31 Jan 2022
The International Association of Privacy Professionals (IAPP) has been tracking Global Legislative Predictions since 2017, collecting predictions from members all over the word for what the year has in store on privacy and data protection legislation/regulations in their respective countries. This year’s issue published on 27.01.2022 has been the largest to date.
The IAPP, making an overview of the predictions, noted that ‘’the urgency to pass or update privacy laws around the world seems to heat up more each year, and 2022 is likely to be a hot one. Health data has been a center of attention in data privacy laws, another consequence of the COVID-19 pandemic. With the passage of China’s Personal Information Protection Law and potential passage of India’s Data Protection Bill, an additional one-third of the world’s population will be regulated by a data privacy law. While many countries agree data privacy is an important issue to regulate, some countries are seeing the greatest obstacle resides in how best to regulate it’’.
Privacy Minders’ partner, Ms. Maria Raphael, made the following predictions regarding Cyprus:
‘’Following Cyprus’ application in July 2019 for accession to the Schengen Area, the supervisory authorities from the EU along with European Commission experts have been assessing Cyprus’ infrastructure. Despite the Schengen Committee adopting a positive report in 2020 regarding the capacity of the Office of the Commissioner of Personal Data Protection to adequately supervise systems and procedures the public authorities needed, the assessment in other areas led to the European Union Home Affairs Commissioner announcing in June 2021 Cyprus was not yet ready to become the newest member of the borderless zone. However, the vice president emphasized that “in the turn of enlargement, Cyprus is clearly coming in the fourth position, and yes, Cyprus remains a candidate for Schengen.”
While still in the process of joining Schengen, Cyprus needs to harmonize its legislation with the legal instruments of the Schengen Information. Cyprus, as of 2016, was making efforts to transpose into national law the Directive (EU) 2019/1937 on the protection of persons who report breaches of Union Law (the Whistle-blower Directive), adopted October 2019. The Directive was set to be transposed into law by Dec. 17, 2021. However, this did not occur as there were inconsistencies to be tackled between the bill and a law proposal submitted in 2016 for the protection of public whistleblowers. On Jan. 20, the Plenary Session of the Cyprus Parliament voted for the passing of the national law transposing the Directive, titled “The Protection of Persons who report violations of EU Law and National Law of 2022.”
There is imminent need to amend Cyprus Contract Law in order to allow the contracting parties to choose Cyprus law to govern the new standard contractual clauses, adopted by the European Commission in June to legitimize international data transfers. This will be achieved by incorporating provisions that confer third-party beneficiary rights to data subjects into Cyprus Contract Law or data protection legislation, which is a prerequisite for the governing law of the SCCs. Lastly, it is expected that the Cyprus government will begin developing a legislative framework to ensure the availability of data with transparent regulations on data protection, taking into account the GDPR and the EU Regulation on the free flow of non-personal data, while facilitating the interoperability of data. The new legislative framework will enable digital services to use up-to-date and high-quality information while considering the protection of personal data. The Cyprus government has committed to creating a data ecosystem with guidelines and regulations about data interoperability and data exchange agreements.’’
You can access the White Paper here https://iapp.org/resources/article/global-legislative-predictions/