Sent to subscribers in January 2020

Happy 10th Anniversary! With the delivery of Supplement #30, which we completed during the fourth quarter of 2019, we celebrated the 10th anniversary of the publication of the first issue of the Global Privacy and Security Law treatise. Wow! Back in 2005 when I started designing the concept and outlining the treatise, I never imagined that I would be writing about the 10thanniversary of its publication now, a few days before Thanksgiving 2019. 

Anniversaries are a time to reflect on accomplishments and thank those who contributed to the realization of those accomplishments.

First, I want to thank all subscribers for their continued interest in, and enthusiasm for, the Global Privacy and Security Lawtreatise over the years. Thank you for your support! It is your enthusiasm for our work that pushes us, for each supplement, to bring you the best we can write, and inform you of the most recent developments we can identify or upcoming ones. Parts of this treatise were written because of questions from subscribers who had a particular interest in a topic or a country. Thank you for these questions! They have provided incentives for exploring further the world of privacy and security, and sharing these laws and trends with each other. Please feel free to write to me at with more ideas, questions or challenges.

Many thanks to all those who have contributed their time and knowledge, and made this work progress, expand and remain up-to-date and relevant. Our treatise was the first to identify the variety and breath of issues related to the protection of personal data and privacy rights. It provides a unique tool for understanding the complex nuances of the numerous data privacy and security laws in 68 countries on all continents. Additional countries will be included in the upcoming versions. Today, the treatise remains, by far, the most comprehensive and complete work and analysis of global privacy and data security issues worldwide. We owe it to our team of attorneys around the world and their respective associates and administrative assistants who regularly supplement the country chapters, conduct research, and draft supplemental sections or proofread them. I am thankful to have been able to gather such an outstanding team.

Many thanks, as well, to the team at Wolters Kluwer, especially Kate Brady and Mallika Krishnan, and their respective colleagues. Thank you for keeping us on schedule. Thank you for following up, for your careful and meticulous work, for catching inconspicuous typos, and making each chapter look good.

And thank you, Jacques, my wonderful husband, for participating in the editing and proofreading the 100+ documents that form the treatise, especially when my full time job as an attorney competes with editing responsibilities and publishing deadlines. Thank you for designing and maintaining the successive versions of the website for the treatise, at Thank you for your encouragements, and your unconditional support of my initiatives.

Anniversaries are also a time to look at the past and prepare for the future. As I reflect on the past few years, I am amazed at the trajectory that privacy and data security laws have taken. When I decided to write the first version of this treatise, it felt like a quixotic adventure. Few companies appreciated the strategic value of personal data and few attorneys were aware that privacy and data security laws existed. The United States had a patchwork of federal and state laws that addressed the protection of some categories of personal data, but law schools did not yet offer classes on the topic. 

At the global level, only about 25% of the United Nation Members had adopted a national data protection law. Most of these laws emanated from countries within Western Europe, and derived from a handful of seminal documents such as the OECD Privacy and Security Guidelines, Convention 108 of the Council of Europe, or the 1995 Data Protection Directive. There was limited compliance and little enforcement. Outside Western Europe, several countries had adopted national data protection laws that tracked European data protection laws. In Asia, for example, early adopters included members of the former British Empire, Hong Kong, Australia and New Zealand. In the northern part of Asia, South Korea and Japan had developed their own laws, but little was happening in China or India. Asia was only tiptoeing into regulating the use of personal data as a regional initiative. The APEC Privacy Framework, considered a response to the work of the European Union and the OECD, had just been launched in 2004.

As we reach the end of 2019, more than 130 countries have passed and are enforcing comprehensive privacy and data protection laws. China has now a wide range of laws addressing the protection of personal data. Brazil’s data protection law will enter into effect on February 14, 2020. On the corporate front, two major acquisitions or divestitures by some of the major entities providing services to related to personal data protection and compliance were just announced. And, unfortunately, the rate of misuse or illegal use of personal data has risen exponentially. 

In the meantime, the United States, despite having more than one thousand federal or state laws addressing the protection of specific categories of personal data, is still viewed, worldwide, as lacking laws that provide “adequate protection” of personal data or privacy rights. US companies are plagued by the “GDPR effect” and the “CCPA Tsunami”. There is little hope that the United States Congress will soon pass a national, comprehensive law addressing the privacy and security of all personal data in all circumstances and applying uniformly throughout the United Stated.

As we embark on another ten-year adventure in privacy and data security, it is exciting to see the wide range of issues and nuances raised by the myriad ways in which information relating to individuals can be collected, used or distilled to be associated to individuals, in order to create profiles and identifying patterns. There is still so much to explore about the protection, use and secondary uses of personal data. Artificial Intelligence, the Internet of Things ecosystem and the development of blockchain technologies, among others, are paving the way to new technologies and new concepts that push the limits of exploration, and invite our Global Privacy and Security Law treatise team to investigate and analyze. 

And . . .  one more thing! I am also embarking into another personal adventure. In August 2019, I launched a new company: DataMinding whose website is located at With DataMinding, I will continue to work with my clients, while exploring the new frontiers of data privacy and security law, and addressing or anticipating the upcoming uses – or misuses – of personal data.

I look forward to continuing to lead our Global Privacy and Data Security law adventure, and to exchanging questions, sharing ideas, and responding to challenges from subscribers, colleagues and everyone else.