SUBSCRIPTION SERVICE

 

Privacy and Data Protection Tracker

Tracking the evolution of data protection regulation around the world

In April 2018, we launched a comprehensive Privacy and Data Protection tracker, ahead of the entry into force of the EU’s General Data Protection Regulation (GDPR) on 25 May 2018. The Tracker captures how countries are implementing GDPR, including laws to complement it and regulators’ noteworthy initiatives around this issue. It also shows how, outside the EU, lawmakers are changing data protection frameworks, gradually making them more akin to GDPR.

The Tracker also details frameworks for data retention for the purpose of tackling crime, and permitted uses of communication data and metadata, and tech companies’ updated privacy policies post GDPR.

 
 
 

DETAIL

The tracker format allows for a simple comparison of positions, country-by-country and company-by-company, with full referencing and URLs back to the original source. It is published online (PDF download available), and updated frequently as a result of our ongoing monitoring of this topic. It includes detail on the following:


 
 

Data protection legislation

  • Scope of personal data
  • Legal bases for treatment
  • Safeguards required
  • Rules on international transfers of data
  • Rights granted to end users
  • Financial penalties for breaches
  • Authority in charge
  • Regulatory guidance for GDPR compliance
  • Data Protection Officers
  • Certification schemes
 
 

 
 

GDPR implementation

  • National laws
  • Authority in charge
  • Staff employed
  • Means of funding
  • Annual budget
  • Guidelines and other noteworthy initiatives
  • National certification schemes
 
 

Data retention

  • Type of data to be retained
  • Retention times
  • Operators affected
  • Reimbursement of costs
  • Obligations to store data within the national territory

Use of communications data

  • Scope of data
  • Safeguards required (incl. encryption)
  • Use of metadata
  • Legal basis for use

Privacy policies

  • Tech companies’ updated privacy notices after GDPR
  • Differences with the previous policy (where available)
  • Geographical scope of the policy (e.g. whether GDPR safeguards have been extended beyond the EU)
  • Legal bases for data treatment (e.g. consent, contract performance, legitimate interest)
  • Implementation of data portability (i.e. availability of a download function for users’ data)
     

COUNTRIES/COMPANIES COVERED

 
 

Data protection legislation

EU, Australia, Japan, India, Singapore, South Korea, US

GDPR implementation

France, Germany, Ireland, Italy, Spain, UK

Data retention

EU-level, France, Germany, Italy, Spain, UK, US, Australia, Singapore

Use of communications data

EU, Australia, Japan, India, Singapore, South Korea, US

Privacy policies

Google, Facebook, Twitter, Sonos, LinkedIn, Amazon, Snapchat, Spotify, Uber


SAMPLE

 
 

FIND OUT MORE

Interested in finding out more about this Tracker? Send us an email or take a look at what else is included as part of our Subscription Service ⟶