There are many laws protecting personal data in Europe or of Europeans.
All European Member States have the obligation of transposing into national law the European Data Protection Directive 95/46/EC. Starting May 2018, that system will be replaced by the General Data Protection Regulation 2016/679, applying homogeneously across European countries.
Current Member States implementations of the Directive:
- Belgium's Loi vie privée and its Arrêtés d'exécution.
- France's Loi relative à l'Informatique, aux Fichiers et aux Libertés (1978)
- United Kingdom's Data Protection Act 1998.
- Ireland's Data Protection Act 1988 and related information.
Switzerland has its own law, which is very similar, the Federal Act on Data Protection (1992) (a different set of laws apply to cantonal authorities). Canada also has a complex federal system, with the Personal Information Protection and Electronic Documents Act (PIPEDA) the federal law governing private sector processing of personal data. Canada, Switzerland, Argentina, Israel and other countries benefit from an adequacy decision from the European Commission, authorizing data transfers between Europe and these countries, and between these countries, of personal data processed at some point in Europe. These adequacy decisions are thus fairly unilateral, at the level of countries.
In addition, there is the Privacy Shield arrangement, which is much more complex in its enforcement, and concerns transfers from Europe to the United States, for US companies that have voluntarily committed to that mechanism.