Table of contents


Bahrain
- Personal Data Protection Law (Data Protection Law) No. 30/18
- Constitution of Bahrain 2002 provides citizens with a right to privacy, including confidentiality relating to postal, telegraphic, telephone and electronic communications *
- Amiri Decree No. 15 of 1976 with respect to the Penal Code, protects individuals’ right to privacy with provisions allowing sanctions against those who disclose information without consent from the concerned person
- Legislative Decree No. 9 of 1984 with respect to Central Population Register, prohibits divulging demographic information and imposes sanctions against those who disclose information without the consent from the concerned person
- Legislative Decree No. 54 of 2018 with respect to Electronic Letters and Transactions, which will come into force on February 1, 2019, protects the confidentiality of electronic records
- Legislative Decree No. 48 of 2002 with respect to Telecommunications, prohibits divulging confidential information
- Decree No. 64 of 2006 with respect to the Central Bank of Bahrain and Financial Institutions Law, contains provisions relating to confidential information and disclosing such information
- Resolution No. 8 of 2009 with respect to Licensees to implement Lawful Access, protects the subscriber’s right to privacy in the telecommunications services domain
- Consumer Protection Guidelines Reference No. CCA/1112/451 (December 29, 2011), contains provisions on consumer privacy relating to personal information and calling patterns
- Law No. 35 of 2012 with respect to Consumer Protection, protects consumer privacy to maintain personal information and keep it from being exploited for other purposes
- Law No. 36 of 2012 with respect to Labour Law in the Private Sector, provides a right to privacy for employee data
- Decree No. 16 of 2014 with respect to the Protection of Information and National Documents, covers the importance of information relating to national security
- The Resolution No. 3 of 2015 with respect to Bulk Messaging protects recipients from unsolicited and solicited messages
- Law No. 60 of 2014 with respect to Information Technology Crimes, mentions the penalties of unlawful taping, capturing or intercepting, by technical means, any non-public transmission of information devices data to, from or within an information technology system.

Burundi
- Burundi does not have a law that specifically regulates personal data protection.
- Law no 1/012 of May 30, 2018 governs the Code of Health Care and Health Services Provision in Burundi, healthcare institutions
- Law No. 1/17 of August 22, 2017 governs banking activities
- Legislative Decree No. 100/153 of June 17, 2013 governs the Regulation of the Control and Taxation System for International Telephone Communications entering Burundi
- Decree-Law No. 100/112 of April 5, 2012 governs the Reorganization and Operation of the Telecommunications Regulatory
- Control Agency ‘ARCT’; Ministerial Ordinance No. 730/1056 of November 7, 2007 governs the interconnection of telecommunications networks and services opened to the public.

Cape Verde
- Data Protection Law (Law 133/V/2001)
- Amendment to Law 133/V/2001 by the introduction of Law 121/IX/ 2021 on 17 March, 2021.
- Law 42/VIII/2013 of 17 September for the formulation of National Commission of Data Protection (‘CNPD’).
- Video surveillance law of 2015

Ethiopia
- 1995 Constitution of the Federal Democratic Republic of Ethiopia
- 2005 Criminal Code of the Federal Democratic Republic of Ethiopia
- 1960 Civil Code Computer
- Crime Proclamation No. 958/2016
- Freedom of the Mass Media and Access to Information Proclamation No. 590/2008
- Mass Media and Access to Information Proclamation No. 590/2008 (as amended by the Media Proclamation No. 1238/2021)


Iran
- Sharia law principles
- Personal Data Protection and Safeguarding Draft Act, July 2019
- The Constitution of the Islamic Republic of Iran
- Draft of the Bill on Protection of Data and Privacy in the Cyber Space 2018
- Charter of Citizen’s Rights 2016
- Cyber Crime law 2009
- The Law Concerning Protection of Consumers Rights 2010
- The Law on Publishing and Access to Data 2009
- Stock Market Law 2006
- Electronic Commerce Law (ECL 2004)
- The Law on Facilitation of Competition and Prevention of Monopoly 2004
- The Law on respect for Legitimate Rights and Citizen Rights 2004
- The Law on Establishment of the Ministry of Justice Official Experts 2003
- Press Law 2002
- Criminal Code 1997
- Bylaw Concerning Official Translators 1996
- Criminal Procedures Code 1994
- Direct Taxation Act as amended 1988
- The Law on Statistic Centre of Iran1976
- Civil Liability Code 1960
- The Law on Establishment of Notary Public Offices 1937
- Iranian Bar Association Law 1936

Israel
- The Protection of Privacy Law, 1981 (the “Privacy Law”)
- The Protection of Privacy Regulations (Data Security), 2017 (the “Data Security Regulations”)
- The Protection of Privacy Regulations (Transfer of Information to Databases outside the State’s Boundaries), 2001 (the “Transfer Regulations”)
- Israeli Protection of Privacy Authority (the “PPA”)

Kenya
- Constitution of Kenya 2010
- Access to Information Act 2016
- Health Act 2017
- Computer Misuse and Cybercrimes Act 2018
- Kenya’s Consumer Protection Act 2012
- Data Protection Act 2019
- Data Protection (Civil Registration) Regulations, 2020
- Data Protection (Compliance and Enforcement) Regulations, 2021
- Data Protection (Registration of Data Controllers & Data Processors) Regulations, 2021
- Data Protection (General) Regulations, 2021

Madagascar
- The Data Protection Law No. 2014-038
- Law No. 2/2012 which establishes the legal framework for video surveillance in public spaces

Mauritius

Morocco

Mozambique
- The Civil Code (Decree-Law no. 47344)
- The Penal Code (Law no 35/2014)
- The Labour Law (Law no 23/2007)
- The Advertisement Code (Decree no 38/2016)
- The Electronic Transactions Law (Law no 3/2017)

Namibia
- Article 13 of the Namibian Constitution recognizes right to privacy as a fundamental human right.

Nigeria
- Constitution of the Federal Republic of Nigeria 1999
- Child Rights Act 2003
- Consumer Code of Practice Regulations 2007
- Consumer Protection Framework 2016
- Credit Reporting Act 2017
- Cybercrimes (Prohibition, Prevention Etc) Act 2015
- Freedom of Information Act, 2011 (FOI Act)
- National Identity Management Commission (NIMC) Act 2007
- National Health Act 2014 (NHA)
- Nigerian Communications Commission (registration of telephone subscribers) Regulation 2011
- Nigeria Data Protection Regulation established under the NITDA Act, 2007
- Federal Competition and Consumer Protection Act, 2018
- Nigeria Data Protection Regulation, 2019
- National Cyber Security Policy and Strategy, 2021


Saudi Arabia
- Islamic Law (Shari’ah )
- Law of Civil Affairs
- Banking Control Law
- Banking Consumer Protection Principles
- Regulations for Consumer Credit
- Insurance Market Code of Conduct Regulation
- Insurance Intermediaries Regulation
- Telecommunications Law and Regulations
- Cloud Computing Regulatory Framework
- Anti-Cyber Crime Law
- Personal Data Protection Law

Seychelles
- The Data Protection Act (the ‘Act’) was enacted in 2003 (not yet in force)



Tunisia

UAE- Abu dhabi
UAE- Dubai
- DIFC Law No 5 of 2012 Data protection Law (THE ENACTMENT NOTICE)
- Data Protection Regulations
- DIFC Law no.5 of 2020
UAE- Dubai Health Care City Free Zone
- Health Data Protection Regulation. No 7 of 2008
UAE- General
- UAE in general has sector-specific data protection provisions in certain laws.
- Article 379 of the UAE Penal Code– This law prohbits a person who by reason of profession or craft is entrusted with a “secret,” from using or disclosing that “secret,” without the consent of the person to whom the secret pertains
- Regulatory Framework for stored values and electronic payment systems (Digital Payment Regulation)- data stored with Payment Service Providors (PSP) can only be made available to the corresponding User, the Central Bank, to other regulatory authorities following prior approval of the Central Bank, or by UAE court order.
- The Constitution(Federal Law 1 of 1971)
- Penal Code (Federal Law 3 of 1987 as amended)
- Cyber Crime Law (Federal Law 5 of 2012 regarding Information Technology Crime Control) (as amended by Federal Law No. 12 of 2016 and Federal Decree Law No. 2 of 2018)
- Regulating Telecommunications (UAE Federal Law by Decree No. 3 of 2003), which includes several implementing regulations/policies enacted by the Telecoms Regulatory Authority (‘TRA’) in respect of data protection of telecoms consumers in the UAE.
- The Cyber Crime Law criminalizes obtaining, possessing, modifying, destroying or disclosing (without authorization) electronic documents or electronic information relating to medical records. The Federal Law No. (2) of 2006 on The Prevention of Information Technology Crimes
- Article 13.5 of TRA Consumer Protection Regulations.
- Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data



Zimbabwe
- Freedom of Information Act (1/2020)
- Cybersecurity and Data Protection Bill, H.B. 18, 2019
- The Access to Information and Protection of Privacy Act (Chapter 10:247) contains the most provisions on data protection.
- The Courts and Adjudicating Authorities (Publicity Restrictions) Act (Chapter 07:04)
- Census And Statistics Act [Chapter 10:29]
- Banking Act (Chapter 24:20)
- National Registration Act (Chapter 10:17)
- The Interception of Communications Act (Chapter 11:20)
- Revised National Policy for Information Communication Technology (“ICT Policy”)
- Data Protection Act (Chapter 11:12)
*Disclaimer: This general information is provided for reference purpose only. It is informed that laws are subject to frequent updation and each jurisdiction may have additional civil laws and policies in place. Also link to laws provided for certain countries are of unofficial english translation therefore readers are advised to cross-check/ validate the information provided from official sources.