Global Privacy Laws

At present, nearly 110 countries have data protection and privacy laws in place. An extensive list and links to Data Protection and Privacy laws of various countries around the globe is provided below*

AustriaNetherlandsBrazil India Morocco South Africa Vietnam
BelgiumMaltaBritish Virgin Islands Iran Mozambique South Korea Zambia
BulgariaPolandBurundi Indonesia Namibia Switzerland Zimbabwe
CroatiaPortugalCanada Israel New Zealand Taiwan
CyprusRomaniaCape Verde Japan Nigeria Tajikistan
Czech RepublicSlovakiaCayman IslandsJerseyNorth Macedonia Thailand
DenmarkSloveniaChile Kazakhstan Norway Trinidad and Tobago
EstoniaSpainChina Kenya Pakistan   Tunisia
FinlandSwedenColombiaKuwait Panama Turkey
FranceUnited Kingdom Costa Rica Kyrgyzstan Paraguay Turkmenistan
GermanyAngola Dominican Rebublic Lesotho Paraguay UAE
GreeceArgentina Egypt Macau Peru Uganda
HungaryAustralia Ethiopia Madagascar Philippines Ukraine
IrelandBahrain Ghana Malaysia Qatar United Kingdom
ItalyBelarus Guernsey Mauritius Russia United States
LatviaBermuda Honduras Mexico Saudi Arabia Uruguay
LithuaniaBolivia Hong Kong Monaco Serbia Uzbekistan
LuxembourgBosnia And Herzegovina Iceland Montenegro Singapore Venezuela
Arranged as available below. Read from top to bottom. Click and jump to state block.

European Union

GDPR is applicable to Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden.

Apart from GDPR each member states have specific law applicable the list of which is enumerated below:






Czech Republic






















Other than European Union


Recently, Bill No. MEN-2018-147-APN-PTE has been placed aiming to replace the Act in lines with the GDPR


Privacy (Commonwealth):

Privacy (State and Territory — public sector only):

Health sector-specific (Commonwealth):

Health sector-specific (State / Territory):


Surveillance (including workplace surveillance):


Various other laws deal with aspects of national security in Australia, which may have implications for data security, including:

Freedom of information (FOI) laws:



  • Personal Data Protection Law (Data Protection Law) No. 30/18
  • Constitution of Bahrain 2002 provides citizens with a right to privacy, including confidentiality relating to postal, telegraphic, telephone and electronic communications *
  • Amiri Decree No. 15 of 1976 with respect to the Penal Code, protects individuals’ right to privacy with provisions allowing sanctions against those who disclose information without consent from the concerned person
  • Legislative Decree No. 9 of 1984 with respect to Central Population Register, prohibits divulging demographic information and imposes sanctions against those who disclose information without the consent from the concerned person
  • Legislative Decree No. 54 of 2018 with respect to Electronic Letters and Transactions, which will come into force on February 1, 2019, protects the confidentiality of electronic records
  • Legislative Decree No. 48 of 2002 with respect to Telecommunications, prohibits divulging confidential information
  • Decree No. 64 of 2006 with respect to the Central Bank of Bahrain and Financial Institutions Law, contains provisions relating to confidential information and disclosing such information
  • Resolution No. 8 of 2009 with respect to Licensees to implement Lawful Access, protects the subscriber’s right to privacy in the telecommunications services domain
  • Consumer Protection Guidelines Reference No. CCA/1112/451 (December 29, 2011), contains provisions on consumer privacy relating to personal information and calling patterns
  • Law No. 35 of 2012 with respect to Consumer Protection, protects consumer privacy to maintain personal information and keep it from being exploited for other purposes
  • Law No. 36 of 2012 with respect to Labour Law in the Private Sector, provides a right to privacy for employee data
  • Decree No. 16 of 2014 with respect to the Protection of Information and National Documents, covers the importance of information relating to national security
  • The Resolution No. 3 of 2015 with respect to Bulk Messaging protects recipients from unsolicited and solicited messages
  • Law No. 60 of 2014 with respect to Information Technology Crimes, mentions the penalties of unlawful taping, capturing or intercepting, by technical means, any non-public transmission of information devices data to, from or within an information technology system.


British Virgin Islands


  • Burundi does not have a law that specifically regulates personal data protection.
  • Law no 1/012 of May 30, 2018 governs the Code of Health Care and Health Services Provision in Burundi, healthcare institutions
  • Law No. 1/17 of August 22, 2017 governs banking activities
  • Legislative Decree No. 100/153 of June 17, 2013 governs the Regulation of the Control and Taxation System for International Telephone Communications entering Burundi
  • Decree-Law No. 100/112 of April 5, 2012 governs the Reorganization and Operation of the Telecommunications Regulatory
  • Control Agency ‘ARCT’; Ministerial Ordinance No. 730/1056 of November 7, 2007 governs the interconnection of telecommunications networks and services opened to the public.


Dominican Rebublic







New Zealand

North Macedonia


  • Norwegian Personal Data Act (in Norwegian only)
  • EU General Data Protection Regulation Although not being a member of the EU, Norway is a member of the European Economic Area (EEA). The GDPR was incorporated into the EEA agreement and became applicable in Norway. Norway is thus bound by the GDPR in the same manner as EU Member States.



  • Law 51 of July 22, 2008, as amended by Law 82 of November 9, 2012 (“Law 51”)
  • Executive Decree No. 40 of May 19, 2009 (“Decree 40”)
  • Executive Decree No. 684 of October 18, 2013 (“Decree 684”)
  • Law 81 of March 26th 2019
  • Executive Decree No. 285 of May 28th, 2021



  • The Data Protection Act (the ‘Act’) was enacted in 2003 (not yet in force)


  • Personal Data Protection Law, No.1537 of 3 August 2018
  • Protection Data Law, No.631 of 15 May 2002
  • Informatization Law, No. 40 of 6 August 2001
  • Information Law, No.609 of 10 May, 2002
  • Regulation on Certification of Information Security Facilities, Attestation of Information Objects and the Procedure for
  • Their State Registration, No.404 of 1 October 2004
  • The List of Information Security Facilities Subject to State Certification, No.424 of 24 February 2008

UAE- Abu dhabi

UAE- Dubai

UAE- Dubai Health Care City Free Zone

UAE- General


United States




*Disclaimer: This general information is provided for reference purpose only. It is informed that laws are subject to frequent updation and each jurisdiction may have additional civil laws and policies in place. Also link to laws provided for certain countries are of unofficial english translation therefore readers are advised to cross-check/ validate the information provided from official sources.