be used to hold individuals, officials and corporations to account, both internally and externally. Providing access to reliable records is commonly cited as a necessary prerequisite for accountability, transparency, and good governance. Transparency International (Pope, 2003) asserted that ‘when we campaign for greater access to information we must at the same time campaign for improved records management. There seems little point in having access to information that is chaotic and unreliable’. Archives have been called ‘arsenals of democratic accountability’ (Eastwood, 1993; Iacovino, 2010) and this chapter will examine the recordkeeping role in providing access to records so that individuals can exercise their ‘right to information’. It will consider four different aspects of access to information: national archives and records legislation; secrecy and privacy; responsive release of information by governments under freedom of information; and proactive release of information under open government policies. It will reflect upon whether these aspects together provide citizens with ‘a right to information’ and therefore whether such a right can be said to exist in practice. Unofficial routes to information access, such as whistleblowing or unauthorised disclosure by activists, will not be covered in this chapter.
ResearchGate has not been able to resolve any references for this publication.