List of International Data Protection Laws
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
ABCDEFGHIJKLMNOPQRSTUV
1
CountryGeneral LawsSectoral LawsGeneral Law: Act nameOriginal journal citationOriginal journal citation URICurrent version citationCurrent version URIDo URI's resolve to open legislation?
URI set persistenceURI is conciseRating
2
Australia The federal Privacy Act 1988 (Cth) (Privacy Act) The Telecommunications Act 1997 (Cth), The Do Not Call Register Act 2007 (Cth), The Spam Act 2003 (Cth), the Corporations Act 2001 (Cth), which impose additional obligations relating to data securityThe federal Privacy Act 1988 (Cth) (Privacy Act)Act No. 119 of 1988http://www.comlaw.gov.au/Details/C2004A03712http://www.comlaw.gov.au/Details/C2013C00482CC-BY-NC-SAY4
3
Austria The Data Protection Act 2000 (Datenschutzgesetz 2000) (DSG) The Austrian Telecommunications Act (Telekommunikationsgesetz), Austrian Labour Relations Act (Arbeitsverfassungsgesetz), Banking Act (Bankwesengesetz), Trade Regulations Act (Gewerbeordnung), Penal Code(Strafgesetzbuch), Criminal Procedure Code (Strafprozessordnung), Police Act (Sicherheitspolizeigesetz) The Data Protection Act 2000 (Datenschutzgesetz 2000) (DSG)http://www.dsk.gv.at/DocView.axd?CobId=40904http://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=10001597© 2013 Bundeskanzleramt ÖsterreichN2
4
Belgium The Law on the protection of privacy in relation to the processing of personal data (Wet tot bescherming van de persoonlijke levenssfeer ten opzichte van de verwerking van persoonsgegevens/Loi relative à la protection de la vie privée à l'égard des traitements de données à caractère personnel) (DPL) of 8 December 1992 (as subsequently amended), in force 1 September 2001, implemented further by Royal Decree of 13 February 2001 (Koninklijk besluit ter uitvoering van de wet van 8 december 1992 tot bescherming van de persoonlijke levenssfeer ten opzichte van de verwerking van persoonsgegevens/Arrêté royal portant exécution de la loi du 8 décembre 1992 relative à la protection de la vie privée à l’égard des traitements de données à caractère personnel) The Electronic Communications Law of 13 June 2005 (Wet betreffende de elektronische communicatie/Loi relative aux communications électroniques), The Patient Rights Law of 22 August 2002 (Wet betreffende de rechten van de patient/Loi relative aux droits du patient)
5
Brazil No Specific Regulation No Specific Regulation
6
Canada Personal Information Protection and Electronic Documents Act (PIPEDA) (Federal level), Personal Information Protection and Electronic Documents Act (PIPEDA) (Federal level), S.C. 2000, c. 5S.C. 2000, c. 5http://laws-lois.justice.gc.ca/eng/acts/P-8.6/Copyright Government of Canada, non-commercial, personal re-useY2
7
China
8
Czech Republic The Protection of Personal Data Act No. 101/2000 Coll. as amended (PPD Act) Act on Certain Aspects of Information Society Services Information No. 480/2004 Coll., as amended, Electronic Communications Act No. 127/2005 Coll., as amendedhttp://www.uoou.cz/uoou.aspx?menu=4&submenu=5&lang=enCopyright © 2000 - 2013 The Office for Personal Data Protection, Tesco SW, a. s All rights reserved
N1
9
Finland The Personal Data Act (523/1999) (henkilötietolaki) (PDA), supplemented by Act on the Data Protection Board and the Data Protection Ombudsman (389/1994) Act on the Protection of Privacy in Electronic Communications (516/2004) (APPEC), Act on the Protection of Privacy in Working Life (759/2004) (WPA), Credit Data Act (527/2007) (CDA), Act on the Status and Rights of a Patient (785/1992), Act on Openness of Government Activities (621/1999), The Decree on Openness of Government Activities (1030/1999)
10
France Law No. 78-17 of 6 January 1978 on data processing data files and individual liberties as amended (DP Law), Law No. 2004-801 of 6 August 2004 amends the DP Law Decree No. 2005-1309 of 20 October 2005 Public Health Code - Articles L. 1110-4, L. 1111-8, L. 1112-3, L. 1121-3, L. 1142-24-4, L. 1343-3, and L. 2132-1., Monetary and Financial Code Articles L. 440-4, L. 464-1, L. 464-2, and L. 612-17., Article L. 34-5, Postal and Electronic Communications Code), (Article L. 34-1 et seq., Postal and Electronic Communications Code), Article 9 of the Civil Code http://www.ssi.ens.fr/textes/a78-17-text.htmlhttp://www.cnil.fr/index.php?id=301Copyright © 2013 CNIL République FrançaiseN2
11
Germany Federal Data Protection Act (Bundesdatenschutzgesetz) (BDSG)Telemedia Act (Telemediengesetz), Telecommunication Act (Telekommunikationsgesetz), Criminal Act (Strafgesetzbuch), Social Security Code I, II: IV, V and Xhttp://www.bfdi.bund.de/EN/DataProtectionActs/Artikel/BDSG_idFv01092009.pdf?__blob=publicationFileCopyright BDFIN1
12
Hong Kong The Personal Data (Privacy) Ordinance, Cap 486 (Ordinance) into force on 20 Dec 1996http://www.legislation.gov.hk/blis_pdf.nsf/6799165D2FEE3FA94825755E0033E532/B4DF8B4125C4214D482575EF000EC5FF?OpenDocument&bt=0Copyright Government of Hong Kong, you may download, print, disseminate and make copies of LegislationN1
13
Hungary Act CXII of 2011 on the Right to Informational Self-determination and Freedom of Information (DPA) into force 1 January 2012 Act XLVII of 1997 on Processing and Protection of Medical and Other Related Personal Data (Medical Data Act), Act LXVI of 1992 on Personal Data and Address Records of Citizens, Act C of 2003 on Electronic Communications (Electronic Communications Act), Act CXIX of 1995 on Processing of Name and Address Data for Research and Direct Marketing Purposes, Act XXII of 1992 on the Labour Code, Act LX of 2003 on Insurance Companies and Insurance Activity (Insurance Act), Act CXII of 1996 on Credit Institutions and Financial Undertakings (Credit Institutions Act), Act XLVIII of 2008 on the basic conditions of and certain restrictions on business advertising activity (Advertising Act), Act CVIII of 2001 on electronic commercial services and services related to information society (Electronic Commerce Act)http://www.naih.hu/files/ActCXIIof2011_mod_lekt_2012_12_05.pdfNo copyright informationN1
14
India Information Technology (Amendment) Act 2008 (IT Act)), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules 2011 (IT RSPPSPI Rules) Indian Telegraph Act 1885. Credit Information Companies (Regulations) Act 2005. Indian Contract Act 1872. Specific Relief Act 1963. Consumer Protection Act 1986. Indian Copyright Act 1957. Indian Penal Code 1860.
15
Ireland The Data Protection Act 1988. amended by the Data Protection (Amendment) Act 2003 (DPA). S.I. No. 336 of 2011 – European Communities (Electronic Communications Networks and Services) Regulations 2011 (Privacy and Electronic Communications) (e-Privacy Regulations). S.I. No. 421 of 2009 – Data Protection Act 1988 (section 5(1)(D)) (Specifications) Regulations 2009. S.I. No. 687 of 2007 – Data Protection (Processing of Genetic Data) Regulations 2007. S.I. No. 658 of 2007 – Data Protection (Fees) Regulations 2007. S.I. No. 657 of 2007 – Data Protection Act 1988 (section 16(1)) Regulations 2007. S.I. No. 626 of 2001 – European Communities (Data Protection) Regulations, 2001. S.I. No. 95 of 1993 – Data Protection Act 1988 (section 5(1)(D)) (Specification) Regulations, 1993. S.I. No. 83 of 1989 – Data Protection (Access Modification) (Social Work) Regulations 1989. S.I. No. 82 of 1989 – Data Protection (Access Modification) (Health) Regulations 1989. S.I. No. 81 of 1989 – Data Protection Act 1988 (Restriction of section 4) Regulations 1989. S.I. No. 351 of 1988 – Data Protection (Registration) Regulations 1988. S.I. No. 350 of 1988 – Data Protection (Registration Period) Regulations 1988http://www.irishstatutebook.ie/1988/en/act/pub/0025© Government of Ireland.Y2
16
Italy Legislative Decree 30 June 2003, no. 196 (Code)
17
Japan Act on the Protection of Personal Information (Act No. 57 of 2003) (APPI) http://www.cas.go.jp/jp/seisaku/hourei/data/APPI.pdfCopyright Cabinet Office of Japan, Private reprint and copying rightsY2
18
Luxembourg Act of 2002 relating to the protection of individuals in relation to the processing of personal data (2002 Act)
19
Mexico Bill for the Federal Law for the Protection of Personal Data in Possession of Private Persons (Personal Data Protection Law) in April 2010, published on 5 July 2010 in the Official Gazette of the Federation
20
Norway Personal Data Act (PDA). The Personal Data Regulation (PDR) The Health Register Act, The Health Research Act., The Bio Bank Act., The Police Register Act., The Schengen Information Systems Act, The National Register Act., The Penal Register Act.
21
Poland Personal Data Protection Act of 29 August 1997 (consolidated text: Journal of Laws of 2002, No 101, item 926 as amended) (PDPA) The Telecommunications Act of 16 July 2004 (Journal of Laws of 2004, No 171, item 1800 as amended., The Banking Act of 29 August 1997 (consolidated text: Journal of Laws of 2002, No 72, item 665 as amended), The Act on Providing Services by Electronic Means of 18 July 2002 (Journal of Laws of 2002, No 144, item 1204 as amended), The Labour Code of 26 June 1974 (consolidated text: Journal of laws of 1998, No 21, item 94 as amended), which provides rules on the personal data that an employer can request from an employee and from a candidate for employment
22
Qatar
23
Qatar (including Qatar Financial Centre (QFC)) The QFC Data Protection Regulations (Regulation 6 of 2005) (Data Protection Regulations), QFC Data Protection Rules (Data Protection Rules)
24
Romania Law No. 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data (DPL). Law No. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector (Romanian E-Privacy Law), Law No. 365/2002 on electronic commerce (Romanian E-commerce Law)
25
Russian Federation The Strasbourg Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data 1981 (Strasbourg Convention), Articles 23 and 24 of the Russian Constitution, The Data Protection Act No. 152 FZ dated 27 July 2006 (DPA), The Information, Information Technologies and Information Protection Act No. 149 FZ dated 27 July 2006
26
Saudi Arabia The Basic Law of Governance no: A/90 dated 27th Sha'ban 1412 H (1 March 1992) (Basic Law of Governance) covers individual privacy rights
27
South Africa
28
Spain The Data Protection Act 1999 (Ley Orgánica 15/1999 de Protección de Datos de Carácter Personal) (LOPD), Royal Decree 1720/2007 (RLOPD). Law 34/2002 of 11 July on information society services and electronic commerce (LSSI),
29
Sweden Personal Data Act (Personuppgiftslag (1998:204)) (PDA) Debt Recovery Act (Inkassolagen (1974:182)), Credit Information Act (Kreditupplysningslagen (1973:1173)), Electronic Communications Act (Lagen (2003:389) om elektronisk kommunikation), Patients' Personal Data Act (Patientdatalag (2008:355))
30
Thailand
31
Turkey
32
UK The Data Protection Act 1998 (DPA) Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR Amendments)Data Protection Act1998 c. 29http://www.legislation.gov.uk/ukpga/1998/29/enacted1998 c. 29http://www.legislation.gov.uk/id/ukpga/1998/29OGLY4
33
United Arab Emirates
34
United Arab Emirates, Dubai International Financial Centre (DIFC) DIFC Law 1 of 2007 concerning Data Protection (Data Protection Law) (preceded by DIFC Law 9 of 2004)
35
United States No single federal law No single federal law
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
Loading...