Sent to subscribers in May 2013

This update is dedicated to Alan F. Westin, an iconic figure in privacy law throughout the world, and the most important privacy scholar since Louis Brandeis, who passed away on February 18, 2013, as we were completing the last elements of this Supplement #11, which will be shipped to our subscribers in May 2013.

Professor Westin defined the modern right to privacy in “Privacy and Freedom,” his seminar work in the information privacy field, which was published in 1967.  In this book, Professor Westin defined privacy as individuals’ right to control, edit, manage, and delete information about themselves, and to decide how much of their personal information may be disclosed and to whom, how it should be maintained, and how it should be disseminated. This concept has become the cornerstone of our modern right to privacy.

I am pleased to enclose our Supplement #11 to the two-volume treatise Global Privacy and Security Law. Updates are provided for 14 of the existing chapters. The most significant changes are described below.



  • Chapter 15 – Brazil: The chapter is supplemented with updates regarding the data protection bill of law (Bill of Law No. 4,060/2-12), which aims to guarantee and protect individual’s fundamental rights regarding the processing of their personal data. We also provide new information regarding the Bill of Law on Civil Liabilities on the Internet; a decision is expected on this Bill in 2013.


  • Chapter 17 – Canada: The Canada chapter contains new information as to the status of several important cases regarding data protection, such as United Food and Commercial Workers, Local 401 v. Alberta (Attorney General) and Citi Cards Canada Inc. v. Pleasance. In addition, Industry Canada has published revised regulations and the section on Electronic Communications has been supplemented.


  • Chapter 20 – Colombia: On October 17, 2012, Colombia enacted Statutory law 1581/12. Data privacy in Colombia now falls under the jurisdiction of this new law, which covers all matters related to the fundamental right to acknowledge, update and rectify personal data contained in databases, and Law 1266/08, enacted in 2008, which is limited to financial information. The entire chapter is supplemented with the provisions of Law 1581/12.



  • Chapter 19 – China: Updates to the chapter include information regarding a recent State Council decision and a new Guidance regarding the protection of personal information. The State Council’s recent decision regarding Strengthening Internet Information Protection aims to go beyond the scope of the Ministry of Industry and Information Technology’s Administrative Provisions, which only apply to Internet service providers. The Guidance for Personal Information Protection (GB Guidance) was approved last November 2012 and became effective on February 1, 2013.


  • Chapter 57 – South Korea: The entire South Korea chapter has been revised to present the new Data Protection Act. A new section has been added regarding the Personal Information Protection Act.



  • Chapter 14 – Belgium: The chapter is supplemented with new recommendations from the Belgian Privacy Commission regarding requirements for data controllers with respect to security measures and workplace cyber-surveillance. The chapter also discusses the recent implementation of Article 5(3) of the 2009 Directive by Article 129 of the Electronic Communications Act.


  • Chapter 16 – Bulgaria: On December 28, 2012, the Electronic Messages Act was amended to implement Article 5(3) of the 2009 Directive. The chapter has been updated with some information regarding the new requirements.


  • Chapter 23 – Denmark: New sections regarding cookies and regarding the protection of Health Information have been added to the Denmark chapter.


  • Chapter 27 – Finland: The chapter is updated with information regarding the Data Protection Board’s decision that personal identity numbers are not considered sensitive or confidential data under the Data Protection Act.


  • Chapter 44 – Malta: We provide information regarding the new Act XXV of 2012 enacted on December 7, 2012, which introduces administrative fines and provisions for providing a more efficient and proportionate system of enforcement.


  • Chapter 46 – The Netherlands: A new section on employee information has been added. It covers information regarding monitoring of electronic communications and video surveillance. Sections regarding health information and commercial communications are also added. The chapter is also updated with the status of implementation of Article 5(3) of the 2009 Directive.



  • Chapter 64 – United Kingdom: The UK Advertising Standards Authority issued, on February 4, 2013, new transparency and choice rules for online behavioral advertising (OBA). In addition, we comment on ICO’s case against Sony Computer Entertainment Europe Ltd. and the Protection of Freedoms Act 2012 with respect to the protection of children information.


Middle East

  • Chapter 63 – Turkey: The Turkey chapter is updated with information regarding existing laws and regulations with respect to data protection, such as the Regulation on Security and Sharing of Data regarding General Health Insurance and the Law on Turkish Association of Human Rights. Other regulations regarding electronic communications are also explained in the chapter. On December 14, 2012, the Turkish Board of Information Technology and Communications issued a decision regarding the collection and processing of a company called Phorm, details regarding the decision are discussed in the chapter.


  • Chapter 63A – United Arab Emirates: The chapter is amended with minor changes for clarification.