Background to European data protection law

European data protection law grew out of fears that new technologies - phone-tapping, surveillance, large mainframe computers - threatened individual privacy. The field has roots reaching back to 1970, when the German state of Hesse passed the first regional law; the first national law followed in Sweden in 1973. A serious, concerted European approach only began in the early 1980s.

A 1968 Council of Europe Recommendation already warned that techniques like phone-tapping, eavesdropping, surreptitious observation and subliminal advertising were a threat to the right to privacy. As mainframe computers spread, organisations gained efficiency, but individual rights came under pressure.

Early milestones in European data protection
Year	Milestone
1968	Council of Europe Recommendation warns of technological threats to privacy
1970	German state of Hesse introduces first regional data protection law
1973	Sweden introduces the first national data protection law
Early 1980s	Europe begins a serious, concerted approach to regulation

Early milestones in European data protection

Year

Milestone

1968

Council of Europe Recommendation warns of technological threats to privacy

1970

German state of Hesse introduces first regional data protection law

1973

Sweden introduces the first national data protection law

Early 1980s

Europe begins a serious, concerted approach to regulation

Key terms - quick answers

What is “Hesse”?

German state that introduced the first regional data protection law in 1970.

What is “Mainframe computers”?

Large early computers whose rise in the public and private sectors drove the perceived threat to privacy.

What is “Council of Europe”?

International human-rights body (separate from the EU) that issued early privacy recommendations and resolutions.