Background:
So, first we need to understand why we need these laws in the first place and after that how these laws change over time and what difficulties came across regarding the privacy of an individual.
It all started at first in the latter half of the 20th century. As more and more personal data is being collected and processed. Due to the increase in data processing, concerns began to arise about the misuse and abuse of the potential data. So, many countries started to define laws according to their needs. In the early 1970s, countries including Sweden, Germany, France, and the United States started defining laws regarding privacy concerns.
However, it is important to keep in mind that the laws opposed by these countries regarding the privacy protection of data were focused primarily on data protection by government agencies rather than private sectors. So, the first protection law that covers both private and public organizations is the Data Protection Act (DPA) which was introduced in 1984 in the United Kingdom to regulate the processing of personal data.
As technology processed and the internet was invented. The concern of privacy arises, EU understands the need for modern protection and purposed the Data Protection Directive in 1995. The Data Protection Directive established the common framework for data protection and ask member states to implement their own data protection laws that were consistent with DPD.
As the Data Protection Directive was introduced it rapidly increases data collection and processing, particularly online. So, it is when the need arises to protect the individual’s privacy as they do not fully aware of the consent of their personal data or are forced to give consent to access the particular service. Also, DPD is implemented differently in each EU member state, so there were variations in how they were enforced. That’s why there was no strict law against violation as it also varies accordingly.
Due to the increase in the use of the internet, more and more data become available and the concerns regarding the protection and processing of data also increase. Like, in 2006, Facebook is opened for the public to use. In 2011, a user of the company Google sued the company for scanning her emails.
Due to these challenges, the European Union decided that they need a comprehensive approach regarding the protection of data. So, they proposed the General Data Protection Regulation (GDPR) in 2016 and it completely replaces the DPD in May 2018 after getting approved. This law provides more clear and straightforward steps and provides the individual with more control over their personal data.