The Data Privacy Periodic Table
- A quick and digestible guide to the key “elements” of the data privacy world
- An open project, contributed to by the entire privacy community and regularly updated by our Data Privacy Services team
- The first and only initiative of its type in the industry
Explanation of categories
|Original Category||Examples||Characteristics||Data Privacy Category||Notes|
|Very common and the building blocks of all life||Fundamental principles of data protection||Without these, there could be no data privacy law|
|Inert, unreactive||Independent bodies||Impartial, neutral and objective – but also essential|
|Highly reactive||Universal rights of the data subject||Any meddling results in an explosion!|
|Alkaline earth metals||Magnesium
|Reactive||Lawful justifications for processing||Similarly combustible!|
|Very common metals||Central components of data privacy||These are the building blocks of data privacy|
|Common, softer metals||Core legislation||Vital to data privacy, but “soft” in that they require interpretation|
|Under investigation and hoped to be better understood in the future||Future developments||This is the area that we will update the most frequently|
|Rare but very valuable||Traits and skills of the most reliable privacy advisors||They don’t occur in nature very often, but when they are found, they’re highly sought after|
|All radioactive||Legislation whose powers and requirements can conflict with data privacy||Very dangerous elements that need careful handling|
How the Data Privacy Periodic Table has evolved
The data privacy world is constantly moving. And every time we update the table to reflect recent changes, it triggers debate!
There are only 118 boxes available to us, and the data privacy world is far too complex to be encapsulated in such a small number of elements, so we always have to make some hard – and sometimes controversial – decisions. But with every update, we have explained our thinking in the blogs below.
This is intended to be a collaborative, cross-industry initiative, so we would welcome any comments or suggestions for new additions or changes – contact our Privacy lead here with any recommendations.
- Original Launch: Including explanatory notes on the position of Ethics, the myth of Compliance, how we represented Data Subjects and others.
- Update 1: Including changes to the Independent Bodies section, addition of KYC and a debate over the Right to be Informed.
- Update 2: Especially for Data Protection Day 2019. Changes to the Future Developments and Core Legislation sections to reflect new regulations, such as moving the position of the California Consumer Privacy Act and adding Brazil and Bahrain’s new legislation.
- Update 3: Changes made to ensure the included elements are more representative of Privacy generally, and not too GDPR-centric, plus some amends to Future Developments to include US States’ legislation.
- Update 4: Especially for Data Protection Day 2020. Changes to the CCPA status, the addition of COPPA and Schrems II, and a discussion of the impact of Brexit.
- Update 5: Updated to include Privacy Shield being invalidated, plus the upcoming ballot on CCPA 2.0. As well as a discussion on the state of US privacy laws, and the data privacy risks organizations are facing when using track and trace methods for COVID-19.
- Update 6: New version released for Data Protection Day 2021, which replaced CCPA 2.0 with the newly-launched CPRA, plus added Canada’s CPPA, new comments on Brexit and a re-positioning of Consent.
- Update 7: Our most substantial update, restructuring the Core Legislation and Future Developments sections, with in-depth notes on UK’s confirmed Adequacy and the EU’s new SCCs.
- Update 8: Since our last update, laws have continued to change and are still doing so, and we’ve continued the theme of including ethics principles as well as pure privacy