Privacy Laws Around the World


EU law

1. The General Data Protection Regulation (in all EU official languages) – will enter into force on 25 May 2018.

2. The Data Protection Directive for the law enforcement area (in all EU languages)

3. Directive 95/46 for the protection of persons with regard to personal data

4. Council framework decision 2008/977 for data protection in the law enforcement area

5. ePrivacy Directive 2002/58

6. Regulation 45/2001 for the protection of personal data by EU institutions and bodies

7. EU-US Privacy Shield – adequacy decision and Annexes in all EU official languages

National law

1. UK – Data Protection Act (EN)

2. Spain – Ley Organica 15/1999 (ES)

3. Germany – Bundesdatenschutzgesetz (DE)

4. France – Loi n° 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés (FR)


1o. Greece – Law 2742/1997 and Law 3471/2006 (in EN)

United States

Federal laws

  1. Driver’s Privacy Protection Act of 1994 – 18 U.S. Code 2721 and following
  2. Family Educational Rights and Privacy Act of 1974 (FERPA) – 20 U.S. Code section 1232g
  3. Fair Credit Reporting Act (FCRA) – 15 U.S. Code sections 1681-1681u
  4. Fair Debt Collection Practices Act – 15 U.S. Code sections 1692-1692p
  5. Federal Privacy Act of 1974 – 5 U.S. Code section 552a
  6. Financial Services Modernization Act of 1999, Gramm-Leach-Bliley (GLB), Privacy Rule – 15 U.S. Code sections 6801-6809
  7. Video Privacy Protection Act of 1988 – 18 U.S.Code section 2710
  8. HIPAA Privacy Rule (Health Insurance Portability and Accountability Act)
  9. ECPA (Electronic Communications Privacy Act 1986); U.S. Code sections 2510-2522, 2701-2711, 3121,1367

State laws

  1. California – Several laws
  2. Michigan – Internet Privacy Protection Act


Federal laws

  1. Privacy Act (R.S.C., 1985, c. P-21) (personal data processing by federal government and agencies)
  2. Personal Information Protection and Electronic Documents Act (PIPEDA- federal private-sector privacy law)

Province laws

  1. Alberta: Personal Information Protection Act
  2. British Columbia: Personal Information Protection Act
  3. Québec: An Act Respecting the Protection of Personal Information in the Private Sector
  4. Ontario – Personal Health Information Protection Act
  5. New Brunswick – Personal Health Information Privacy and Access Act
  6. Newfoundland and Labrador’s – Personal Health Information Act

South America

  1. Argentina – Ley 25.326. Proteccion de los Datos Personales
  2. Peru – Ley de Proteccion de Datos Personales Ley No 29733


  1. Japan – Amended Act of the Protection of Personal Data (EN – unofficial translation)


  1. Commonwealth Privacy Act 1988 including:
  2. Privacy Amendment (Private Sector) Act 2000 and the
  3. National Privacy Principles (NPPs) & associated Guidelines


  1. Morocco – Loi n° 09-08 relative à la protection des personnes physiques à l’égard du traitement des données à caractère personnel


Last Update – August 2017

This is by no means a complete list. Please, send me an e-mail ( or leave a comment here with a link to a privacy law that would help complete the list.

I would like to thank Irene Kamara and Rosario Ines Murga Ruiz for their additions to this list.

10 responses to “Privacy Laws Around the World

  1. People need to consider that even if their own country has super strong privacy laws, the 5-eyes, 9-eyes and 14-eyes alliances created after WWII have allowed governments to spy on their citizens using information gathered from other countries.


  2. Norwegian law incorporating GDPR: (Personopplysningsloven)

    I also added your site to the Awesome GDPR resources:


  3. Norway: (incorporating GDPR in national law and giving some additional legislation).

    I have added your site to my “Awesome GDPR” resources here:


  4. Thailand also has a Personal Data Protection Act (PDPA) announced on 25 May 2019. see further


  5. Pingback: Securing internet-connected devices in healthcare – Tubesock, Inc.

  6. Pingback: Securing internet-connected devices in healthcare – Tubesock, Inc.

  7. Making it obvious what data you gather, how it’s used, who has access to it, and how it’s kept safe demonstrates to users that your organization has mature privacy policies in place. Thank you!


  8. Ana Paula Rezende

    Brazil’s Data Protection Law: (Lei Geral de Proteção de Dados)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.