This story began with the studies of Council of Europe, back in 1968, concerning the effects of technology on human rights, realizing there may be threats due to internet expansion. The next year, other major organizations started to show interest in implication of personal information taken out of the country. All these studies led to development and implementation of privacy policies, in order to protect personal data.

The European Union (EU) spoke loud and clear about its intentions regarding the privacy of personal data collected by introducing the Data Protection Directive in 1995. Immediately after that, plenty of businessmen started to keep up with the Directive.

Of course there are differences between EU’s legislation regarding data safety and other states’ data privacy laws. They are applicable only to businesses legally operating within the EU territory and to any other organization or company that collects personal data from EU citizens or data that concerns them. There are agreements between the EU and US to ensure legal compliance with their law differences.

In 1995, U.S. released the Fair Information Practice for educating conduct of business owners on how to approach personal information of their clients. Besides, it established guidelines for how to build up comprehensive, assertive privacy policies.

Concerning their privacy legislation, there are no overall laws, so certain federal laws govern privacy policies in some circumstances, such as in these examples:

  • The Gramm-Leach-Bliley Act – obliges organizations to offer clear and accurate statements about their information collecting practices and it also limits usage and sharing of financial data;
  • The Children’s Online Privacy Protection Act – regards especially web sites that gather information about children under 13 – any site of this category is legally obliged to display a privacy policy to adhere to the restrictions implemented;
  • Health Insurance Portability and Accountability Act – applies to online health service, too – requires written notice of the privacy practices of health care services.

The U.S. privacy legislation may vary from one state to another – some of them are more restrictive.

In Canada, there’s the Personal Information Protection and Electronic Documents Act, generated by federal privacy laws. This document established acceptable standards to limit and organize personal data gathering, usage and disclosure by commercial institutions – meaning, organizations may gather, use and disclose that percent of information for purposes that a reasonable person would consider fit in the circumstance.

The Privacy Commissioner of Canada stands for receiving and peacefully taking care of complaints against organizations. Its purpose is to solve privacy matters through compliance, not through enforcement. It reaches complaints, spreads the importance of awareness of and conducts studies about privacy issues.