Europe
EU law
1. The General Data Protection Regulation (in all EU official languages) – will enter into force on 25 May 2018.
2. The Data Protection Directive for the law enforcement area (in all EU languages)
3. Directive 95/46 for the protection of persons with regard to personal data
4. Council framework decision 2008/977 for data protection in the law enforcement area
6. Regulation 45/2001 for the protection of personal data by EU institutions and bodies
7. EU-US Privacy Shield – adequacy decision and Annexes in all EU official languages
National law
1. UK – Data Protection Act (EN)
2. Spain – Ley Organica 15/1999 (ES)
3. Germany – Bundesdatenschutzgesetz (DE)
4. France – Loi n° 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés (FR)
1o. Greece – Law 2742/1997 and Law 3471/2006 (in EN)
United States
Federal laws
- Driver’s Privacy Protection Act of 1994 – 18 U.S. Code 2721 and following
- Family Educational Rights and Privacy Act of 1974 (FERPA) – 20 U.S. Code section 1232g
- Fair Credit Reporting Act (FCRA) – 15 U.S. Code sections 1681-1681u
- Fair Debt Collection Practices Act – 15 U.S. Code sections 1692-1692p
- Federal Privacy Act of 1974 – 5 U.S. Code section 552a
- Financial Services Modernization Act of 1999, Gramm-Leach-Bliley (GLB), Privacy Rule – 15 U.S. Code sections 6801-6809
- Video Privacy Protection Act of 1988 – 18 U.S.Code section 2710
- HIPAA Privacy Rule (Health Insurance Portability and Accountability Act)
- ECPA (Electronic Communications Privacy Act 1986); U.S. Code sections 2510-2522, 2701-2711, 3121,1367
State laws
- California – Several laws
- Michigan – Internet Privacy Protection Act
Canada
Federal laws
- Privacy Act (R.S.C., 1985, c. P-21) (personal data processing by federal government and agencies)
- Personal Information Protection and Electronic Documents Act (PIPEDA- federal private-sector privacy law)
Province laws
- Alberta: Personal Information Protection Act
- British Columbia: Personal Information Protection Act
- Québec: An Act Respecting the Protection of Personal Information in the Private Sector
- Ontario – Personal Health Information Protection Act
- New Brunswick – Personal Health Information Privacy and Access Act
- Newfoundland and Labrador’s – Personal Health Information Act
South America
- Argentina – Ley 25.326. Proteccion de los Datos Personales
- Peru – Ley de Proteccion de Datos Personales Ley No 29733
Asia
- Japan – Amended Act of the Protection of Personal Data (EN – unofficial translation)
Australia
- Commonwealth Privacy Act 1988 including:
- Privacy Amendment (Private Sector) Act 2000 and the
- National Privacy Principles (NPPs) & associated Guidelines
Africa
Last Update – August 2017
This is by no means a complete list. Please, send me an e-mail (gabriela.zanfir@protonmail.com) or leave a comment here with a link to a privacy law that would help complete the list.
I would like to thank Irene Kamara and Rosario Ines Murga Ruiz for their additions to this list.
Greece: http://www.dpa.gr/portal/page?_pageid=33,43560&_dad=portal&_schema=PORTAL
LikeLike
Thanks a lot!!
LikeLike
People need to consider that even if their own country has super strong privacy laws, the 5-eyes, 9-eyes and 14-eyes alliances created after WWII have allowed governments to spy on their citizens using information gathered from other countries.
LikeLike
Norwegian law incorporating GDPR: https://lovdata.no/dokument/NL/lov/2018-06-15-38 (Personopplysningsloven)
I also added your site to the Awesome GDPR resources: https://github.com/bakke92/awesome-gdpr#awesome-gdpr
LikeLike
Norway: https://lovdata.no/dokument/NL/lov/2018-06-15-38 (incorporating GDPR in national law and giving some additional legislation).
I have added your site to my “Awesome GDPR” resources here: https://github.com/bakke92/awesome-gdpr#awesome-gdpr-
LikeLike
Thailand also has a Personal Data Protection Act (PDPA) announced on 25 May 2019. see further https://www.etda.or.th/app/webroot/content_files/13/files/The%20Personal%20Data%20Protection%20Act.pdf
LikeLike
Pingback: Securing internet-connected devices in healthcare – Tubesock, Inc.
Pingback: Securing internet-connected devices in healthcare – Tubesock, Inc.
Making it obvious what data you gather, how it’s used, who has access to it, and how it’s kept safe demonstrates to users that your organization has mature privacy policies in place. Thank you!
LikeLike
Brazil’s Data Protection Law: https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm (Lei Geral de Proteção de Dados)
LikeLike