Global Data Privacy 2021: DPAs Joining Networks Are the Rule

Abstract

The networks of Data Protection Authorities (DPAs) and (as they are sometimes called) Privacy Enforcement Agencies (PEAs) have continued to expand their membership, and some of their activities, in 2019-20, despite the pandemic in 2020 calling a halt to international in-person meetings. This article analyses the details of those networks set out in the 2021 Global Tables of Data Privacy Laws (included in Privacy Laws & Business International Report, Issue 169) https://ssrn.com/abstract=3836261 and completes the analyses started in that issue. The last two columns of that Table identify the DPA/PEA, where one exists (and whether yet appointed), in each of the 145 countries with data privacy laws, and each network of which they are a member or observer. Some conclusions from this paper include: • Fewer than 10% (12/145) of countries with data protection laws do not provide for specialised DPAs. • Important proposed new laws are moving to a DPA model, but other proposed revisions persist with the ‘Ministerial enforcement model’ and no DPA. The trend is consistently toward the DPA model. • A few countries have failed to bring their laws into force for at least two years after enactment, but South Africa is no longer among them. • It is a positive indicator of the vitality of national DPAs that nearly 90% (105/120) of them, once they are established, become involved in at least one DPA network. The record of national DPAs and PEAs, once appointed, in joining networks of DPAs or PEAs is very good but not universal.