User:Cookiestan/sandbox

In information privacy article, I noticed that there was a link to the Arrival and Departure Information System (ADIS) that didn't lead to a new page. There is a possibility one would need to be created! Authorities by Country under Authorities section of information privacy could be organized a bit better.

In the consumer privacy article, I noticed it lacked inline citations and needed to be divided more by sections for each topic, which I would be more than willing to do. Also for consumer privacy, I believe there is a greater connection to laws/rulings that I see a lack of in the article that could tie into.

For the Privacy Law page, I'm planning on adding 5 additional English-speaking countries in the "privacy law by country" section. The countries that I will be working on will be Switzerland, Barbados, Belize, Ireland, and South Africa.

For a comprehensive global summary of data privacy laws, click here to access Greenleaf’s article documenting the change of privacy regulations throughout the international landscape.

Privacy Law in Ireland

Afghanistan
Afghanistan is currently part of the minority of countries who doesn't have any official data privacy laws.

Algeria
Algeria is currently part of the minority of countries who doesn't have any official data privacy laws.

Bangladesh
Bangladesh is currently part of the minority of countries who doesn't have any official data privacy laws.

Congo
Congo is currently part of the minority of countries who doesn't have any official data privacy laws.

Egypt
Egypt is currently part of the minority of countries who doesn't have any official data privacy laws.

Indonesia
Indonesia is currently part of the minority of countries who doesn't have any official data privacy laws.

Pakistan
Pakistan is currently part of the minority of countries who doesn't have any official data privacy laws.

Lebanon
Lebanon is currently part of the minority of countries who doesn't have any official data privacy laws.

Syria
Syria is currently part of the minority of countries who doesn't have any official data privacy laws.

Rwanda
Rwanda is currently part of the minority of countries who doesn't have any official data privacy laws.

Ireland

The island of Ireland is under the Data Protection Act 1988 and amended by the Data Protection Act 2003 along with the EU Data Protection Directive 95/46 EC, which regulates the utilization of personal data. Data Protection Act 1988 along with 2003 is known as the DPA and protects the data within the private and personal sector. The DPA ensures that when data is transported, the location must be safe and in acknowledgement of the legislation to maintain data privacy. When collecting and processing data, some of the requirements are listed below that must be adhered to: Specifically the Data Protection Commissioner oversees the entirety of the enforcement of data privacy regulations for Ireland. All persons that collect and process data must register with the Data Protection Commissioner unless they are exempt (non-profit organizations and etc.) and renew their registration annually.
 * the subject of personal data must have given consent
 * the data is in the subject's interest
 * the reason for the processing of data is for a contract
 * the reason for the processing of data is the prevention of injury

Electronic Privacy Protection

Considering the protection of internet property and online data, the ePrivacy Regulations 2011 protects the communications and higher-advanced technical property and data such as social media and the telephone.

In relation to international data privacy law that Ireland is involved in, the British-Irish Agreement Act 1999 Section 51 extensively states the relationship between data security between the United Kingdom and Ireland.

In addition, Ireland is part of the Council of Europe and the Organisation for Economic Cooperation and Development.

The Data Protection Commissioner of Ireland is a member of the International Conference of Data Protection and Privacy Commissioners, European Data Protection Authorities, the EU Article 29 Working Party, Global Privacy Enforcement Network, and the British, Irish, and Islands Data Protection Authorities.

South Africa

The Constitution of South Africa guarantees the most general right to privacy for all its citizens. This provides the main protection for personal data privacy so far.

The Protection of Personal Act 2013 (POPI) was signed into act, focusing on data privacy and is inspired by other foreign national treaties like the United Kingdom. Minimum requirements are presented in POPI for the act of processing personal data, like the fact that the data subject must provide consent and that the data will be beneficial, and POPI will be harsher when related to cross-border international data transfers, specifically with personal information. However, POPI won't be in full effective until an estimated date of 2018 as it is still being deliberated by the National Council of Provinces.

The recording of conversations over phone and internet is not allowed without the permission of both parties with the Regulation of Interception of Communications and Provision of Communications Related Act (2002).

In addition, South Africa is part of the Southern African Development Community and the African Union.

Switzerland

The main legislation over personal data privacy for the personal and private sector in Switzerland is the Swiss Federal Protection Act, specifically the Data Protection Act, a specific section under the Swiss Federal Protection Act. The Data Protection Act has been enacted since 1992 and is in charge of measuring the consent of sharing of personal data, along with other legislation like the Telecommunication Act and the Unfair Competition Act. The Act generally guides on how to collect, process, store, data, use, disclose, and destruct data. The Data Inspection Board is in charge of overseeing data breaches and privacy enforcement.

Personal data must be protected against illegal use by "being processed in good faith and must be proportionate". Also, the reason for the transfer of personal data must be known by the time of data transfer. Data not associated with people (not personal data) is not protected by the Data Protection Act.

In the case of data transfer to unsafe data protection countries, these are the major regulations required by the Data Protection Act:

·      Need of direct channels for data transfer

·      Individual case must have consent from receivers of data

·      Disclosure is accessible to public

Switzerland is a white-listed country, meaning that it is a nation that has proper levels of data protection under the surveillance by the European Commission (EU Commission). Switzerland is not under the EU Data Protection Directive 95/46 EC. However, the data protection regulations are sufficient enough under European Union (EU) regulations without being a member of the EU.

In addition, Switzerland is part of the Council of Europe and the Organisation for Economic Cooperation and Development.

The Data Inspection Board of Switzerland is a member of the International Conference of Data Protection and Privacy Commissioners, European Data Protection Authorities, the EU Article 29 Working Party, and the Nordic Data Protection Authorities.

Belize

Belize is currently part of the minority of countries who doesn't have any official data privacy laws.

However, the Freedom of Information Act (2000) currently protects the personal information of the citizens of Belize, but there is no current documentation that distinguishes if this act includes electronic data.

In consequence to a lack of official data privacy laws, there was a breach of personal data in 2009 when an employee’s laptop from Belize’s Vital Statistics Unit was stolen, containing birth certification information for all citizens residing in Belize. Even though the robbery was not intentionally targeting the laptop- the robber did not predict the severity of the theft- Belize was put in a vulnerable position which could have been avoided if regulations were in order.

Bahamas

The Bahamas has an official data protection law that protects the personal information of its citizens in both the private and public sector: Data Protection Act 2003 (the Bahamas Law). The Bahamas Law appoints a data protection commissioner to the Office of Data Protection to ensure that data protection is being held. Even though there is legislation enforced in the Bahamas through the Data Protection Act 2003, the act lacks many enforcements since a data protection officer doesn't need to be in office nor does any group or organization need to notify the Office of Data Protection when a hacker has breached privacy law. Also, there are no requirements for registering databases or restricting data flow across national borders. Therefore, the legislation does not meet European Union standards, which was the goal of creating the law in the first place.

The Bahamas is also a member of CARICOM, the Caribbean Community.

Germany
Germany is known to be one of the first countries (in 1970) with the strictest and most detailed data privacy laws in the world.

The citizens' right to protection is stated in the Constitution of Germany, in Art. 2 para. 1, and Art. 1 para. 1.

The citizens' data of Germany is mainly protected under the Federal Data Protection Act (1977) from corporations, which has been amended the most recently in 2009. This act specifically targets all businesses that collect information for its use. The major regulation protects the data within the private and personal sector, and as a member of the European Union (EU), Germany has additionally ratified its act, convention, and additional protocol with the EU according to the EU Data Protection Directive 95/46 EC.

In Germany, there are two kinds of restrictions on a transfer of personal data. Since Germany is part of the EU Member States, the transfer of personal data of its citizens to a nation outside of the EEA is always subject to a decent level of data protection in the offshore country.

Secondly, according to German data policy rules, any transfer of personal data outside of the EEA symbolizes a connection to a third party which requires a reason. That reason may be for emergency reasons and a provision must be met with consent by the receiver and the subject of the data.

Keep in mind that in Germany, data transfers within a group of companies are subject to same treatment as transfer to third-parties if the location is outside of the EEA.

Specifically the Federal Data Protection Commission is in charge of regulating the entirety of the enforcement of data privacy regulations for Germany.

In addition, Germany is part of the Organisation for Economic Cooperation and Development.

The Federal Data Protection Commission of Ireland is a member of the International Conference of Data Protection and Privacy Commissioners, European Data Protection Authorities, the EU Article 29 Working Party, and the Global Privacy Enforcement Network.

Regarding the protection of children, Germany is potentially the first nation that has played an active role in banning the share of data within toys connected to Wifi and the Internet, like for instance, “My Friend Cayla”. The group in charge of protecting the data of children is the Federal Network Agency (the Bundessnetzagentur).