ABSTRACT
One aspect of convergence in data protection law is a trend toward more prescriptive security provisions, particularly for security breach notification, and for more emphasis on remedies. There is arguably even less uniformity in the application of data protection principles to individuals as employees than as consumers. In Europe, after enduring decades of criticism for anaemic enforcement in many countries under the Directive, data protection supervisory authorities suddenly have teeth. The Internet, mobility and social media have turbocharged the collection and use of personal data, both in the range and quantity of data, since twenty years ago when a technology pioneer remarked that we have “zero privacy”. The General Data Protection Regulation and several of the newer data protection laws and amendments outside Europe have borrowed from the US experience with mandatory data breach notification laws. The European Union (EU) moved toward even greater harmonisation within the internal market by adopting the EU Data Protection Directive in 1995.
