Data Protection Day: 20 Years On and the Challenges of an AI-Driven World
28th of January is Data Protection Day which is celebrated worldwide and marks the anniversary of the introduction for signature of the Convention for the Protection of Individuals with regard to the ‘Automatic Processing of Personal Data’.
Published: January 27th, 2026
6 min read
This year is extra special as it marks 20 years from when this date was first labelled as ‘Data Protection Day’.
In an era where many calendar dates have been designated for observance of a particular cause, this is one of growing and fundamental importance as the world continues at full speed with the use of personal data in many ways unbeknown to the individuals they concern.
This Convention was the first legally binding treaty for the protection of privacy in the new era of data. Since this Convention opened for signature in 1981, the world has seen a massive development in the way that data is perceived, used and how it flows around the world. With this, has been the development of laws to safeguard individuals’ personal data with the EU leading the way with the GDPR and the previous Data Protection Directive.
Continuing its legislative trend, the EU recently announced the Omnibus Directive aimed at simplifying and streamlining digital laws in the EU including data protection, Cyber, and AI.
The understood aim of the amendments has been to balance individuals’ rights with relief to the burden on businesses to encourage competitiveness.
Proposed amendments may appear rather minor on first glance, but in its current form it is projected to have major implications.
Criticism of the proposals has come primarily from privacy activists who claim that the proposed amendments favour large tech companies and not individuals’ personal data and may conflict with the EU’s Charter of Fundamental Rights.
The UK, however, is not subject to this proposed law in whichever form it passes in, but it makes for an important note on how legislatures are trying to keep up with the fast-paced development of technology which is outpacing relevant laws.
No more obvious is with AI which has taken the world by storm with generative AI platforms becoming a household tool. With that comes risk. The EU has passed the AI Act in an attempt to regulate the use of AI and curb the resultant harmful effects particularly from the most dangerous categories of AI.
This is particularly appropriate to Data Protection Day as the Convention concerns the automatic processing of personal data which is something many would not have imagined would look the way it does today in the form of AI.
The UK’s take on a specific law regulating AI is widely anticipated following a year of rather light legislative activity in the AI space. The UK currently takes a ‘principles-based’ approach to encourage innovation rather than concrete laws.
Time will only tell how the UK will regulate AI; whether it will take a more hands-on, pro-safety EU-type of approach or a hands-off, pro-innovation US-type of approach.
In the meantime, the UK GDPR and Data Protection Act form the key laws in regulating all things personal data including AI. Organisations must adhere to these laws to avoid regulatory enforcement action, court proceedings, and reputational safeguarding.
