A brief history of data protection: How did it all start?


With the GDPR being enforced on 25th of May, we decided to take a glimpse back into the history of data privacy and traced it's first precursors as originating more than 100 years ago.

Let's have a look into the history of GDPR:


Two United States lawyers, Samuel D. Warren and Louis Brandeis, write The Right to Privacy, an article that argues the "right to be left alone", using the phrase as a definition of privacy.


The Universal Declaration of Human Rights is adopted, including the 12th fundamental right, i.e. the Right to Privacy.


The EU Convention on Human Rights sequence of fundamental rights is amended, with articles now appearing in a different order. 


The Freedom of Information Act (FOIA) comes into effect in the US and gives everyone the right to request access to documents from state agencies. Other countries follow suit.


OECD issues guidelines on data protection, reflecting the increasing use of computers to process business transactions.


The Council of Europe adopts the Data Protection Convention (Treaty 108), rendering the right to privacy a legal imperative.


The Federal Constitutional Court of Germany reaches a fundamental decision regarding the census judgment. The verdict is considered a milestone of data protection.


PC Brown is charged with the UK Data Protection Act 1984 offence of using personal data or a purpose other than that described in the Data Protection Register - ruling is overturned.


The European Data Protection Directive is created, reflecting technological advances and introducing new terms including processing, sensitive personal data and consent, among others.


The EU adopts the Directive on Privacy and Electronic Communications.


The EU Directive on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks is adopted. Declared invalid by a Court of Justice ruling in 2014 for violating fundamental rights.


Evolution of the EU Electronic Communications Regulations in response to email addresses and mobile numbers becoming prime currency in conducting marketing and sales campaigns.


The international non-profit organisation Wikileaks publishes secret information, news leaks, and classified media provided by anonymous sources.


European Commission adopts the Regulation 611/2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC.


A ruling by the Court of Justice of the EU finds that European law gives people the right to ask search engines like Google to remove results for queries that include their name. The concept becomes known as “the right to be forgotten”.


The General Data Protection Regulation (GDPR) is approved by the EU parliament after 4 years of discussions.


GDPR is being enforced, replacing the Data Protection Act.


Responsible management of personal data through mature IT governance, transparent processes and modern applications.

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.