The Defining Approaches and Practical Paradox of Sensitive Data: An Investigation of Data Protection Laws in 92 Countries and Regions and 200 Data Breaches in the World

Min Wang, Zuosu Jiang


Results of juristic investigations into 92 countries and regions demonstrate that sensitive data are viewed as a core area of both privacy and data protection. The latest data protection laws in most countries and regions have defined sensitive data. A comparative study of all of these definitions or classifications revealed two defining approaches: “EU standard” and “EU standard plus criminal records.” A practical examination of the 200 biggest data breaches worldwide that have occurred since 2004 showed categories of personal data, particularly financial data, although not defined as sensitive in most countries, have been violated most. This paradox can be interpreted by universal principles of laws and ethics, such as human dignity and sacredness of life. Finally, we suggest a comprehensive understanding of data privacy as both a personality and a quasiproperty right and provide recommendations for defining sensitive data in legislation.


privacy, sensitive data, data protection, universal principle, human dignity

Full Text: