International Privacy Resources || International Privacy Rules | International Privacy Laws | International Privacy Regulations
International Privacy Laws and International Security Breach Laws
Supra-national Organizations
Asia-Pacific Economic Cooperation (APEC)
Privacy Framework (PDF)
Asia-Pacific Privacy Charter Council (APPCC)
Association Francophone des Autorités de Protection des Données Personnelles (Francophone Association of Data Protection Authorities AFAPDP)
Central and Eastern Europe Data Protection Authorities (CEEP)
Council of Europe(CE) + European Union (EU)
Directive ETS 108 – Convention for Protection of Individuals with regard to Automatic Processing of Personal Data
Directive ETS 181 – Additional Protocol to the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data Regarding Supervisory Authorities and Transborder Data Flows
Directive ETS 185 – Convention of Cybercrime
Decisions on the Adequacy of the Protection of Personal Data in Third Countries
Directive 1995/46/EC
Directive 1997/66/EC – Telecommunications Sector
Regulation 45/2001 (PDF)
Directive 2002/58/EC
Directive 2009/xx/EC – Directive Codifying ePrivacy for the Telecommunications Sector. (PDF, temporary number and name)
Directive 2006/24/EC
European Data Protection Supervisor (EDPS)
Ibero-American Data Protection Network (RIPD)
International Privacy Law Library
Organisation for Economic Co-operation and Development (OECD)
Guidelines for the Security of Information Systems Information and Networks
Report on the Cross-Border Enforcement of Privacy Law (2006, in PDF)
Schengen Convention (Schengen)
Schengen Joint Supervisory Authority (JSA)
United Nations (UN) Economic and Social Commission for Western Asia (ESCWA)
Models for Cyber Legislation in ESCWA Member Countries Guide Document (PDF)
Guidelines for the regulation of computerized personal data files ( A/RES/45/95)
European Privacy Association
International Privacy Laws and National Breach Laws
Afghanistan/ Afġānistān / Afġānestān (not while being wholly owned and operated)
None Found
Albania (CE185, CE)
Law No. 8517 on the Right to Information and Protection of Personal Data
Algeria / Shqipëria
None Found
Andorra / Principat d'Andorra (CE)
Agència Andorrana de Protecció de Dades (ADPD, in Spanish)
Angola
Antigua and Barbuda
Barbuda is a Semi-Autonomous Territory
Argentina
Dirección Nacional de Protección de Datos Personales (DNPDP, in Spanish)
Decree 995/2000 (Translated)
Regulation 1/2003 – Data Protection Infringements and Penalties (Translated)
Provision 11/2006 – Security Measures for Maintenance of Personal Data (Spanish PDF)
Link to Regulations (In Spanish)
Protection of Personal Data Law (In Spanish)
Armenia / Հայաստան / Hayastan (Member CE, CE185)
Law on Personal Data / ԱՆՀԱՏԱԿԱՆ ՏՎՅԱԼՆԵՐԻ ՄԱՍԻՆ (Translated PDF)
Aruba (generally administered from Holland)
Australia (Member OECD)
Office of the Privacy Commissioner
Guidelines on Workplace E-mail, Web Browsing and Privacy
Information Privacy Principals
National Privacy Principals
Federal Privacy Act (1988)
With Amendments up to August 2009
Telecommunications Act (1997)
States and Regions:
Australian Capital Territory
Health Records (Privacy and Access) Act 1997
Human Rights Act 2004
New South Wales Privacy Commissioner
Privacy and Personal Information Protection Act Number 133 1998 (with Amendments to July 2009)
Privacy and Personal Information Protection Regulation 2005 (with Amendments to January 2009)
Health Records and Information Privacy Act 2002 (HRIPA)
Health Records and Information Privacy Code of Practice 2005
Office of the Northern Territory Information Commissioner
Information Act (July 31, 2009)
Queensland
Queensland Health Privacy
Office of the Information Commissioner
Information Privacy Act 2009 (PDF)
South Australia
No specific legislation found
Tasmania
Personal Information Protection Act 2004
Victoria Privacy Commissioner – Privacy Victoria
Information Privacy Act 2000
Western Australia
No specific legislation found
Other Territories:
Christmas Island
Cocos / Keeling Islands
Austria / Österreich (Member EU, OECD, Schengen, CE)
Ö sterreichischen Datenschutzkommission (DSK, Data Safety Commission, in German)
Data Protection Act (DSG 2000, translated)
Notice: Austria has state/canton laws relating to Privacy for each entity
Azarbaijan / Azərbaycan (Member CE)
Law on Information, Informatization and Protection of Information 1998 (Source not found)
Bahamas
Data Protection (Privacy of Information) Act (2003, PDF)
Bahrain
None Found
Bangladesh / বাংলাদেশ
Barbadus
Belarus / White Russia / Беларусь (Despotic Regime)
Law Of The Republic Of Belarus On Information, Informatization and Protection of information
Belgium / België / Belgique / Belgien (Member EU, OECD, Schengen, CE)
Act for the Protection of Private Data Files
Commission de la Protection de la Vie Privée (CPVP/CPP/CBPL, Commission for the Protection of Private Life, in French)
Belize
Benin / Bénin
Bhutan / Druk Yul
Bolivia / Estado Plurinacional de Bolivia / Bulibiya / Wuliwya
Bosnia and Herzogovina / Bosna i Hercegovina / Босна и Херцеговина (Member CE)
Including The Republika Srpska / Република Српска
Law on The Protection of Personal Data (Translated PDF)
Botswana / Lefatse la Botswana
Brazil
Law 9472 on Telecommunications (Portuguese PDF)
Brunei Darusallam
Bulgaria / България (Member EU, Schengen (not implemented), CE, CE185, CEEP)
Комисията за защита на личните данни (CPDP, Commission for the Protection of Personal Data, in Bulgarian)
Law on Protection of Personal Data (In Bulgarian)
Rule 1 on the Minimum Level … Measures and … Data Protection (in Bulgarian)
Burkina Faso / Upper Volta
Burundi / Uburundi
Cambodia
Cameroon / Cameroun
Canada
Office of the Privacy Commissioner
Privacy Act
Identity Theft Act (Formerly Known as S-4, PDF)
Personal Information Protection and Electronic Documents Act (PIPEDA)
States:
Information and Privacy Commissioner of Alberta
Personal Information Protection Act
Health Information Act (PDF)
Information and Privacy Commissioner for British Columbia
No current law noted on Privacy in the Private Sector
Manitoba Ombudsman's Office Access and Privacy Division
Personal Health Information Act (PHIA)
New Brunswick Office of the Ombudsman
No current law noted on Privacy in the Private Sector
Information and Privacy Commissioner for Newfoundland and Labrador
No current law noted on Privacy in the Private Sector
Information and Privacy Commissioner of the Northwest Territories (Generally coordinated with Nunavut, below)
Freedom of Information and Protection of Privacy Review Office of Nova Scotia
Privacy Review Officer Act (PRO, 2008, took effect Sep 2009)
Freedom of Information and Protection of Privacy Act (FOIPOP, 1993, as amended 1999, 2004, 2007)
Information and Privacy Commissioner of Nunavut / ᑲᒥᓴᓇ ᐃᒻᒥᒃᑰᖅᖢᓂ ᑲᒪᔨᓐᖑᖅᑎᑕᐅᓯᒪᕗᖅ ᓄᓇᕗᑦ / Naunaipkainiq
Tuhaqtipkailinirmutlu Kamisina
No current law noted on Privacy in the Private Sector
Information and Privacy Commissioner of Ontario
Personal Health Information Protection Act (PHIPA)
Information and Privacy Commissioner of Prince Edward Island
No current law noted on Privacy in the Private Sector
Commission d'Accès à l'Information du Québec (Quebec Commission on Information Access)
Respecting the Protection of Personal Information in the Private Sector Act (Translated)
Office of the Information and Privacy Commissioner for Saskatchewan (OPIC)
Freedom of Information and Protection of Privacy Act (PDF)
Local Authority Freedom of Information and Protection of Privacy Act (PDF)
Health Information Protection Act (PDF)
Privacy Act (PDF)
Ombudsman and Information and Privacy Commissioner of the Yukon
No current law noted on Privacy in the Private Sector
Cape Verde / Cabo Verde
Central African Republic / République Centrafricaine / Ködörösêse tî Bêafrîka
Chad / Tchad / Tshād
Chile
Ley Sobre Protección de la Vida Privada (Law for the Protection of Private Life, in Spanish)
China / 中华人民共和国 (Peoples' Republic of)
None Found for Mainland
Regions:
Guangxi
Inner Mongolia
Ningxia
Xinjiang
Tibet (Not Included Here)
Special Administrative Regions (SAR)
Macao
Personal Data Protection Act (2006) (PDF, unofficial English Translation)
Gabinete para a Protecção de Dados Pessoais / 個人資料保護辦公室 / Office for Personal Data Protection
Hong Kong, Special Administrative Region, People's Republic of China
Office of the Privacy Commissioner for Personal Data
Chapter 486 – Personal Data (Privacy) Ordinance
Also Claim Taiwan, Not Included Here.
Colombia
Note: Including the Archipelago of San Andrés, Providencia and Santa Catalina
Comoros / Union des Comores / al-Ittiḥād al-Qumuriyy
Congo (Democratic) / République Démocratique du Congo / Zaire / Belgian Congo / Zaïre
Congo (Republic) / République du Congo / Repubilika ya Kongo / Republiki ya Kongó
Cook Islands / Kūki 'Āirani , Includes:
Atiu / Enua Manu / Island of Birds
Ma'uke / Akatokamanava
Mitiaro / Nukuroa
Aitutaki / Araura Enua
Mangaia / Auau Enua
Rarotonga / Tumutevarovaro)
Avarua
Palmerston Island / Pamati
Manuae
Takutea
Winslow Reef
Manihiki / Te Fuinga O niva
Nassau
Penrhyn Island / Tongareva / Mangarongaro
Pukapuka /Te ulu o te watu
Rakahanga / Tapuahua
Suwarrow / Suvorov
Tema Reef
Note: Generally administered with New Zealand
Costa Rica
Croatia / Republika Hrvatska (Member CE, CE185, CEEP)
Agencije za Zaštitu Osobnih Podataka (Personal Data Protection Agency, in Croat)
Personal Data Protection Act (PDDA) (Translated PDF)
Amendements to PDDA (Translated PDF)
Regulation on Keeping Patients Records (Translated PDF)
Regulation on Storage of Personal Data (Translated PDF)
Cuba (Despotic Regime)
None Found
Cyprus / Κυπριακή Δημοκρατία / Kypriakí Dimokratía / Kıbrıs Cumhuriyeti (Member EU, Schengen (not implamented), CE, CE185)
Γραφείου Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα (Office of the Commissioner for Personal Data Protection, in Greek)
Processing of Personal Data (Protection of the Individual) Law (Translated PDF)
Amendment to Law (Translated PDF)
Czech / Česko (Member EU, OECD, Schengen, CE, CEEP)
Úřad pro Ochranu Osobních Údajů (UOOU) (The Office for Personal Data Protection, in Czech)
Act 101 on The Protection of Personal Data (Consolidated version, translated PDF)
Denmark (Member EU, OECD, Schengen, CE, CE185) (Rose noble Danskere)
Datatilsynet (Danish Data Protection Agency, in Dansk)
Act on Processing of Personal Data (Translated)
Djibouti / Jumhūriyyat Jībūtī / Jamhuuriyadda Jabuuti / République de Djibouti
Dominica
Dominican Republic
East Timor / Democratic Republic of Timor-Leste / Repúblika Demokrátika Timór Lorosa'e / República Democrática de Timor-Leste
Including Atauro / Kambing Island, Jaco / Jako Island, Oecussi-Ambeno,
Ecuador
Egypt / Mişr
None Found
El Salvador
Equatorial Guinea / Guinea Ecuatorial / Ecuatorial Guyana / Guinée Équatoriale / Guiné Equatorial
Eritrea / ኤርትራ / Ertra
None Found
Estonia / Eesti (Member EU, Schengen, CE, CE185, CEEP)
Andmekaitse Inspektsioon (Data Protection Inspectorate)
Personal Data Protection Act (Translated RTF)
Ethiopia/ ኢትዮጵያ / Ityop'iya
None Found
Fiji / Matanitu ko Viti / फ़िजी ) (Despotic Regime)
Finland (Member EU, OECD, Schengen, CE)
Dataombudsmannens Byrå (The Offiice of the Data Protection Ombudsman, in Finnish)
Personal Data Act (Translated, Original Act)
Act on the amendment of the Personal Data Act (Translated RTF)
Act on the Protection of Privacy in Working Life (APPWL, translated PDF)
Amendments to APPWL (in Finnish)
France (Member EU, OECD, Schengen, CE, CE185)
Commission Nationale de l'Informatique et des Libertés (CNIL, Data Protection Authority, in French)
Loi Informatique et Libertés (Information and Freedom Law, 1978, in French)
Loi pour la Confiance dans l'économie Numérique (Confidence in the Digital Economy Law, 2004, modifying the 1978 law, above, in French)
Note: French Regions (régions d'outre-mer), sometimes administered as part of the French Republic, include:
French Guiana / Guyane (EU)
Guadeloupe / Gwadloup / குவாதலூப்பே (EU, But not a part of Schengen)
Martinique (EU)
Reunion/ Réunion / Île Bourbon / றியூனியன் (EU)
Note: French Overseas Collectives (collectivités d'outre-mer), generally administered as part of the French Republic, include:
Corsica / La Corse (almost as autonomous as a French Region)
French Polynesia / Polynésie Française (semi-independent parliament), including:
Ahe / Ahemaru / Omaru
Bora-Bora / Bollabolla / Pora Pora
Hiva Oa
Huahine (2 islands)
Maiao (2 islands)
Maupiti
Mehetia / Meetia
Morea / Aimeho / Aimeo / Eimeo / York Island
Nuku Hiva / Nukahiva / Île Marchand / Madison Island
Raiatea
Tahaa / Oataha
Tahiti
Tahuata
Tetiaroa
Tubuai
Tupai (and group)
Rimatara
Rurutu
Mayotte / Maore / Mahori (will become a Department in 2011)
Saint-Barthélemy / Sankt Barthelemy / Saint Barts (member EU)
Saint-Martin (member EU)
Saint-Pierre and Miquelon
Wallis and Futuna / Territoire des îles Wallis et Futuna / Uveo mo Futuna
Note: Unique "Land" in the French system, administered as part of the French Republic (until 2014):
New Caldeonia / Nouvelle-Calédonie / Kanak
Note: Unique "Territory" in the French system, administered as part of the French Republic:
French Southern and Antarctic Lands / Terres Australes et Antarctiques Françaises (TAAF)
Note: Unique "Property" in the French system, administered as part of the French Republic:
Clipperton Island
Gabon
Gambia
Georgia / საქართველო / Sak’art’velo (Member CE)
Germany / Deutchland (Member EU, OECD, Schengen, CE)
Bundesdatenschutzgesetz ( BDSG, in German, 1990 Privacy Law )
Bundesdatenschutzgesetz (PDF, in German, 2006 Federal Data Protection Law)
Novellierung des BDSG in den Bereichen Adresshandel, Werbung und Datenschutzaudit (German PDF, 2008 Amendment of the Data Protection Act to address the areas of trade, advertising and data protection audit)
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BFDI, The Federal Commissioner for Data Protection and Freedom of Information)
Regions:
Landesbeauftragte für den Datenschutz Baden-Wüerttemberg (LFD, Baden-Wuerttemberg State Data Protection Bureau)
Bayerischen Landesbeauftragten für den Datenschutz (Bayer State Data Protection Bureau)
Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI, Berlin Commissioner for Data Protection and Freedom of Information)
Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg (Brandenburg State Commissioner for Data Protection and Access to Information for Data Protection and Access to Information)
Landesbeauftragten für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen (LDA, State Bureau for the Protection of Data and Freedom of Information of the Free Hanseatic Bremen )
Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (Hamburger Commission for Data Protection and Freedom of Information)
Hessischen Datenschutzbeauftragten (Hesse Data Protection Bureau)
Landesbeauftragte für den Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern (State Bureau for the Protection of Data and Freedom of Information of Mecklenburg-West Pommerania )
Landesbeauftragte für den Datenschutz Niedersächsen (Niedersachsen State Commissioner Data Protection Bureau)
Landesbeauftragten für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI, North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information)
Landesbeauftragte für den Datenschutz Rheinland-Pfalz (Rhineland-Palatinate State Bureau for the Protection of Data)
Landesbeauftragte für Datenschutz und Informationsfreiheit Saarland (State Bureau for the Protection of Data and Freedom of Information of Saar )
Sächsische Datenschutzbeauftragte (Saxony Commissioner for Data Protection)
Landesbeauftragte für den Datenschutz Sachsen-Anhalt (Saxony-Anhalt State Commission for Data Protection)
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (Independent Centre for Privacy Protection Schleswig-Holstein )
Thüringer Landesbeauftragten für den Datenschutz (TLFD, Thuringia State Commission for Data Protection)
Ghana
None Found
Greece / Ελλάδα (Member EU, OECD, Schengen, CE)
Αρχής Προστασίας Δεδομένων Προσωπικού Χαρακτήρα / Hellenic Data Protection Authority , in Greek)
Protection of Individuals with regard to the Processing of Personal Data (Translated PDF)
Protection of personal data and privacy in the electronic telecommunications sector and amendment of law 2472/1997 (Translated PDF)
Guidelines for Data Controllers
Grenada
Guatamala
Guernsey / Bailliage de Guernesey (UK Protectorate, not a part of the EU)
Data Protection Commissioner
Notification Exemption Self-Assessment Guide
Breach Notification Handbook (PDF)
Data Protection (Bailiwick of Guernsey) Law (PDF)
Guinea / Guinée
None Found
Guinea-Bissau / Guiné-Bissau / Portuguese Guinea
Guyana / British Guiana
Haiti / Haïti / Ayiti
None Found
Holland / Dutch / Netherlands / Nederland / Nederlanden /Hulanda / Ulanda (Member EU, OECD, Schengen, CE, CE 108)
College Bescherming Persoonsgegevens (College of Personal Data Protection, in Dutch)
Guidelines for Personal Data Processors (English PDF)
Privacy Audit Framework (English PDF)
Privacy: Guidelines for the Workplace (Dutch PDF)
Wet Bescherming Persoonsgegevens (WBP, Personal Data Protection Act, Dutch PDF)
Honduras
Hungary / Magyarország (Member EU, OECD, CE, CE185, CEEP)
Protection of Personal Data et al Act
Data Protection (and Freedom of Information) Commissioner of Hungary
Excerpts from The Criminal Code, Section 177/A (Unjustified Data Handling) and Section 177/B (Misuse of Special Personal Data) (Translated)
Iceland / Island (Member OECD, Schengen, CE)
Persónuvernd (Data Protection Authority, in Icelandic)
Rule 299/2001 – Security of Personal Data (Translated)
Rights of Patients Act (Translated)
Act 77/2000 – The Protection of Privacy (In English)
India / भारत गणराज्य / Bhārat Gaṇarājya / ভাৰত / ભારત / ഭാരതം / ਭਾਰਤ / இந்தியா
Department of Information Technology
Information Technology Act of 2000 (See section 72)
IT Act Amendment of 2008 (PDF)
Indonesia
Law on Information and Electronic Transaction Number 11 (2008) – no source found
Iran (Despotic Regime)
None Found
Iraq (not while being wholly owned and operated)
None Found
Ireland / Éire (Member EU, OECD, CE, Schengen (only partially implamented))
Data Protection Commissioner
Breach Notification Guidelines
Guidelines for Private Sector Sharing of Personal Data
Data Protection Act (Original)
European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003
Informal Consolidation of the Data Protection Acts 1988 and 2003
Isle of Man / Ellan Vannin (Protectorate of the UK, not part of the EU)
Isle of Man Data Protection Supervisor
Code of Practice for Privacy Notice (PDF)
Data Protection Act (PDF)
Israel / מדינת ישראל
הרשות למשפט, טכנולוגיה ומידע / Israeli Law and Information Technologies Authority (ILITA)
חוק הגנת הפרטיות (Defense of Privacy Law, including data, in Hebrew DOC) (translated DOC)
Communication Data Law (Criminal Law, Hebrew PDF)
Italy / Italia (Member EU, OECD, Schengen, CE)
Garante de la Protezione dei Dati Personali (Supervisor of Protection of Personal Information)
Code for the Protection of Personal Data (hard to believe, I know, but this is very complicated, half in Italian, half English, one third PDF)
Codice della Privacy Dlgs 196/2003 (Code for the Protection of Personal Data , hard to believe, I know, but this is very complicated, half in Italian, half English, one third PDF)
Law 675 (Italian, will eventually lead to a PDF)
Ivory Coast / Côte d'Ivoire
None Found
Jamaica
Japan / 日本 / Nippon / Nihon (Memeber OECD, CE185)
内閣府 (Japanese National Cabinet, Personal Life Policy office)
Law on the Protection of Personal Information (Translated PDF)
Jordan / Al-Mamlakah al-Urdunniyyah al-Hāshimiyyah
None Found
Kazakhstan / Қазақстан / Qazaqstan
In June 2009 Kazakhstan passed and enacted one of the most anti-privacy laws around
Kenya
None Found
Kiribati / Gilbert Islands
Kuwait
None Found
Kyrgyzstan / Кыргыз Республикасы / Kyrgyz Respublikasy / Кыргызская Республика / Kyrgyzskaya Respublika
Laos / ນລາວ
Latvia / Latvija (Member EU, CEEP)
Datu Valsts Inspekcija (State Data Inspectorate, in Litvak)
Personal Data Protection Law (Translated)
Regulation 40 – …Technical and Organizational Requirements for Protection of Personal Data Processing Systems (Translated)
Lebanon
Lesotho
Liberia
Libya (Despotic Regime)
None Found
Liechtenstein (Schengen (not implemented), CE)
Datensammlungen (DSS, Data Protection Directorate, in German)
Lithuania / Lietuva (Member EU, Schengen, CE, CE108, CE185, CEEP)
Valstybinė Duomenų Apsaugos Inspekcija (State Data Protection Inspectorate , in Lithuanian)
Law on the Ratification … Protection of … Automatic Processing of Personal Data (ETS108) (Translated DOC)
Code of Administrative Law Violations (In Lithuanian)
Law on Electronic Communications (Translated PDF)
Law on Legal Protection of Personal Data (Translated PDF)
Law on Legal Protection of Personal Data Amendment (Translated)
Luxemburg / Lëtzebuerg (Member EU, OECD, Schengen, CE)
Comm/ission Nationale pour la Protection des Données (CNPD, National Commission for Protection of Information, in French)
Data Protection Act (Translated PDF)
Data Protection and Electronic Communication Law (French PDF)
Regulation A-200 re:Data Protection Officers (French PDF)
Macedonia / Македонија / Makedonija (Not part of Greece. Former Yugoslav Republic, CE, CE185)
Directorate for Personal Data Protection (DPDP, in Macedonian)
Law on Personal Data Protection (ZZLP, Macedonian PDF)
Madagascar / Madagasikara
Malawi / Dziko la Malaŵi
Maldives / Divehi Rājje ge Jumhuriyyā
Mali
Malta (Member EU, Schengen, CE)
Office of the Data Protection Commissioner
Note: Many Legal Notices Available Here
Data Protection Act (CAP 440, PDF)
Malaysia / மலேசியா / 马来西亚
Marshall Islands / Aorōkin M̧ajeļ (in Free Associate with the United States)
Mauritania/ Mauritanie
None Found
Mauritius / République de Maurice
Information and Communication Technologies Authority (ICTA)
Data Protection Act (DPA , PDF)
Computer Misuse and Cybercrime Act (PDF)
Information and Communication Technologies Act (ICATA, PDF)
Mexico / United Mexican States / México (Member OECD)
Mexico currently regulates only privacy to/from the Federal level. Private sector legislation does not yet exist.
Micronesia, Including
Chuuk
Kosrae
Pohnpei
Yap
Moldova (Member CE)
None Found
Monaco / Múnegu / Mónegue (Not member of Schengen, but generally administered as if it were, CE)
Commission de Contrôle des Informations Nominatives (Commission of Control of Personal Information, in French)
Protection of Personal Data Law (1.165, PPDL, French PDF)
Amendment to PPDL (1.353, French PDF)
Mongolia / Монгол улс / Mongol uls
Montenegro / Црна Гора / Crna Gora (Member CE)
Morocco / al-Maġrib
None Found
Mozambique/ Moçambique
None Found
Myanmar / Pyi-daung-zu Myan-ma Naing-ngan-daw / Burma (Despotic Regime)
Namibia/ Namibië
Nauru / Naoero
Netherlands Antilles / Nederlandse Antillen
None. The Antilles Are Not covered under Dutch Law.
Including:
Bonaire
Curaçao / Kòrsou
Saba
Sint Eustatius / Statia / Saint Eustace
Sint Maarten
Nepal / नेपाल
New Zeland / Aotearoa (Member OECD)
Office of the Privacy Commissioner / Te Mana Matapono Matatapu
Health Information Privacy Code (HIPC, PDF)
Telecommunications Information Privacy Code (TIPC (no, not making it up), PDF)
Privacy Act Summary
Privacy Act
Also Includes
The Dependent Territory of Tokelau
Parts of the Antarctic Ross Ice Shelf
Nicaragua
Niger
Nigeria / Republik Nijeriya / Naigeria / Republik Federaal bu Niiseriya / Orílẹ̀-èdè Olómìnira Àpapọ̀ Naìjírìà
National Health Bill (PDF)
North Korea / Hanguk (really? Would you really expect something here?) (Despotic Regime)
None Found
Norway / Norge (Member OECD, CE, CE108, Schengen)
Datatilsynet (The Date Inspectorate, in Bokmål (Norsk))
Personal Data Act (Translated PDF)
Royal Regulations on the Processing of Personal Data (Translated PDF)
Personal Health Data Filing System Act (Including Processing of Personal Health Data, translated)
Oman
None Found
Pakistan
Palau / Pelwe / Beluu er a Belau
Panama / Panamá
Papua-New Guinea / Papua Niugini
Parguay / Paraguái
National Secretariat of State Reform
Peru / Perú
Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual / (INDECOPI, National Institute for the Defense of Competition and Intellectual Property Protection)
Ley que Regula las Centrales Privadas de Información de Riesgos y de Protección al Titular de la Información (Ley Nº 27.489, Law Regulating the Privacy of Information Risk and Protection of Information Owner Law No. 27,489) – no Source found.
Phillipines / Pilipinas / Filipinas
NONE
Poland / Polska (Member EU, OEC, CE, CES 108), Schengen, CEEP)
Generalnego Inspektora Ochrony Danych Osobowych (GIODO, Inspector General for Personal Data Protection, in Polish)
Protection of Personal Data Law (Polish PDF)
Portugal / Pertual(Member EU,OECD, Schengen, CE)
Comissão Nacional de Protecção de Dados (CNPD, National Commission for Protection of Data, in Portuguese)
Law Creating CNPD (Portuguese PDF)
Law 67/1998 – Protection Personal Data and Information (Portuguese PDF)
Law 32/2008 – Retention of Electronic Communications Data (Portuguese PDF)
Law 41/2004 – Protection of Personal Data in Electronic Communications (Portuguese PDF)
Law 109/1991 – Information Crimes (Portuguese PDF)
Portugal also controls:
The Azores
Madiera
Qatar
Romania / România (Member EU, Schengen (not implemented), CE, CE185)
Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (The National Supervisory Authority For Personal Data Processing, in Romanian)
Notification Guide (Romanian)
Law no. 677/2001 (Translated PDF)
Law no. 682/2001 (Translated PDF)
Law no. 102/2005 (Translated PDF)
Law no. 55/2005 (Translated PDF)
Law no. 506/2004 (Translated PDF)
Emergency Ordinance no. 36/2007 (Translated PDF)
Law no. 298/2008 (Translated PDF)
Russia / Российская Федерация/ Russian Federation (Member CE, but NOT Ratified ETS 108)
Federal Act 24-FZ – Information, Informatization and Information Protection (Translated and now replaced by 149-FZ)
информации, информационных технологиях и о защите информации / Federal Act 149-FZ – Information, Information Technologies and Protection of Information (Russian)
Federal Act 15-FZ – "On Communication"
Federal Act 152-FZ – "On Personal Data" (Russian PDF)
Criminal Code Article 108: Violation of the Secrecy of Correspondence, Telephone Conversations, Postal, Telegraphic and Other Messages (Translated)
Russia Includes the Following Subject areas:
Adygea
Altai Republic
Bashkortostan
Buryatia
Chechnya
Chuvashia
Dagestan
Ingushetia
Kabardino-Balkaria
Kalmykia
Karachay-Cherkessia
Karelia
Khakassia
Komi
Mari El
Mordovia
North Ossetia-Alania
Sakha Republic
Tatarstan
Tuva
Udmurtia
Rwanda
Saint Kitts and Nevis / Federation of Saint Christopher and Nevis / Saint-Christophe et Nevis
Saint Lucia / Sainte Lucie
Saint Vincent and the Grenadines
Samoa / German Samoa / Western Samoa / Malo Sa'oloto Tuto'atasi o Samoa / Sāmoa
San Marino (Member CE, but NOT Ratified ETS 108)
Office of the Guarantor for the Safeguard of Confidential and Personal Data
São Tomé and Príncipe / São Tomé e Príncipe
Saudi Arabia / as-Saʿūdiyyah / Roubah El-Hali
None Found
Senegal / Sénégal
None Found
Serbia / Србија / Szerbia (Member CE)
Seychelles / Sesel
Sierra Leon
Singapore / Singapura / 新加坡 / சிங்கப்பூர்
E-Commerce Code for the Protection of Personal Information and Communications of Consumers of Internet Commerce
Slovakia / Slovensko / Szlovákia (Member EU, OECD, Schengen, CE, CEEP)
Úrad na Ochranu Osobných Údajov (Office for Personal Data Protection, in Slovak)
Act 428/2002 – Protection of Personal Data (Translated PDF)
Slovania / Slovenija / Szlovénia (Member EU, CE, CE185)
Informacijski Pooblaščenec (IP-RS, Information Commissioner, in Slovan)
Personal Data Protection Act (Translated)
Solomon Islands
Somalia / Soomaaliya / As-Sūmāl (would it matter if there was a law?)
South Africa / Suid-Afrika / (CE185)
None Found
South Korea / Chosŏn (Member OECD)
Act on Promotion of Information and Communications Network Utilization and Data Protection (Translated PDF)
Korean Internet and Security Agency (KISA)
Spain / España / Espanya / Espainia (Member EU, OECD, Schengen, CE)
Agencia Española de Protección de Datos (AEPD, in Spanish)
Protection of Personal Data Law (Translated PDF)
Law 34/2002 – Information Society Services and Electronic Commerce (Translated PDF)
Law 41/2002 – Regulating Patient Data (Translated PDF)
Law 32/200 – State Telecommunications Act (Translated PDF)
Law 62/2003 – Modifying Data Protection Regulations (Translated PDF)
Regions and Districts:
Datuak Babesteko Euskal Bulegoa / Agencia Vasca de Protección de Datos / Basque Agency for Protection of Data
Ley 2/2004, de Ficheros de Datos de Carácter Personal de Titularidad Pública y de Creación de la Agencia Vasca de Protección de Datos (Law 2/2004 Regarding Protection of Data of Personal Nature, of Public Access, and The Creation of the Basque Agency of Data Protection, translated PDF)
Ley Orgánica 15/1999, de Protección de Datos de Carácter Personal (LOPD, Law of Protection of Data of Personal Nature, in Spanish)
Agencia Catalana de Protección de Datos / Catalan Agency for Protection of Data)
Ley 5/2002, de la Agencia Catalana de Protección de Datos (Law (creating) of The Catalan Agency of Protection of Data, in Spanish)
Agencia de Protección de Datos de la Comunidad de Madrid / Community of Madrid Agency for Protection of Data, APDCM
Ley Orgánica 15/1999, de Protección de Datos de Carácter Personal (Law of The Protection of Data of Personal Character, Spanish PDF)
Ley 8/2001, de Protección de Datos de Carácter Personal en la Comunidad de Madrid (Protection of Data of Personal Character in the Community of Madrid, in Spanish)
Note: Spain also governs the following Independent Cities :
Ceuta
Melilla / Tamelilt
Note: Spain also governs the following Independent Places :
Islas Chafarinas
Peñón de Alhucemas
Peñón de Vélez de la Gomera
Note: Spain also governs the following Independent Provinces :
Balearic Islands / Illes Balears / Islas Baleares, including:
Cabrera
Formentera
Ibiza
Majorca
Minorca / Menorca
Canary Islands / Comunidad Autónoma de Canarias, including:
Alegranza
El Hierro
Fuerteventura
Gran Canaria
La Gomera
La Graciosa
La Palma
Lanzarote
Montaña Clara
Tenerife
Sri Lanka / Ceylon / ශ්රී ලංකා / இலங்கை
Sudan (Despotic Regime)
None Found
Suriname / Dutch Guiana
Swaziland / Umbuso weSwatini
Sweden / Sverige (Member EU, OECD, Schengen, CE)
Svenska Datainspektionen (Swedish Data Inspection Board, in Swedish)
Personal Data Act (PDA)
Credit Act (In Swedish)
Debt Collection Law (In Swedish) (Yes, it is relevant here)
Patient Act (Swedish PDF)
Telecommunication Privacy (In Swedish)
Swiss Confederation / Switzerland / Schweiz / Suisse / Svizzera / Svizra / Helvetica (Member OECD, Schengen, CE)
Der Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB) /
Le Préposé fédéral à la protection des données et à la transparence (PFPDT) /
L'Incaricato federale della protezione dei dati e della trasparenza (IFPDT) /
Federal Data Protection and Information Commissioner (FDPIC)
Federal Act on Data Protection (DSG / LPD / FADP, translated)
Ordinance on the Federal Act (Translated)
Les Commissaires Suisses à la Protection des Données / Die Schweizerischen Datenschutzbeauftragten / The Cantonal Privacy Commissioners' Association (Privatim, or "Privately", In French and German)
Cantons:
Beauftragte für Oeffentlichkeit und Datenschutz des Kantons Aargau / Publicity and Privacy Officer for the Canton of Aargau
Datenschutzaufsicht des Kantons Appenzell Ausserrhoden / Data Protection Supervisor of the Canton Appenzell Ausserrhoden (Outer Rhoden )
Datenschutzaufsicht des Kantons Appenzell Innerrhoden / Data Protection Supervisor of the Canton Appenzell Innerrhoden (Inner Rhoden)
Datenschutzbeauftragte des Kantons Basel-Landschaft / Data Protection Supervisor of Canton Basel-County (in German)
Datenschutzbeauftragter des Kantons Basel-Stadt / Data Protection Supervisor of the canton of Basel-City
Datenschutzbeauftragter des Kantons Berne / Data Protection Supervisor of the Canton of Bern (in German or French)
Autorité de surveillance du Canton de Friborg en Matière de Protection des Données / Authority of Surveillance and Master of Protection of Data of the Canton of Friborg (Free Castle) (in German or French)
Commission de contrôle de l'informatique de l'Etat de Genève / Commission of Control of Information for the State of Geneva
Datenschutzbeauftragter des Kantons Glarus / Data Protection Supervisor of the Canton of Glarus
Datenschutzbeauftragter der Kantonalen Verwaltung des Kantons Graubünden / Data Protection Administration Supervisor of the Canton of Graubünden (Grey Grison)
Jura Commission Cantonale de la Protection des Données Jura / Cantonal Commission of Protection of Data, Jura
Datenschutzbeauftragter des Kantons Luzern / Data Protection Supervisor of the Canton of Lucerne (in German)
Autorité de Surveillance en Matière de Protection de la Personnalité du Canton de Neuchâtel; / Authority on the Surveiliance Regrading the Matter of Protection of People in the Neuchatel Canton (In French)
Datenschutzbeauftragter des Kantone Schwyz, Obwalden und Nidwalden / Supervisor of Data Protection of the Cantons of Schwyz, Oldforest and Newforest (in almost-German)
Datenschutzbeauftragter des Kantone Schwyz , Obwalden und Nidwalden / Supervisor of Data Protection of the Cantons of Schwyz , Oldforest and Newforest (in almost-German)
Datenschutzbeauftragter des Kantone Schwyz, Obwalden und Nidwalden / Supervisor of Data Protection of the Cantons of Schwyz, Oldforest and Newforest (in almost-German)
Datenschutzbeauftragte des Kantons St. Gallen / Data Protection Supervisor of the Canton of St. Gallen (in German)
Datenschutzbeauftragter des Kantons Schaffhausen / Data Protection Supervisor of the Canton of Schaffhausen
Informations- und Datenschutzbeauftragter des Kantons Solothurn / Information and Data Protection for the Canton of Solothurn (in German)
Datenschutzbeauftragter des Kantons Thurgau / Data Protection Supervisor of the Canton of Thurgau
Incaricato della Protezione dei Dati del Republica e Cantone Ticino / Data Protection Officer of the Republic and Canton of Ticino (in Italian)
Datenschutzbeauftragter des Kantons Uri / Data Protection Supervisor of the Canton of Uri (in German)
Commission Cantonale de la Protection des Données, Valais / Cantonal Commission of Protection of Data Canton of Valais
Préposé à la Protection des Données du Canton de Vaud / Clerk of Data Protection of the Canton of Vaud
Datenschutzbeauftragter des Kantons Zug / Data Protection Supervisor of the Canton of Zug (yes, Train) (in German)
Datenschutzbeauftragter des Kantons Zürich / Data Protection Supervisor of the Canton of Zurich (in German)
Municiplaties:
Datenschutzaufsicht der Gemeinde Belp / Data Protection Supervisor of the Community of Belp
Datenschutzaufsicht der Gemeinde Berne / Data Protection Supervisor of the Community of Bern
Datenschutzbeauftragter der Einwohnergemeinde Steffisburg / Data Protection Supervisor of the Residential Community of Steffisburg
Datenschutzaufsicht der Stadt Thun / Data Protection Supervisor of the City of Thun
Datenschutzberater der Stadt Uster / Data Protection Preacher (policy maker) of the City of Uster
Syria / Sūriyah ((Despotic Regime),Member AOE ™)
None
Taiwan (Republic of China)
Computer-Processed Personal Data Protection Law (Translated PDF)
Enforcement Rules (Translated PDF)
Tajikistan / Тоҷикистон / Tojikiston
Tanzania / Jamhuri Ya Muungano Wa Tanzania (Including Tanganyika and Zanzibar)
Telecommunication Consumer Protection Regulations (PDF)
Thailand / ราชอาณาจักรไทย / Ratcha AnachakThai
Office of Official Information Commission
Tibet (under Chinese control)
Togo / République Togolaise
Tonga / Pule'anga Fakatu'i 'o Tonga
Trinidad and Tubegu
Tunisia/ Tunisie
Loi Organique Relative à la Protection des Données Personnelles (Personal Data Protection Law, no source found)
Turkey / Türkiye (Member OECD, CE)
Turkmenistan / Türkmenistan / Turkmenia / Туркмения (Despotic Regime)
Turks and Caicos
Tuvalu ·/ Ellice Islands
Ukraine / Ucrania / України (CE)
Law On Information (Translated PDF)
Law on Data Protection in Information Systems (Translated PDF)
Includes the Crimea
United Arab Emirates (Includes Abu Dhabi, Ajman, Dubai, Fujairah, Sharjah, Ras al-Khaimah and Umm al-Quwain)
Data Protection Law 2006 (it is called "2007", replaced the 2004 law. It was made by The Ruler)
Dubai International Financial Centre Authority
United Kingdom of Great Britain and Northern Ireland / Teyrnas Unedig Prydain Fawr a Gogledd Iwerddon / An Rìoghachd Aonaichte na Breatainn Mhòr agus Èirinn a Tuath / Ríocht Aontaithe na Breataine Móire agus Thuaisceart Éireann / Unitit Kinrick o Great Breetain an Northren Ireland / Ruwvaneth Unys Breten Veur hag Iwerdhon Gledh (Member OECD, EU, CE, Schengen (only partially implemented))
Data Protection Act
*Information commissioner's Office
Note: Co-administered territories:
Anguilla
Note: Overseas Territories
Bermuda
Diego Garcia (leased to the United States Government)
Gibraltar (Member EU)
Gibraltar Regulatory Authority
Data Protection Act (PDF)
Montserrat
Uruguay / República Oriental del Uruguay
Se Dictan Normas para la Protección de Datos Personales a ser Utilizados en Informes Comerciales , y se Regula la Acción de "Habeas Data". Ley 17.838 (Guidelines for the Protection of Personal Data in Use in Commercial Reports, and Regulating the Use of the "Habeas Data" Law 17.838 (In Spanish)
Uzbekistan / O‘zbekiston / Ўзбекистон
Vanuatu
Vatican (Holy See) / Vaticana / Vaticano
Venezuela / República Bolivariana de Venezuela (Despotic Regime)
Viet Nam / Việt Nam
Yemen
None Found
Zambia
Telecommunications (Consumer Protection) Regulations
Zimbabwe (Despotic Regime)
None Found