Personal tools

Data Privacy and Regulations

(The University of Chicago - Alvin Wei-Cheng Wong)


- Data Privacy and Regulations

Data privacy is a crucial aspect of data science. Data privacy is the ability to control how sensitive data is collected, analyzed, and stored. It's also a branch of data management that involves handling personal data in compliance with data protection laws and regulations. 

Data science is the study of data to extract meaningful insights for business. It's a multidisciplinary approach that combines principles and practices from the fields of mathematics, statistics, artificial intelligence, and computer engineering. Data security is another important aspect of data science that deals with protecting the data against vulnerabilities. 

Here are some data privacy regulations: 

  • California Consumer Privacy Act (CCPA): Requires organizations to disclose the types of personal data they collect, how it is used, and to whom it is sold. It also gives individuals the right to request access to their personal data, have it deleted, and opt out of its sale.
  • 2023 Consumer Data Privacy Legislation: Establishes a framework to regulate controllers and processors with access to personal consumer data, establishes penalties, establishes a new consumer privacy special fund, and appropriates funds to the Department of the Attorney General.
  • American Data Privacy and Protection Act (ADPPA): Became the first federal online privacy bill to pass committee in July 2022.
  • EU general data protection regulation (GDPR): The strongest privacy and security law in the world. It was adopted in 2016 and entered into application on 25 May 2018.

Other data privacy regulations include: HIPAA, PCI-DSS, PIPEDA, POPI, LGPD.
Some new privacy laws include: 

  • The right to object to processing based on the controller's or public interests.
  • An obligation to notify DPAs and data subjects about data breach.
  • Stronger consent requirements.
  • Including biometric and/or genetic data in the definition of sensitive data.


- Data Privacy Laws around the World

Data privacy laws are present in almost all major countries around the world. 

Some major world privacy laws include: 

  • The European Union's General Data Protection Regulation (GDPR): Considered one of the most comprehensive data protection laws in the world, with strict rules on how companies can collect, use, and share personal data. The GDPR also prohibits transfers outside the EU without adequate safeguards.
  • The ePrivacy Directive (ePD): An older piece of legislation enacted in 2002 and amended in 2009. It requires each EU Member State to pass their own national laws on data protection and privacy.
  • The Privacy Act 1988: One of the precursors of data privacy laws in the world, it addresses the core concerns of protection and promotion of the right of an individual to their data privacy.
  • The Argentinian Personal Data Protection Act: Prohibits the transfer of personal data to countries that do not have an adequate level of protection in place.
  • The Health Insurance Portability and Accountability Act of 1996: United States legislation that provides data privacy and security provisions for safeguarding medical information.

Other major world privacy laws include:

  • Brazil's General Data Protection Law
  • China's Personal Information Protection Law (PIPL)
  • California Consumer Privacy Act (CPRA)
  • Utah Consumer Privacy Act (UCPA)



[More to come ...]



Document Actions