Data Privacy Laws, Acts and Timeline
It’s hard to believe, but data on the internet is protected in accordance with the law on personal data protection. Of course, many countries adopt such laws independently and separately from the world community.
In this article, we wrote about the laws in different countries.
But despite this, there is a certain history of the development of such legal norms, acts and laws, which formed the line of protection of primary data of today.
This article shows you data privacy laws, acts and timeline.
What is the Internet Law?
There are sometimes misunderstandings with such laws for several reasons:
- The internet is a relatively new area that is only at the stage of development. Therefore, any database being created does not keep up with the pace of Internet change.
- Laws on the internet are often based on the principle of already existing laws on law, which were in force even before the advent of the internet.
- At the moment, there is no general law for all countries that would regulate the privacy of users on the internet.
For example, in the EU there is a single law on privacy and data security or GDPR. In the US, on the contrary, there is no single law on internet privacy for all states. Here, almost every state has its own vision of the problem and ways to protect against leaks.
As for the history of the development of various laws in the world, here it is.
Data privacy laws, acts and timeline
U.S. Privacy Act of 1974
Despite the fact that the 1974 Privacy Law was adopted before the advent of the Internet, it became the basis for most of the adopted laws on the security and confidentiality of data on the Internet. The law regulated the following points:
- The right of US citizens to access data stored in state institutions and repositories (in addition, it was possible to make the necessary copy of documents.)
- The right to correct errors related to a particular person.
- The right of agencies to collect only a small part of the documents necessary to perform a specific task.
- Limited access to data on the principle of business necessity.
- Restriction on the exchange of information between federal agencies: exchange is allowed only under certain conditions.
With the advent and development of the internet, the definition of privacy has changed somewhat. Therefore, it was necessary to create new laws that ensured the security of data in electronic format.
The Law on the Protection of Children’s Privacy on the internet
The Children’s Online Privacy Protection Act of 1998 (COPPA) is a U.S. federal law. It makes it possible for parents to control the information received and consumed by their children on the Internet. This law applies to operators of commercial websites and online services (including mobile applications and Internet of Things devices) intended for children under the age of 13 and receiving personal information from children.
How to protect your children on the internet? Read our comprehensive guide here.
Key provisions of the COPPA Act include:
- Websites, applications and online tools designed for children under 13 years of age. Thus, before collecting information from children from a computer, the site must obtain consent from parents for this.
- All information received should be stored appropriately.
Despite the fact that this law appeared at the dawn of the internet, it has become especially relevant in the era of social networks and targeted advertising.
The main issue of the law is the extent to which the site is targeted at children under the age of 13. The US Federal Trade Commission evaluates websites based on various criteria.
Some websites and services check the age of users, which frees them from the obligation to comply with the COPPA law. For example, many social networks, whose business model is based on the collection and monetization of user data, set the minimum allowable registration age to 13 years.
*For reference, the collection of personal information is the collection of names, addresses, photos and other open data.
General Data Protection Regulations
The General Data Protection Regulation of the European Union (GDPR) came into force in 2018. The document is a classic and the basis of users’ rights to privacy on the Internet, to the correct storage and non-dissemination of data by third parties. The document is valid on the territory of the EU, but it must be observed by all those who work with European users. In case of refusal, they will face multimillion-dollar fines and lawsuits. Therefore, the GDPR is one of the most stringent and unquestioning regulatory documents in the field of the right of Internet users to confidentiality of data.
According to GDPR, application developers, website owners, etc., must notify users about possible data collection. As long as the user does not consent to this, he will not be able to use the offered content.
You can read more about cookies here.
The main provisions of the GDPR:
- The user must know exactly how his data is collected and used.
- The user can find out exactly what information about him was collected by the website.
- If any user data has been saved with an error, then it should be corrected as soon as possible.
- The user can request the deletion of their data.
- The user may refuse to process and store data on the website.
- All sites, without exception, must inform users about cases of hacking or data leaks.
Note: Even more provisions from the law can be found on the official website of the European Commission.
California Consumer Privacy Protection Act
In 2018, the California Consumer Privacy Protection Act (CCPA) was signed into law. It regulates the rights and privacy protection of users on the Internet. CCPA is a law that includes many provisions and regulations, which has no analogues in the United States.
CCPA gives users the rights to access data, to delete them freely, as well as to refuse to collect data. In many ways, CCPA is similar to GDPR. However, unlike the first, GDPR gives the right to freely change data if they are incorrect and outdated. While CCPA does not provide such an opportunity.
In addition, the provision of personal data on the sites is different. The GDPR requires explicit consent to this, while the CCPA only indicates that consumers have the right to opt out of collecting certain data.
- Users have round-the-clock access to their data if they have made a request.
- You may not sell stored personal information of users without their consent or notification.
- Users can sue if they are victims of a data leak.
- The state Attorney General can file lawsuits on behalf of users.
Despite the fact that there is not yet a single law in the world that would protect the confidentiality of user data, attempts are still being made to protect personal information.