The Data Privacy Periodic Table
- A quick and digestible guide to the key “elements” of the data privacy world
- An open project, contributed to by the entire privacy community and regularly updated by our Data Privacy Services team
- The first and only initiative of its type in the industry
How the Data Privacy Periodic Table works
This project is designed to make the cloudy and complicated world of Data Privacy easier to understand. The first step of that is to decipher the language and technical terminology.
Therefore, just as with the real periodic table, we have ordered the “elements of data privacy” into suitable categories according to their traits. We also regularly update it as the data privacy landscape changes and new elements come to light.
Our table’s categories mimic the characteristics of the original scientific version’s categories. For example, the far right of the original periodic table is reserved for the “noble gases” – stable, inert and neutral. This seemed an ideal match for the independent legislative or regulatory bodies.
Similarly, the column on the far left usually dedicated to the alkali metals, with their characteristic volatility, was a fitting location for the universal rights of the data subject. If meddled with, both are likely to cause an explosion!
The grid below sets out the detail of how and why we have set out the table in the way we have.
Download NowExplanation of categories
| Original Category | Examples | Characteristics | Data Privacy Category | Notes |
|---|---|---|---|---|
| Reactive non-metals | Carbon
Nitrogen Hydrogen |
Very common and the building blocks of all life | Fundamental principles of data protection | Without these, there could be no data privacy law |
| Noble gases | Helium
Neon Argon |
Inert, unreactive | Independent bodies | Impartial, neutral and objective – but also essential |
| Alkali metals | Lithium
Sodium Potassium |
Highly reactive | Universal rights of the data subject | Any meddling results in an explosion! |
| Alkaline earth metals | Magnesium
Calcium Radium |
Reactive | Lawful justifications for processing | Similarly combustible! |
| Transition metals | Iron
Copper Nickel |
Very common metals | Central components of data privacy | These are the building blocks of data privacy |
| Post-Transition metals | Lead
Tin Aluminium |
Common, softer metals | Core legislation | Vital to data privacy, but “soft” in that they require interpretation |
| Unknown | Copernicium
Moscovium Tennessine |
Under investigation and hoped to be better understood in the future | Future developments | This is the area that we will update the most frequently |
| Lanthanides | Cerium
Neodymium Europium |
Rare but very valuable | Traits and skills of the most reliable privacy advisors | They don’t occur in nature very often, but when they are found, they’re highly sought after |
| Actinides | Uranium
Plutonium Lawrencium |
All radioactive | Legislation whose powers and requirements can conflict with data privacy | Very dangerous elements that need careful handling |
How the Data Privacy Periodic Table has evolved
The data privacy world is constantly moving. And every time we update the table to reflect recent changes, it triggers debate!
There are only 118 boxes available to us, and the data privacy world is far too complex to be encapsulated in such a small number of elements, so we always have to make some hard – and sometimes controversial – decisions. But with every update, we have explained our thinking in the blogs below.
This is intended to be a collaborative, cross-industry initiative, so we would welcome any comments or suggestions for new additions or changes – contact our Privacy lead here with any recommendations.
- Original Launch: Including explanatory notes on the position of Ethics, the myth of Compliance, how we represented Data Subjects and others.
- Update 1: Including changes to the Independent Bodies section, addition of KYC and a debate over the Right to be Informed.
- Update 2: Especially for Data Protection Day 2019. Changes to the Future Developments and Core Legislation sections to reflect new regulations, such as moving the position of the California Consumer Privacy Act and adding Brazil and Bahrain’s new legislation.
- Update 3: Changes made to ensure the included elements are more representative of Privacy generally, and not too GDPR-centric, plus some amends to Future Developments to include US States’ legislation.
- Update 4: Especially for Data Protection Day 2020. Changes to the CCPA status, the addition of COPPA and Schrems II, and a discussion of the impact of Brexit.
- Update 5: Updated to include Privacy Shield being invalidated, plus the upcoming ballot on CCPA 2.0. As well as a discussion on the state of US privacy laws, and the data privacy risks organizations are facing when using track and trace methods for COVID-19.
- Update 6: New version released for Data Protection Day 2021, which replaced CCPA 2.0 with the newly-launched CPRA, plus added Canada’s CPPA, new comments on Brexit and a re-positioning of Consent.
- Update 7: Our most substantial update, restructuring the Core Legislation and Future Developments sections, with in-depth notes on UK’s confirmed Adequacy and the EU’s new SCCs.
- Update 8: Since our last update, laws have continued to change and are still doing so, and we’ve continued the theme of including ethics principles as well as pure privacy