A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Identity Review’s Global Data Policy Database serves as a comprehensive record of data policies around the world. Each row is composed of region, regulation, status of the policy, a short description, and a link to find more information. This was last updated June 15, 2021. The goal of this database is to provide a straightforward, accessible resource for anyone interested in delving into global data policy. If you would like more information, please contact team@identityreview.com. | |||||||||||||||||||||||||
2 | Region | What | Regulation | Proposed/In Effect | Notes (What kind of data policy?) | Links | ||||||||||||||||||||
3 | Virginia | State | State data protection law | In effect | Consumers receive copies of their online data, amend or delete that data, or opt out of allowing big buisnesses to use the data for marketing/other purposes | https://www.virginiabusiness.com/article/va-set-to-become-2nd-state-with-consumer-data-protection-law/ | ||||||||||||||||||||
4 | California | State | State data protection law | In effect | Consumers have a right to accesss data through a data subject access request (DSAR). Businesses cannot sell consumer information without providing them an opportunity to opt out | https://www.varonis.com/blog/us-privacy-laws/ | ||||||||||||||||||||
5 | Massachusetts | State | Data Privacy Law (S-120) | Proposed | Similar to CCPA, but consumers can sue for any violation of the proposed MA law. | https://www.varonis.com/blog/us-privacy-laws/ | ||||||||||||||||||||
6 | New York | State | S5642 | Proposed | Applies to all businesses without any revenue threshold (different from MA, CA, and VA). Businesses are legally responsble for the consumer data they hold. Very strict proposition, consumers can correct inaccurate information, making it more similar to the EU GDRP | https://www.varonis.com/blog/us-privacy-laws/ | ||||||||||||||||||||
7 | Hawaii | State | SB 148 | Proposed | Very similar to the CCPA, but legal document does not explicitly say it applies to websites that conduct business in HI. Websites based anywhere in the world could violate the law if they don't offer adequate protection as outlined in the bill | https://www.varonis.com/blog/us-privacy-laws/ | ||||||||||||||||||||
8 | Maryland | State | SB 613 | Proposed | Companies are required to disclose information that is passed onto third parties, even if the data is transferred for free.Also prohibits websites from knowinly disclosing any personal informaiton collected about childrne | https://www.varonis.com/blog/us-privacy-laws/ | ||||||||||||||||||||
9 | North Dakota | State | HB 1485 | Proposed | Currently in the state's House of Representatives. The most significant clause would completely retrict websites from passing on any information to third parties without consent of users. There is no right to have information removed to deleted once consent has been granted. The most lightweight bill currently proposed in the U.S | https://www.varonis.com/blog/us-privacy-laws/ | ||||||||||||||||||||
10 | European Union | Region | GDPR | In effect | Protection of natural persons personal data and the free movement of such data. | https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en | ||||||||||||||||||||
11 | European Union | Region | Data Protection Law Enforcement Directive | In effect | Protects citizens' fundamental right to data protection whenever personal data is used by criminal law enforement authorities | https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en | ||||||||||||||||||||
12 | New York | State | NY SHIELD ACT | In effect | Requires any preson or business owning data that includes private infromation of an NY resident to implement and maintain reasonable safeguards to protect the security, confidentiality, and integrity of the private information | https://www.natlawreview.com/article/new-york-shield-act-faqs | ||||||||||||||||||||
13 | Illinois | State | Biometic Information Privacy Act | In effect | imposes requirements on buisnesses that collect biometic information. One of the only state laws regulating biometic usage that allows private individuals to bring suit and recover damages for violations. | https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57 | ||||||||||||||||||||
14 | United States | Country | Gramm Leach Bliley Act | In effect | governs the protection of personal informaiton in hands of banks, insurance companies and other companies in the financial service industry. | https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57 | ||||||||||||||||||||
15 | United States | Country | Fair Credit Reporting Act | In effect | restricts the use of infomration with a bearing on an individuals creditworthiness, credit standing, credit capacity, character, and general reputation. requires truncation of credit card numbers of printed receipts | https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57 | *comparison table: https://iapp.org/resources/article/state-comparison-table/ | |||||||||||||||||||
16 | Michigan | State | SB 172 | In effect | modifies requirements for insurers providng privact policies to customers | https://www.ncsl.org/research/telecommunications-and-information-technology/2020-consumer-data-privacy-legislation637290470.aspx | ||||||||||||||||||||
17 | Virginia | State | SB 101 | In effect | allows a mechant to scan the machine readable zone of an individual's drivers liscense for verification purposes, but requires the mechant to destroy the retained information | https://www.ncsl.org/research/telecommunications-and-information-technology/2020-consumer-data-privacy-legislation637290470.aspx | ||||||||||||||||||||
18 | California | State | AB 82 | In effect | requires data broker registration fees to be used to offset costs for an internet website where the information provided by data brokers is accessible to the public | https://www.ncsl.org/research/telecommunications-and-information-technology/2020-consumer-data-privacy-legislation637290470.aspx | ||||||||||||||||||||
19 | California | State | AB 713 | In effect | Exempts from the Consumer privacy act information that was deidentifed in accordance with specifed federal law or policy | https://www.ncsl.org/research/telecommunications-and-information-technology/2020-consumer-data-privacy-legislation637290470.aspx | ||||||||||||||||||||
20 | California | State | AB 1281 | In effect | exempts from the CCPA certain employment information and personal information involved in business to business communications and transactions | https://www.ncsl.org/research/telecommunications-and-information-technology/2020-consumer-data-privacy-legislation637290470.aspx | ||||||||||||||||||||
21 | United States | Country | Telephone Consumer Protection Act | In effect | regulate calls and text messages to monile phones that are made for marketing purproses | https://iclg.com/practice-areas/data-protection-laws-and-regulations/usa#:~:text=There%20is%20no%20single%20principal%20data%20protection%20legislation%20in%20the%20United%20States.&text=broadly%20empowers%20the%20U.S.%20Federal,privacy%20and%20data%20protection%20regulations. | ||||||||||||||||||||
22 | United States | Country | Payment Card Data Security Standard | In effect | regulations for major credit card companies required for buisnesses that process, store, or transmit payment card data | |||||||||||||||||||||
23 | Nevada | State | SB 220 | In effect | relates to internet privacy, prohibits the sale of certain consumer information | https://iapp.org/resources/article/state-comparison-table/ | ||||||||||||||||||||
24 | Alabama | State | HB 216 | Proposed | Alabama Consumer Privacy Act - allows consumers to opt in or out of sale of personal information with certain conditions, resquires buisnesses to make certain disclosures | https://iapp.org/resources/article/state-comparison-table/ | ||||||||||||||||||||
25 | Arizona | State | HB 2865 | Proposed | personal data, processing, security standards | https://apps.azleg.gov/BillStatus/BillOverview/76066?SessionId=123 | ||||||||||||||||||||
26 | Kentucky | State | HB 408 | Proposed | Kentucky Consumer Privacy Act | https://apps.legislature.ky.gov/record/21rs/hb408.html | ||||||||||||||||||||
27 | Maryland | State | SB 0930 | Proposed | Maryland Online Consumer Protection Act | https://fastdemocracy.com/bill-search/md/2021/bills/MDB00023828/ | ||||||||||||||||||||
28 | New York | State | A 680 | Proposed | New York Privacy Act | https://www.nysenate.gov/legislation/bills/2021/A680 | ||||||||||||||||||||
29 | New York | State | SB 567 | Proposed | Allow consumers the right to request fron businesses the categories of personal information a business has sold or disclosed to third parties | https://www.nysenate.gov/legislation/bills/2021/S567 | ||||||||||||||||||||
30 | Oklahoma | State | HB 1602 | Proposed | Oklahoma Computer Data Privacy Act | http://www.oklegislature.gov/BillInfo.aspx?Bill=HB1602 | ||||||||||||||||||||
31 | Washington | State | HB 1433 | Proposed | People's Privacy Act | https://app.leg.wa.gov/billsummary?BillNumber=1433&Year=2021&Initiative=false | ||||||||||||||||||||
32 | Washington | State | SB 5062 | Proposed | Washington Privacy Act 2021 | https://app.leg.wa.gov/billsummary?BillNumber=5062&Initiative=false&Year=2021 | ||||||||||||||||||||
33 | Canada | Country | CPPA | In effect | Canada Consumer Privacy Act - protects consumers control over their data and promotes improved transparency regarding how organizations use data containing personal identifers | https://www.jdsupra.com/legalnews/coming-soon-canada-s-new-privacy-law-3558341/ | ||||||||||||||||||||
34 | Canada | Country | PIPEDA | In effect | Personal Information Protection and Electonic Documents Act - governs how organizations use, collect and disclose presonal information in the course of personal buisness | https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/ | ||||||||||||||||||||
35 | Mexico | Country | Federal Law on Protection of Personal Data Held by Private Parties | In effect | Regulates informationla self-determination. Its provisions apply to all natural or legal persons who carry out the processing of personal data in activites (banks, insurface, hospitals, schools, etc.) | https://www.dlapiperdataprotection.com/index.html?t=law&c=MX | ||||||||||||||||||||
36 | Mexico | Country | The General Law on Protection of Personal Data Held by Mandated Parties | In effect | Federal, state, and municipal privacy laws. | https://www.dlapiperdataprotection.com/index.html?t=law&c=MX | ||||||||||||||||||||
37 | Mexico | Country | The Recommendations on Personal Data Security | In effect | entered into force in 2011 | https://www.dlapiperdataprotection.com/index.html?t=law&c=MX | ||||||||||||||||||||
38 | Mexico | Country | The Parameters for Self-Regulation regarding personal data | In effect | in effect in 2014 | https://www.dlapiperdataprotection.com/index.html?t=law&c=MX | ||||||||||||||||||||
39 | Mexico | Country | The General Law on Protection of Personal Data in Possession of Obligated Subject | In effect | in effect in 2017 | https://www.dlapiperdataprotection.com/index.html?t=law&c=MX | ||||||||||||||||||||
40 | Alberta | State | Personal Information Protection Act | In effect | applies to provincially regulated private sector organizations in Alberta to provide a right of access to an individual's personal information | https://www.alberta.ca/personal-information-protection-act.aspx | ||||||||||||||||||||
41 | British Columbia | State | Personal Information Protection Act | In effect | applies to provincially regulated private sector organizations in BC to provide a right of access to an individual's personal information | https://www.oipc.bc.ca/about/legislation/ | ||||||||||||||||||||
42 | Quebec | State | Quebec Privacy Act | In effect | applies to provincially regulated private sector organizations in Quebec to provide a right of access to an individual's personal information | http://legisquebec.gouv.qc.ca/en/showdoc/cs/P-39.1 | ||||||||||||||||||||
43 | Honduras | Country | National Constitution Article 182 | In effect | gives individuals the right to access any file or record that contains information that may produce damage | |||||||||||||||||||||
44 | Honduras | Country | Law of the Civil Registry | In effect | refers only to public personal information that is contained in the archives of the Civil Registry. | https://www.dlapiperdataprotection.com/index.html?t=law&c=HN | ||||||||||||||||||||
45 | Honduras | Country | Law for Transparency and for Access to Public Information | In effect | access of any person to all the information contained in public entities, except that which is classified as 'Confidential.' | https://www.dlapiperdataprotection.com/index.html?t=law&c=HN | ||||||||||||||||||||
46 | Brazil | Country | Brazilian General Data Protection Law (LGPD) | In effect | the first comprehensive data protection regulation, largely aligned to GDPR | https://gdpr.eu/gdpr-vs-lgpd/ | ||||||||||||||||||||
47 | Costa Rica | Country | Law No. 7975 - Undisclosed Information Law | In effect | makes it a crime to disclose confidential and or personal information without authorization | https://www.dlapiperdataprotection.com/index.html?t=law&c=CR | ||||||||||||||||||||
48 | Costa Rica | Country | Law No. 8968 - Protection in the Handling of the Personal Data of Individuals | In effect | regulates companies that administers databses containing personal information | https://gdpr.eu/gdpr-vs-lgpd/ | ||||||||||||||||||||
49 | Panama | Country | Law No. 81 | In effect | 47 articles that reglates the principles, obgliations, and procedures applicable to the protection of personal data in Panama, expected to be further regulated by an Executive Decree, which will be published later in 2021 | |||||||||||||||||||||
50 | Cayman Islands | Country | Data Protection Law | In effect | regulates whethern an organization is established in the Cayman Islands, or only has personal data processed in the Cayman Islands | https://www.dlapiperdataprotection.com/index.html?t=law&c=KY | ||||||||||||||||||||
51 | Domincan Republic | Country | Protection of Personal Data Act | In effect | regulates the collection, storage, and safekeeping of personal data as well as usage and access rights | https://www.dlapiperdataprotection.com/index.html?t=law&c=DO | ||||||||||||||||||||
52 | Trinidad and Tobago | Country | Data Protection Act | In effect | provides protection of personal privacy information processed and collected by public bodies and private organizations | https://www.dlapiperdataprotection.com/index.html?t=law&c=TT&c2=AO | ||||||||||||||||||||
53 | Colombia | Country | Law 1266 | In effect | regulates the processing of financial data, credit records, and commercial information collected in Colombia or abroad | https://www.dlapiperdataprotection.com/index.html?t=law&c=CO | ||||||||||||||||||||
54 | Colombia | Country | Law 1581 | In effect | defines special categories of data including sensitive data, and data collected from minors | https://www.dlapiperdataprotection.com/index.html?t=law&c=CO | ||||||||||||||||||||
55 | Peru | Country | Personal Data Protection Law. No 29733 | In effect | provides provisions for activities related to companies that handle personal information related to financial, commerical tax, employment or insurance obligations, and other sensitve data | https://www.dlapiperdataprotection.com/index.html?t=law&c=PE | ||||||||||||||||||||
56 | Bolivia | Country | Bill of Personal Data Protection | In effect | Any individual who believes to be prevented from objtecting, knowing or obtaining registered data in public or private files may file a Private Protection Action | https://www.dlapiperdataprotection.com/index.html?t=law&c=BO | ||||||||||||||||||||
57 | Paraguay | Country | Law No. 6534 - Personal Credit Data Protection Law | In effect | regulates the use of private information | https://www.dlapiperdataprotection.com/index.html?t=law&c=PY | ||||||||||||||||||||
58 | Paraguay | Country | Law No. 4868 - Electonic Commerce Law | In effect | regulates electronic commerce and data collection procedures | https://www.dlapiperdataprotection.com/index.html?t=law&c=PY | ||||||||||||||||||||
59 | Chile | Country | Law 19,628/1999 | In effect | provides data subjects with the right to access, rectify, delete, block and object to processing of personal data | https://www.dlapiperdataprotection.com/index.html?t=law&c=CL | ||||||||||||||||||||
60 | Chile | Country | Law 20,575/2012 | In effect | esblishes the purpose principle for the processing of personal data of an economic, financial, banking or commercial nature | https://www.dlapiperdataprotection.com/index.html?t=law&c=CL | ||||||||||||||||||||
61 | Argentina | Country | Law 25,326 - Personal Data Protection Law | In effect | follows international standards, and has been considered as granding adequate protection by the European commission. | https://www.dlapiperdataprotection.com/index.html?t=law&c=AR | ||||||||||||||||||||
62 | Uruguay | Country | Data Protection Law No. 18.331 | In effect | personal data protection laws | https://www.dlapiperdataprotection.com/index.html?t=law&c=UY | ||||||||||||||||||||
63 | Australia | Country | Privacy Act | In effect | apply to all private sector entiries - regulates the handling of personal information | https://www.dlapiperdataprotection.com/index.html?t=law&c=AU | ||||||||||||||||||||
64 | Australian Capital Territory | Region | Information Privacy Act 2014 | In effect | specific privacy laws to the Australian Capital territory | https://www.legislation.act.gov.au/a/2014-24/ | ||||||||||||||||||||
65 | Australian Northern Territory | Region | Information Act 2002 | In effect | combines laws related to privacy, freedom of information, and public records in one Act | https://www.dlapiperdataprotection.com/index.html?t=law&c=AU | ||||||||||||||||||||
66 | New South Wales | Region | Privacy and Personal Information Protection Act 1998 | In effect | deals with how NSW government agencies manage personal information. It applies to state government agencies, statutory or declared authorities, the police service and local councils | https://www.dlapiperdataprotection.com/index.html?t=law&c=AU | ||||||||||||||||||||
67 | Queensland | Region | Information Privacy Act 2014 | In effect | The information privacy act introduced the Territory Privacy Principles, which set out standards for handling personal information. | https://www.dlapiperdataprotection.com/index.html?t=law&c=AU | ||||||||||||||||||||
68 | Tasmania | State | Personal Information Protection Act 2004 | In effect | Creates a consisten approach to protecting presonal health information | https://www.dlapiperdataprotection.com/index.html?t=law&c=AU | ||||||||||||||||||||
69 | Victoria | State | Privacy and Data Protection Act 2014 | In effect | 10 Information Privacy Princiles that outline how public sector organizations must handle your personal information | https://www.dlapiperdataprotection.com/index.html?t=law&c=AU | ||||||||||||||||||||
70 | Australia | Country | Consumer Data Right (CDR) | Proposed | allows a consumer to obtain certain data about that consumer by a third party and require data be given to accredited third parties for certain purposes. | https://www.dlapiperdataprotection.com/index.html?t=law&c=AU | ||||||||||||||||||||
71 | New Zealand | Country | The Privacy Act 2020 | In effect | governs how agencies collect, use, disclose, store, retain and give access to personal information. | https://www.dlapiperdataprotection.com/index.html?t=law&c=NZ | ||||||||||||||||||||
72 | China | Country | The Civil Code of China | In effect | Comprehensively strengthens protection of people's various rights. Right of Privacy is detailed in the chapter with “Privacy and Personal Information Protection,” which contains detailed provisions to protect privacy and personal information. Also covers Tort Liabilities and contains several articles relating to network infringement. This newer code replaces previous civil laws, the relevant ones relating to data policy are the Tort Law and General Principles of Civil Law. | http://english.www.gov.cn/archive/lawsregulations/202012/31/content_WS5fedad98c6d0f72576943005.html | ||||||||||||||||||||
73 | China | Country | Cybersecurity Law | In effect | Increase data protection, data localization, and cybersecurity in the interest of national security. Defines obligations for "network operators" and “providers of network products and services.” | https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-cybersecurity-law-peoples-republic-china/ | ||||||||||||||||||||
74 | China | Country | National Standard of Information Security Technology | In effect | Personal Information Security Specification (PIS Specification) - systematic, national standard set by the People's Republic of China in order to protect personal information and how it is shared both domestically and abroad. | https://www.tc260.org.cn/upload/2020-09-18/1600432872689070371.pdf | ||||||||||||||||||||
75 | China | Country | Guidelines on Internet Personal Information Security Protection | In effect | Technical guide (covering in detail key issues such as data transfers, sensitive personal information and data subject rights), and thus not legally binding, they are highly persuasive. Recommendations for protecting personal information | http://www.cicpa.org.cn/Column/hyxxhckzl/zcyxs/201904/W020190429563470312325.pdf | ||||||||||||||||||||
76 | China | Country | Decision on Strengthening Online Information Protection | In effect | Protect online information security, safeguard the lawful rights and interests of citizens, legal entities or other organizations, and ensure national security and public interests. | https://chinacopyrightandmedia.wordpress.com/2012/12/28/national-peoples-congress-standing-committee-decision-concerning-strengthening-network-information-protection/ | ||||||||||||||||||||
77 | China | Country | PRC Data Security Law | Proposed | Builds on existing structures set up by the Cybersecurity Law and related regulations and introduces rules around markets for data, government data collection and handling, and classification of different types of data. | https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-chinas-data-security-law-draft/ | ||||||||||||||||||||
78 | China | Country | PRC Personal Information Protection Law | Proposed | The first comprehensive national level personal information protection law in the PRC, creating binding compliance obligations previously considered recommended practice (under the Guidelines), and requiring organizations to comply with new compliance steps. | https://www.newamerica.org/cybersecurity-initiative/digichina/blog/chinas-draft-personal-information-protection-law-full-translation/?utm_campaign=Marketing_Cloud&utm_medium=email&utm_source=Standalone+Call+for+Comments+Personal+Information+-+10.27.20&%20utm_content=https%3a%2f%2fwww.newamerica.org%2fcybersecurity-initiative%2fdigichina%2fblog%2fchinas-draft-personal-information-protection-law-full-translation%2f | ||||||||||||||||||||
79 | South Korea | Country | Personal Information Protection Act ("PIPA") | In effect | A general, comprehensive statute. It prescribes how personal data is processed in order to protect the rights and interests of all citizens and further realize the dignity and value of each individual. The Act aims to protect personal data from unnecessary collection, unauthorized use or disclosure, and abuse. | https://www.privacy.go.kr/eng/laws_view.do?nttId=8186&imgNo=3 | ||||||||||||||||||||
80 | South Korea | Country | Credit Information Use and Protection Act | In effect | Regulates personal credit information. Foster a stable credit information industry, promote the efficient utilization and systematic management of credit information, and protect personal and credit information from misuse and abuse. | https://www.privacy.go.kr/eng/laws_view.do?nttId=8188&imgNo=2 | ||||||||||||||||||||
81 | South Korea | Country | Act on Promotion of Information and Communications Network Utilization and Information Protection (“Network Act”) | In effect | Promote the use of information and communications networks, to protect the user’s personal information when they are in use of information and communications services, and to construct a milieu within which users can safely use information and communications networks with the aim of improving individual lives as well as the general public welfare. | https://www.privacy.go.kr/cmm/fms/FileDown.do?atchFileId=FILE_000000000830762&fileSn=0#:~:text=Article%201%20(Purpose)%20The%20purpose,communications%20networks%20in%20order%20to | ||||||||||||||||||||
82 | South Korea | Country | Act on the Protection, Use, ETC. of Location Information | In effect | Protect privacy from the divulging, abuse and misuse of location information, provide a safe environment for using location information | https://elaw.klri.re.kr/eng_service/lawView.do?hseq=43349&lang=ENG | ||||||||||||||||||||
83 | Japan | Country | Act on the Protection of Personal Information ("APPI") | In effect | Regulates privacy protection issues in Japan and the Personal Information Protection Commission ("PPC"), a central agency acts as a supervisory governmental organization on issues of privacy protection. | https://www.cas.go.jp/jp/seisaku/hourei/data/APPI.pdf | ||||||||||||||||||||
84 | Russia | Country | Russian Constitution, Articles 23 and 24 | In effect | Establishes the right to privacy of each individual | https://www.dataguidance.com/legal-research/constitution-russian-federation-12-december-1993 | ||||||||||||||||||||
85 | Russia | Country | Data Protection Act No. 152 FZ (DPA) | In effect | Backbone of Russian privacy laws. Requires data operators to take "all the necessary organizational and technical measures required for protecting personal data against unlawful or accidental access | https://iapp.org/media/pdf/knowledge_center/Russian_Federal_Law_on_Personal_Data.pdf | ||||||||||||||||||||
86 | Russia | Country | Information, Information Technologies and Information Protection Act No. 149 FZ ("Law on Information") | In effect | Establishes basic rules as to the information in general and its protection. | http://www.kremlin.ru/acts/bank/24157 | ||||||||||||||||||||
87 | Taiwan | Country | Personal Data Protection Act (“PDPA”) | In effect | Regulate the collection, processing and use of personal data so as to prevent harm on personality rights, and to facilitate the proper use of personal data. | https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=I0050021 | ||||||||||||||||||||
88 | Taiwan | Country | Enforcement Rules of the Personal Data Protection Act (“Enforcement Rules”) | In effect | Provides further guidelines on the interpretation and implementation of the PDPA. | https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=I0050022 | ||||||||||||||||||||
89 | Phillipines | Country | Data Privacy Act of 2012 (“Act”) | In effect | The governing law on data privacy matters in the Philippines. Protects the fundamental human right of privacy. | https://www.privacy.gov.ph/data-privacy-act/#1 | ||||||||||||||||||||
90 | Hong Kong | Country | Personal Data (Privacy) Ordinance | In effect | Regulates the collection and handling of personal data. | https://www.elegislation.gov.hk/hk/cap486 | ||||||||||||||||||||
91 | Macau | Country | Personal Data Protection Act 8/2005 | In effect | Establishes the legal system on the processing and protection of personal data. | https://www.gpdp.gov.mo/uploadfile/2013/1217/20131217120421182.pdf | ||||||||||||||||||||
92 | Macau | Country | Cybersecurity Law 13/2019 | In effect | Establishes and regulates the network security system of the Macau Special Administrative Region to protect the information network, computer system and computer data of key infrastructure operators. | https://bo.io.gov.mo/bo/i/2019/25/lei13_cn.asp#13 | ||||||||||||||||||||
93 | Vietnam | Country | Constitution 2013 (“Constitution”) | In effect | Right of privacy and right of reputation, dignity and honour and fundamental principles of such rights | https://www.constituteproject.org/constitution/Socialist_Republic_of_Vietnam_2013.pdf?lang=en | ||||||||||||||||||||
94 | Vietnam | Country | Civil Code 2015 (“Civil Code”) | In effect | Right of privacy and right of reputation, dignity and honour and fundamental principles of such rights. Article 38 provides rules for the collection, storage, processing, use, disclosure, and publication of personal information. | https://thuvienphapluat.vn/van-ban/Quyen-dan-su/Bo-luat-dan-su-2015-296215.aspx | ||||||||||||||||||||
95 | Vietnam | Country | Law No. 86/2015/QH13 ("Network Information Security Law") | In effect | Enforces data privacy rights for individual data subjects. Provides regulations on network information security activities, rights and duties of agencies, organizations and individuals in securing network information security; civil cryptography. | https://english.mic.gov.vn/Upload/VanBan/Law-on-Network-Information-Security-16-05-30.pdf | ||||||||||||||||||||
96 | Vietnam | Country | Law No. 67/2006/QH11 ("IT Law") | In effect | Governs information technology applications and development, sets out the rights and obligations of agencies, organisations, and individuals engaged in these activities, as well as regulates the collection, processing, use, storage, and provision of personal data on a network environment. | http://www.chinhphu.vn/portal/page/portal/chinhphu/hethongvanban?class_id=1&mode=detail&document_id=29137 | ||||||||||||||||||||
97 | Vietnam | Country | Law No. 51/2005/QH11 ("E-transacations Law") | In effect | Governs electronic transactions by state agencies as well as the private sector and generally prohibits the use, provision, or disclosure of data, which can be accessed in relation to an electronic transaction, without consent. | http://vanban.chinhphu.vn/portal/page/portal/chinhphu/hethongvanban?class_id=1&_page=2&mode=detail&document_id=29675 | ||||||||||||||||||||
98 | Vietnam | Country | Law No. 59/2010/QH12 ("Protection of Consumers' Rights Law") | In effect | Sets out a variety of consumer rights and details organisations' obligations to protect consumer information. | http://vanban.chinhphu.vn/portal/page/portal/chinhphu/hethongvanban?class_id=1&mode=detail&document_id=96053 | ||||||||||||||||||||
99 | Vietnam | Country | Law No. 41/2009/QH12 ("Telecommunications Law") | In effect | Regulates telecommunications activities and the rights and obligations of those working in the telecommunication industry, and expressly requires telecommunications enterprises not to disclose information of an end-user without consent from such end-user or a valid request from a competent authority. | http://vanban.chinhphu.vn/portal/page/portal/chinhphu/hethongvanban?class_id=1&mode=detail&document_id=92518 | ||||||||||||||||||||
100 | Vietnam | Country | Personal Data Protection Decree (PDPD) | Proposed | Would consolidate all data protection laws and regulations into one comprehensive data protection law. Would adopt a GDPR-type framework. Proposed effective date Dec. 1, 2021 | https://www.bakermckenzie.com/en/insight/publications/2020/04/draft-decree-on-personal-data-protection |