September 5, 2009


Each country has their own law on data privacy. The following list contains of data privacy law by some county or region in this world.There are as follow:

United Kingdom: UK Data Protection Act 1998
The existence of UK Data Protection Act 1998 provides comprehensive data protection in United Kingdom.
European Union: European Union Data Protection Directive 1998
It deals on the protection of individual with regards to the processing of personal data and on the free movement on such data. It is also the world's most comprehensive data protection legislation.
Canada: The Privacy Act-July 1983
Hong Kong: Personal Data Ordinance(The Ordinance)
Japan: Personal Information Protection Law ( Act )
Basically, the purpose of the Act is to protects the rights and interest of individuals.
Netherlands: Personal Data Protection Act 2000
Brazil: currently the privacy protection governed by Article 5 of the 1988 Constitution where it generally stated that all persons are equal before the law, Brazilians and foreigners residing in the country being ensured of inviolability of the right to life, to liberty, to equality, to security and property.

Data protection in United State.

The right to privacy was recognized in several international agreement such as Article 12 of the Universal Declaration of Human Rights where it stated that no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks his honour or reputation. It also suggested that everyone has right to the protection of law. In United States, there is no comprehensive data protection legislation.The term privacy does not stated in US Constitution. However, US Supreme Court has ruled the right to privacy from various amendment to the constitution. The US Supreme Court first recognized the right to information privacy in the case of Whalen v. Roe. Since there was no comprehensive data protection legislation, there has been number of law that been enacted based on the court and also international agreement.The most important act that can be refer is the Privacy Act of 1974 and also The Computer Security Act of 1987.These two laws specifically deals with personal information held by federal government and do not have any authority over the collection of personal information held by the private sectors. The Privacy Act is to protect personal information in federal data bases and it also give individual some rights over information contained in those databases.The basic principles in both act is to provide individual with the right of access to information about themselves and it requires that personal information only can be disclosed with the individual consent. Besides that, another law that provide for data privacy protection is The Computer Security Act of 1987. It deals with personal information in the federal record systems and it also give protection towards the security of sensitive personal information in federal record system.

Data protection in Europe.

In Europe country, there are two national policies that deals with data privacy protection. The related law are Council of Europe's Convention on Data Protection and also Europe Data Directive. In Europe privacy law, it covers the privacy protection both for public and also private sectors. The Convention recognized the right to privacy as one of the fundamental human rights.The council concern with the processing of personal data and in the late of 1960's , one survey had been conducted with regards to human rights. Based on the surveys, it concluded that the existing law did not provide adequate protection of individuals . Due to that concerns, there are lots of efforts to solve the problems in order to give better protection of individuals.

Meanwhile, the EU Data Directive was adopted in October 1995 . It is specifically acknowledged the individual rights to privacy.
The EU Data Privacy sets standards for the treatment of the of personal data collected from individuals, the right for individuals to access, notification and correction.

In conclusion, Malaysia does not have a comprehensive data protection as in other countries. If we compared the law of data protection in US, when the US citizens deals with the government bodies, their data privacy will be protected. However, if someone dealing with individuals or business, there is no clear provisions regarding the data protection.This situation is different in United Kingdom where they have sufficient data protection because they have UK Data Protection Act 1998(Article: Information Privacy in Malaysia: A Legal Prospective [2005)]1 MLJ xxv.)


Case 1

Durant v Financial Services Authority [2003] EWCA Civ 1746

This case is about the claimant or the appellant, Mr Michael John Durant who seeks disclosure of information that he claims to be his personal data under section 7 of Data Protection Act 1998. When Mr Michael claims his personal data, Financial Services Authority response to it but refuse to give further information to the when the claimant seek for further disclosure.

Therefore the appeal give the public opportunity to know the proper interpretation of certain provisions of the Act in order to know the individual right to disclosure his personal data held by others. Mr Durant claim for the disclosure because he has lost the litigation against Barclay Bank PLS thus sought disclosure of various records in connection with the dispute.

The judge held that the information, seek by Mr Durant is not 'personal data' within the meaning of the Act thus dismiss the appeal. For further reading, click here.

Case 2

Criminal Proceedings v Lindqvist (Case C101/01) [2004] All ER (EC) 561

This case is about the defendant who set up a homepage on the internet. She set up internet pages at home on his personal computer to allow parishioners to obtain information they might need. The pages containes information about the applicant and her 18 colleagues in the parish including their:
  • full names
  • some of first names
  • jobs
  • hobbies
  • family circumstances
  • telephone numbers
She also stated that one colleague had injured on foot and was on half time on medical ground, She do not get consent to disclose all this information.

The public prosecutor brought a prosecution against the defendant, charging her under Swedish Law on Personal Data on the ground that she had possessed personal data without giving notification.

It was held that all her actions fall within the definition of Article 3(1) of European Parliament and Council Directive 95/96. Besides, such processing personal data is not covered by any exceptions in Article 3(2) of the Directive. There is no transfer of data to the third country nor in conflict with the general principle of freedom of expression of other freedoms. Order accordingly.

For further reading, click here.

Case 3

Murray v Big Picture [2008] 2 FLR 599

This case is about invasion of personal privacy. The child's mother was world famous popular author namely the author of Harry Potter books which she wrote under the name of JK Rowling. The parent had taken necessary steps to secure and maintain the privacy and their child was never exposed to the public. When the child at age one year old, a photographer had took a picture of the child and his parent at public place. The photo was sold to national organization and due to that it was published in a magazine. The child issue proceedings against the photography agency and seeking injunction to prevent the photo from being publicize without his consent. The child also asks for damages on the ground of infringement of his right to privacy under Art 8 of the European Convention for the Protection Of Human Rights and Fundamental Freedoms 1950 and also for the misuse of private information.
The Court of Appeal in allowing the appeal held that the child has his own rights to privacy and the respondent was held to be liable for the infringement of right to privacy. For further reading,please click here.

Case 4

Douglas and others v Hello limited and others [2003] EMLR 585

This case involved a Hollywood celebrity, Catherine Zeta Jones and her husband Michael Douglas.On their wedding day on 18 November 2000, they had sold an exclusive right to published all the wedding photos to OK! magazines only. The dispute kicked off when one photographer,not from OK! magazine had enter the Douglases's wedding and sold of his unauthorised photograph of the wedding to Hello! magazine. The claimant commenced these proceeding by applying for an injunction to prevent publication of unauthorized photographs in Hello! magazine. The Douglases also sought damages from Hello! for breach of privacy and meanwhile OK! magazine sought compensation for the loss of its exclusive rights to publish.
The court of appeal held that in this case the the protected information was the photograph of the Douglases's wedding. By applying the test propounded by House of Lords in Campbell v MGN, the court found that photographs of the wedding is fell within the protection of the law of confidentiality as extended to cover private or personal information.

For further reading,click here.