European Data Protection and Privacy #

Origins, history and evolution

This interactive learning resource can be supplemented with knowledge checks and quizzes, and can be integrated with a number of learning management systems (LMS).

If your organisation is a non-profit or educational institution, we normally allow you to embed the interactive infographic into your web pages or intranet pages for free. Email us for more information.

This resource is best viewed on a desktop computer or tablet. Some interactive elements within this content include embedded YouTube videos that provide additional context. By playing a video you will be connecting to YouTube’s servers (Google LLC). You can review how YouTube handles your data on the YouTube Privacy page. Please note that you can still get full value from the interactive content without watching the videos.

About this resource #

The diagram illustrates a timeline of key events and developments that shaped data protection and privacy in Europe, from early historical roots to modern challenges.

Early Roots: The timeline begins with rudimentary notions of privacy in the 13th century (chimneys enabling privacy, Justices of the Peace Act 1361), followed by early legislative efforts in the 18th and 19th centuries, such as Sweden’s 1776 Access to Public Records Act, France banning the publishing of private facts in 1858, and Norway’s 1889 Criminal Code prohibiting the dissemination of personal or domestic information.

20th Century Developments: The 20th century saw major catalysts for data protection laws, including:

• Massive privacy abuses under Fascism (1930s, Dehomag D11) and Communism (Stasi 1950–90, Securitate 1948–89), as well as WWII atrocities.
• The 1948 UN Universal Declaration of Human Rights establishing fundamental rights.
• The widespread use and reliance on technology highlighting new vulnerabilities.
• Revelations about global surveillance (e.g. NSA, GCHQ) underscoring the need for protection.

Emergence of European Data Protection Frameworks:

• The 1950 CoE European Convention on Human Rights was a foundational step.
• Individual countries began enacting data protection laws, starting with the 1970 Hesse Data Protection Act (Germany) and the 1973 Sweden Data Act.
• The Council of Europe Resolutions 73/22 & 74/29 (1973/74) and the 1978/79 enactment of general data protection laws in seven European countries marked significant progress.
• International guidelines and frameworks emerged with the 1980 OECD Guidelines and the 1981 CoE Convention 108.
• The 1984 UK Data Protection Act and the 1995 EU Data Protection Directive further solidified national and regional legal frameworks.

Challenges and Modern Era: The late 20th and early 21st centuries presented new challenges and legislative responses:

• The emergence of early hacking (phreaking).
• Technological advancements brought phenomena like the Morris worm, the growth of the internet (WWW, Google), and cyber threats like the ‘I love you’ virus.
• The 2000 EU e-Commerce Directive and the 2000 Charter of Fundamental Rights of the EU adapted laws to the digital age.
• The 2002 EU ePrivacy Directive addressed electronic communications.
• Major terrorist atrocities like 9/11, the London and Madrid bombings, and massive personal data breaches heightened concerns.
• Figures like Snowden, Hanff, and Schrems played crucial roles in revealing surveillance and advocating for privacy rights.
• Frameworks like US-EU Safe Harbor and the Privacy Shield Framework attempted to govern transatlantic data transfers.
• The culmination of these efforts led to the 2016 EU GDPR (enforced 2018), followed by continued discussions on EC adequacy decisions and the recurring theme of ensuring robust privacy.
• Significant political events like Brexit and global crises like Covid-19 also impacted data protection discourse.

The resource concludes by emphasising that the core principle underlying all privacy and data protection efforts is the protection of fundamental rights and freedoms of individuals — human rights.