HOME

TheInfoList



OR:

Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handing sensitive information. Privacy laws are considered within the context of an individual's
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
rights or within reasonable
expectation of privacy Expectation of privacy is a legal test which is crucial in defining the scope of the applicability of the privacy protections of the Fourth Amendment to the United States Constitution. It is related to, but is not the same as, a ''right to privac ...
. The
Universal Declaration of Human Rights The Universal Declaration of Human Rights (UDHR) is an international document adopted by the United Nations General Assembly that enshrines the Human rights, rights and freedoms of all human beings. Drafted by a UN Drafting of the Universal De ...
states that everyone has the right to privacy. The interpretation of these rights varies by country and are not always universal.


Classification of privacy laws

Privacy laws can be broadly classified into: * General privacy laws that have an overall bearing on the personal information of individuals and affect the policies that govern many different areas of information. **Trespass **Negligence **Fiduciary


International legal standards on privacy


Asia-Pacific Economic Cooperation (APEC)

APEC The Asia-Pacific Economic Cooperation (APEC ) is an inter-governmental forum for 21 member economies in the Pacific Rim that promotes free trade throughout the Asia-Pacific region.
created a voluntary Privacy Framework that was adopted by all 21 member economies in 2004 in an attempt to improve general information privacy and the cross-border transfer of information. The Framework consists of nine Privacy Principles that act as minimum standards for privacy protection: Preventing harm, Notice, Collection limitation, Use of personal information, Choice, Integrity of personal information, Security safeguards, Access and correction, and Accountability. In 2011, APEC implemented the APEC Cross Border Privacy Rules System with the goal of balancing "the flow of information and data across borders ... essential to trust and confidence in the online marketplace." The four agreed-upon rules of the System are based upon the APEC Privacy Framework and include self-assessment, compliance review, recognition/acceptance, and dispute resolution and enforcement.


Council of Europe

Article 8 of the
European Convention on Human Rights The European Convention on Human Rights (ECHR; formally the Convention for the Protection of Human Rights and Fundamental Freedoms) is an international convention to protect human rights and political freedoms in Europe. Drafted in 1950 by t ...
, which was drafted and adopted by the
Council of Europe The Council of Europe (CoE; french: Conseil de l'Europe, ) is an international organisation founded in the wake of World War II to uphold European Convention on Human Rights, human rights, democracy and the Law in Europe, rule of law in Europe. ...
in 1950 and currently covers the whole European continent except for Belarus and Kosovo, protects the right to respect for private life: "Everyone has the right to respect for his private and family life, his home and his correspondence." Through the huge case-law of the
European Court of Human Rights The European Court of Human Rights (ECHR or ECtHR), also known as the Strasbourg Court, is an international court of the Council of Europe which interprets the European Convention on Human Rights. The court hears applications alleging that a ...
in
Strasbourg Strasbourg (, , ; german: Straßburg ; gsw, label=Bas Rhin Alsatian, Strossburi , gsw, label=Haut Rhin Alsatian, Strossburig ) is the prefecture and largest city of the Grand Est region of eastern France and the official seat of the Eu ...
, privacy has been defined and its protection has been established as a positive right of everyone. The Council of Europe also adopted Convention for the protection of individuals with regard to automatic processing of personal data in 1981 and addressed privacy protection in regards to the Internet in 1998 when it published "Draft Guidelines for the protection of individuals with regard to the collection and processing of personal data on the information highway, which may be incorporated in or annexed to Code of Conduct." The Council developed these guidelines in conjunction with the
European Commission The European Commission (EC) is the executive of the European Union (EU). It operates as a cabinet government, with 27 members of the Commission (informally known as "Commissioners") headed by a President. It includes an administrative body o ...
, and they were adopted in 1999.


European Union (EU)

The 1995
Data Protection Directive The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, is a European Union directive which regulates the processing of personal data within the European Union (EU) and the free movement of such data. The Data Pro ...
(officially Directive 95/46/EC) recognized the authority of
National data protection authorities There are several National data protection authorities across the world, tasked with protecting information privacy. In the European Union and the EFTA member countries, their status was formalized by the Data Protection Directive and they were ...
and required that all Member States adhere to universal privacy protection standards. Member States must adopt strict privacy laws that are no more relaxed than the framework provided by the Directive. Additionally, the Directive outlines that non-EU countries must adopt privacy legislation of equal restriction in order to be allowed to exchange personal data with EU countries. Furthermore, companies in non-EU countries must also adopt privacy standards of at least equal restriction as provided in the Directive in order to do business with companies located in EU countries. Thus, the Directive has also influenced the development of privacy legislation in non-European countries. The proposed ePrivacy Regulation, which would replace the
Privacy and Electronic Communications Directive 2002 Privacy and Electronic Communications Directive 2002/58/EC on Privacy and Electronic Communications, otherwise known as ePrivacy Directive (ePD), is an EU directive on data protection and privacy in the digital age. It presents a continuation o ...
, also contributes to EU privacy regulations. The General Data Protection Regulation replaced the Data Protection Directive of 1995 when it came to effect on 25 May 2018. A notable contribution that has come from the General Data Protection Regulation is its recognition of a "right to be forgotten," which requires any group that collects data on individuals to delete the data related to an individual upon that individual's request. The Regulation was influenced by the aforementioned European Convention on Human Rights.


Organization for Economic Co-operation and Development (OECD)

In 1980, the
OECD The Organisation for Economic Co-operation and Development (OECD; french: Organisation de coopération et de développement économiques, ''OCDE'') is an intergovernmental organisation with 38 member countries, founded in 1961 to stimulate e ...
adopted the voluntary OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data in response to growing concerns about information privacy and data protection in an increasingly technological and connected world. The OECD Guidelines helped establish an international standard for privacy legislation by defining the term "personal data" and outlining fair information practice principles (FIPPs) that other countries have adopted in their national privacy legislation. In 2007, the OECD adopted the Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy. This framework is based on the OECD Guidelines and includes two cooperation based model forms to encourage the enforcement of privacy laws among member states. The Recommendation is also notable for coining the term "Privacy Enforcement Authority".


United Nations (UN)

Article 17 of the
International Covenant on Civil and Political Rights The International Covenant on Civil and Political Rights (ICCPR) is a multilateral treaty that commits nations to respect the civil and political rights of individuals, including the right to life, freedom of religion, freedom of speech, freedo ...
of the United Nations in 1966 also protects privacy: "No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks." On December 18, 2013, the United Nations General Assembly adopted resolution 68/167 on the right to privacy in the digital age. The resolution makes reference to the Universal Declaration of Human Rights and reaffirms the fundamental and protected human right of privacy. The Principles on Personal Data Protection and Privacy for the United Nations System were declared on October 11, 2018.


Privacy laws by country


Australia

The current state of privacy law in Australia includes Federal and state information privacy legislation, some sector-specific privacy legislation at state level, regulation of the media and some criminal sanctions. The current position concerning civil causes of action for invasion of privacy is unclear: some courts have indicated that a tort of invasion of privacy may exist in Australia.. However this has not been upheld by the higher courts, which have been content to develop the equitable doctrine of Breach of Confidence to protect privacy, following the example set by the UK. In 2008, the
Australian Law Reform Commission The Australian Law Reform Commission (often abbreviated to ALRC) is an Australian independent statutory body established to conduct reviews into the law of Australia. The reviews, also called inquiries or references, are referred to the ALRC by ...
recommended the enactment of a statutory cause of action for invasion of privacy."Invasion of privacy: penalties and remedies: review of the law of privacy: stage 3" (2009) (Issues paper 14), New Zealand Law Commission, , 2009 NZIP 14 accessed 27 August 2011 The Privacy Act 1988 aims to protect and regulate an individual's private information. It manages and monitors
Australian Government The Australian Government, also known as the Commonwealth Government, is the national government of Australia, a federal parliamentary constitutional monarchy. Like other Westminster-style systems of government, the Australian Government ...
and organisations on how they hold personal information.


Bahamas

The Bahamas has an official data protection law that protects the personal information of its citizens in both the private and public sector: Data Protection Act 2003 (the Bahamas Law). The Bahamas Law appoints a data protection commissioner to the Office of Data Protection to ensure that data protection is being held. Even though there is legislation enforced in the Bahamas through the Data Protection Act 2003, the act lacks many enforcements since a data protection officer doesn't need to be in office nor does any group or organization need to notify the Office of Data Protection when a hacker has breached privacy law. Also, there are no requirements for registering databases or restricting data flow across national borders. Therefore, the legislation does not meet European Union standards, which was the goal of creating the law in the first place.  The Bahamas is also a member of CARICOM, the Caribbean Community.


Belize

Belize is currently part of the minority of countries that do not have any official data privacy laws.Greenleaf, Graham. 2015. "Global Data Privacy Laws 2015: 109 Countries, with European Laws Now a Minority"''.'' ''Privacy Laws & Business International Report'' 21. However, the
Freedom of Information Act Freedom of Information Act may refer to the following legislations in different jurisdictions which mandate the national government to disclose certain data to the general public upon request: * Freedom of Information Act 1982, the Australian act * ...
(2000) currently protects the personal information of the citizens of Belize, but there is no current documentation that distinguishes if this act includes electronic data. As a consequence of the lack of official data privacy laws, there was a breach of personal data in 2009 when an employee's laptop from Belize's Vital Statistics Unit was stolen, containing birth certification information for all citizens residing in Belize. Even though the robbery was not intentionally targeting the laptop - the robber did not predict the severity of the theft - Belize was put in a vulnerable position which could have been avoided if regulations were in order.


Brazil

A Brazilian citizen's privacy is protected by the country's constitution, which states: On 14 August 2018, Brazil enacted its General Personal Data Protection Law. The bill has 65 articles and has many similarities to the GDPR. The first translation into English of the new data protection law was published by Ronaldo Lemos, a Brazilian lawyer specialized in technology, on that same date. There is a newer version.


Canada

In Canada, the federal '' Personal Information Protection and Electronic Documents Act'' (PIPEDA) governs the collection, use, and disclosure of personal information in connection with commercial activities and personal information about employees of federal works, undertakings and businesses. It generally does not apply to non-commercial organizations or provincial governments. Personal information collected, used and disclosed by the federal government and many crown corporations is governed by the '' Privacy Act''. Many provinces have enacted similar provincial legislation such as the Ontario '' Freedom of Information and Protection of Privacy Act'' which applies to public bodies in that province. There remains some debate whether there exists a common law tort for breach of privacy. There have been a number of cases identifying a common law right to privacy but the requirements have not been articulated. In ''Eastmond v. Canadian Pacific Railway & Privacy Commissioner of Canada''''Eastmond v. Canadian western Railway & Privacy Commissioner of Canada'', 11 June 2004 Canada's Supreme Court found that CP could collect Eastmond's personal information without his knowledge or consent because it benefited from the exemption in paragraph 7(1)(b) of
PIPEDA The ''Personal Information Protection and Electronic Documents Act'' (PIPEDA; french: Loi sur la protection des renseignements personnels et les documents électroniques) is a Canadian law relating to data privacy. It governs how private sector ...
, which provides that personal information can be collected without consent if "it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement".


China

In 1995, the Computer Processed Personal Information Protection Act was enacted in order to protect personal information processed by computers. The general provision specified the purpose of the law, defined crucial terms, prohibited individuals from waiving certain rights. The National Security Law and the Cybersecurity Law promulgated in 2015 give public security and security departments great powers to collect all kinds of information, forcing individuals to use network services to submit private information for monitoring, and forcing network operators to store user data Within China, unrestricted "technical support" from the security department must be provided. Other laws and regulations related to privacy are as follows:


Constitution

Article 38. The personal dignity of citizens of the People's Republic of China shall not be violated. It is forbidden to use any method to insult, slander, and falsely accuse citizens. Article 39. The residences of the People's Republic of China should be inviolable. It is prohibited to illegally search or trespass into citizens’ houses. Article 40. The freedom and confidentiality of communications of citizens of the People’s Republic of China are protected by law. Except for the needs of national security or the pursuit of criminal offenses, the public security organs or procuratorial organs shall inspect communications in accordance with the procedures prescribed by law, no organization or individual may infringe on citizens’ freedom of communication and confidentiality for any reason.


Civil Code

Article 1032. Natural persons enjoy the right to privacy. No organization or individual may infringe the privacy rights of others by spying, harassing, divulging, disclosing, etc.


Privacy of the deceased

The Supreme People's Court's "Interpretation on Several Issues Concerning the Determination of Liability for Compensation for Mental Damage in Civil Torts" was adopted at the 116th meeting of the Judicial Committee of the Supreme People's Court on February 26, 2001. Article 3 After the death of a natural person, if a close relative of a natural person suffers mental pain due to the following infringements, and the people’s court sues for compensation for mental damage, the people’s court shall accept the case: (2) Illegal disclosure or use of the privacy of the deceased, or infringement of the privacy of the deceased in other ways that violate social public interests or social ethics.


Law on the Protection of Minors

Article 39. No organization or individual may disclose the personal privacy of minors. No organization or individual may conceal or destroy letters, diaries, and e-mails of minors, except for the need to investigate crimes. Public security organs or people's procuratorates shall conduct inspections in accordance with the law, or letters, diaries, and e-mails of minors who are incapacitated. Diaries and e-mails shall be opened and read by their parents or other guardians, and no organization or individual shall open or read them.


Fiji

An archipelago located in the Pacific, the country of
Fiji Fiji ( , ,; fj, Viti, ; Fiji Hindi: फ़िजी, ''Fijī''), officially the Republic of Fiji, is an island country in Melanesia, part of Oceania in the South Pacific Ocean. It lies about north-northeast of New Zealand. Fiji consists ...
was founded on 10 October 1970."Constitution of the Republic of Fiji." The Fijian Government — Department of Information. Retrieved 1 May 2017. In its constitution, the people inhabiting the land are granted the right to
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
. The exact workings from the constitution is the following: "Every person has the right to personal privacy, which includes the right to — (a)
confidentiality Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...
of their personal information; (b) confidentiality of their communications; and (c) respect for their private and family life". But in this very same constitution, it is expressed that it is possible "to the extent that it is necessary" for a law to be passed that limits or impacts the execution of the right to privacy law. Another privacy related law can be seen in section 54 of the Telecommunications Promulgation passed in 2008, which states that "any service provider supplying telecommunications to consumers must keep information about consumers confidential". Billing information and call information are no exceptions. The only exception to this rule is for the purpose of bringing to light "fraud or bad debt". Under this law, even with the consent of the customer, the disclosure of information is not permitted. Other Privacy laws that have been adopted by this country are those that are meant to protect the collected information, cookies and other privacy-related matter of tourist. This is in regards to (but not limited to) information collected during bookings, the use of one technology of another that belongs to said company or through the use of a service of the company, or when making
payment A payment is the voluntary tender of money or its equivalent or of things of value by one party (such as a person or company) to another in exchange for goods, or services provided by them, or to fulfill a legal obligation. The party making the ...
s. Additionally, as a member of the United Nations, the Fiji is bound by the Universal Declaration of Human Rights which states in article twelve, "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks".


France

France adopted a data privacy law in 1978. It applies to public and private organizations and forbids gathering sensitive data about physical persons (including sexuality, ethnicity, and political or religious opinions). The law is administered by the
Commission nationale de l'informatique et des libertés The ''Commission nationale de l'informatique et des libertés'' (CNIL, ; en, National Commission on Informatics and Liberty) is an independent French administrative regulatory body whose mission is to ensure that data privacy law is applied t ...
(CNIL), a dedicated national administration. Like in Germany data violations are considered criminal offenses (Art. 84 GPR with Code Pénal, Section 1, Chapitre VI, Art. 226ff.).


Germany

Germany is known to be one of the first countries (in 1970) with the strictest and most detailed data privacy laws in the world. The citizens' right to protection is stated in the
Constitution of Germany The Basic Law for the Federal Republic of Germany (german: Grundgesetz für die Bundesrepublik Deutschland) is the constitution of the Federal Republic of Germany. The West German Constitution was approved in Bonn on 8 May 1949 and came i ...
, in Art. 2 para. 1, and Art. 1 para. 1. The citizens' data of Germany is mainly protected under the Federal Data Protection Act (1977) from corporations, which has been amended the most recently in 2009. This act specifically targets all businesses that collect information for its use. The major regulation protects the data within the private and personal sector, and as a member of the European Union (EU), Germany has additionally ratified its act, convention, and additional protocol with the EU according to the EU Data Protection Directive 95/46 EC. In Germany, there are two kinds of restrictions on a transfer of personal data. Since Germany is part of the EU Member States, the transfer of personal data of its citizens to a nation outside the EEA is always subject to a decent level of data protection in the offshore country. Secondly, according to German data policy rules, any transfer of personal data outside the EEA symbolizes a connection to a third party which requires a reason. That reason may be for emergency reasons and a provision must be met with consent by the receiver and the subject of the data. Keep in mind that in Germany, data transfers within a group of companies are subject to same treatment as transfer to third-parties if the location is outside the EEA. Specifically the Federal Data Protection Commission is in charge of regulating the entirety of the enforcement of data privacy regulations for Germany. In addition, Germany is part of the Organisation for Economic Cooperation and Development (OECD).Western Hemisphere Data Protection Laws. 2012. U.S. Department of Commerce. http://web.ita.doc.gov/ITI/itiHome.nsf/9b2cb14bda00318585256cc40068ca69/a54f62c93fd1572985257623006e32d5/$FILE/Western%20Hemisphere%20Data%20Protection%20Laws%205-12%20final.pdf The Federal Data Protection Commission of Ireland is a member of the International Conference of Data Protection and Privacy Commissioners, European Data Protection Authorities, the EU Article 29 Working Party, and the
Global Privacy Enforcement Network Global means of or referring to a globe and may also refer to: Entertainment * ''Global'' (Paul van Dyk album), 2003 * ''Global'' (Bunji Garlin album), 2007 * ''Global'' (Humanoid album), 1989 * ''Global'' (Todd Rundgren album), 2015 * Bruno ...
. Regarding the protection of children, Germany is potentially the first nation that has played an active role in banning the share of data within toys connected to Wifi and the Internet, like for instance, "My Friend Cayla". The group in charge of protecting the data of children is the
Federal Network Agency The Federal Network Agency (german: Bundesnetzagentur or ) is the German regulatory office for electricity, gas, telecommunications, post and railway markets. It is a federal agency of the Federal Ministry for Economic Affairs and Climate Acti ...
(''Bundesnetzagentur'').  Like in France data violations are considered offenses (Art. 84 GPR with § 42 BDSG).


Greece

During the military dictatorship era the 57 AK law prohibited taking photos of people without their permission but the law has since been superseded. The 2472/1997 law protects personal data of citizens but consent for taking photos of people is not required as long as they aren't used commercially or are used only for personal archiving ("οικιακή χρήση" / "home use"), for publication in editorial, educational, cultural, scientific or news publications, and for fine art purposes (e.g.
street photography Street photography (also sometimes called candid photography) is photography conducted for art or enquiry that features unmediated chance encounters and random incidents within public places. Although there is a difference between street and ca ...
which has been uphold as legal by the courts whether done by professional or amateur photographers). However, photographing people or collecting their personal data for commercial (advertising) purposes requires their consent. The law gives photographers the right to commercially use photos of people who have not consented to the use of the images in which they appear if the depicted people have either been paid for the photo session as models (so there is no separation between editorial and commercial models in Greek law) or they have paid the photographer for obtaining the photo (this, for example, gives the right to wedding photographers to advertise their work using their photos of newly-wed couples they photographed in a professional capacity). In Greece the right to take photographs and publish them or sell licensing rights over them as fine art or editorial content is protected by the
Constitution of Greece The Constitution of Greece ( el, Σύνταγμα της Ελλάδας, Syntagma tis Elladas) was created by the Fifth Revisionary Parliament of the Hellenes in 1974, after the fall of the Greek military junta and the start of the Third Hellen ...
(Article 14 and other articles) and free speech laws as well as by
case law Case law, also used interchangeably with common law, is law that is based on precedents, that is the judicial decisions from previous cases, rather than law based on constitutions, statutes, or regulations. Case law uses the detailed facts of a l ...
and legal cases. Photographing the police or children and publishing the photographs in a non-commercial capacity is also legal.


Hong Kong

In Hong Kong, the law governing the protection of personal data is principally found in the Personal Data (Privacy) Ordinance (Cap. 486) which came into force on 20 December 1996. Various amendments were made to enhance the protection of personal data privacy of individuals through the Personal Data (Privacy) (Amendment) Ordinance 2012. Examples of personal data protected include names, phone numbers, addresses, identity card numbers, photos, medical records and employment records. As Hong Kong remains a common law jurisdiction, judicial cases are also a source of privacy law. The power of enforcement is vested with the Privacy Commissioner (the "Commissioner") for Personal Data. Non-compliance with data protection principles set out in the ordinances does not constitute a criminal offense directly. The Commissioner may serve an enforcement notice to direct the data user to remedy the contravention and/or instigate the prosecution action. Contravention of an enforcement notice may result in a fine and imprisonment.


India

The Right to Privacy is a
fundamental right Fundamental rights are a group of rights that have been recognized by a high degree of protection from encroachment. These rights are specifically identified in a constitution, or have been found under due process of law. The United Nations' Sustai ...
and an intrinsic part of Article 21 that protects life and liberty of the citizens and as a part of the freedoms guaranteed by Part III of the
Constitution A constitution is the aggregate of fundamental principles or established precedents that constitute the legal basis of a polity, organisation or other type of Legal entity, entity and commonly determine how that entity is to be governed. When ...
. In June 2011, India passe
subordinate legislation
that included various new rules that apply to companies and consumers. A key aspect of the new rules required that any organization that processes personal information must obtain written consent from the data subjects before undertaking certain activities. However, application and enforcement of the rules is still uncertain. The Aadhaar Card privacy issue became controversial when the case reached the Supreme Court. The hearing in the
Aadhaar Aadhaar ( hi, आधार, ādhār, lit=base, foundation, bn, আধার) is a 12-digit unique identity number that can be obtained voluntarily by the citizens of India and resident foreign nationals who have spent over 182 days in twelve ...
case went on for 38 days across 4 months, making it the second longest Supreme Court hearing after the landmark Kesavananda Bharati v. State of Kerala. On 24 August 2017, a nine-judge bench of the Supreme Court in
Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors. Justice K. S. Puttaswamy () vs Union Of India (2017), also known as Right to Privacy verdict is a landmark decision of the Supreme Court of India, which holds that the right to privacy is protected as a fundamental right under Articles 1 ...
unanimously held that the right to privacy is an intrinsic part of right to life and personal liberty under Article 21 of the Constitution. Previously, the Information Technology (Amendment) Act, 2008 made changes to the
Information Technology Act, 2000 The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. Secon ...
and added the following two sections relating to Privacy: * Section 43A, which deals with implementation of ''reasonable security practices'' for ''sensitive personal data or information'' and provides for the compensation of the person affected by ''wrongful loss or wrongful gain''. * Section 72A, which provides for imprisonment for a period up to three years and/or a fine up to Rs. for a person who causes ''wrongful loss or wrongful gain'' by disclosing personal information of another person while ''providing services under the terms of lawful contract''. A constitutional bench of the Supreme Court declared 'Privacy' as a fundamental right on 24 August 2017.


Ireland

The Republic of Ireland is under the Data Protection Act 1988 along with the EU General Data Protection Regulation, which regulates the utilization of personal data. The DPA protects data within the private and personal sector. The DPA ensures that when data is transported, the location must be safe and in acknowledgement of the legislation to maintain
data privacy Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data pr ...
. When collecting and processing data, some of the requirements are listed below: * the subject of personal data must have given
consent Consent occurs when one person voluntarily agrees to the proposal or desires of another. It is a term of common speech, with specific definitions as used in such fields as the law, medicine, research, and sexual relationships. Consent as und ...
* the data is in the subject's interest * the reason for the processing of data is for a contract * the reason for the processing of data is the prevention of injury Specifically the
Data Protection Commissioner The Office of the Data Protection Commissioner (Irish: An Coimisinéir Cosanta Sonraí) (DPC), also known as Data Protection Commission, is the independent national authority responsible for upholding the EU fundamental right of individuals to ...
oversees the entirety of the enforcement of data privacy regulations for Ireland. All persons that collect and process data must register with the Data Protection Commissioner unless they are exempt (non-profit organizations, journalistic, academic, literary expression etc.) and renew their registration annually.


Electronic Privacy Protection

Considering the protection of internet property and online data, the ePrivacy Regulations 2011 protect the communications and higher-advanced technical property and data such as social media and the telephone. In relation to international data privacy law that Ireland is involved in, the British–Irish Agreement Act 1999 Section 51 extensively states the relationship between data security between the United Kingdom and Ireland.Kuner, Christopher. 2007. ''European Data Protection Law: Corporate Compliance and Regulation.'' Oxford, United Kingdom: Oxford University Press In addition, Ireland is part of the
Council of Europe The Council of Europe (CoE; french: Conseil de l'Europe, ) is an international organisation founded in the wake of World War II to uphold European Convention on Human Rights, human rights, democracy and the Law in Europe, rule of law in Europe. ...
and the Organisation for Economic Cooperation and Development. The Data Protection Commissioner of Ireland is a member of the International Conference of Data Protection and Privacy Commissioners, European Data Protection Authorities, the EU Article 29 Working Party,
Global Privacy Enforcement Network Global means of or referring to a globe and may also refer to: Entertainment * ''Global'' (Paul van Dyk album), 2003 * ''Global'' (Bunji Garlin album), 2007 * ''Global'' (Humanoid album), 1989 * ''Global'' (Todd Rundgren album), 2015 * Bruno ...
, and the British, Irish, and Islands Data Protection Authorities. Ireland is also the main international location for social media platforms, specifically
LinkedIn LinkedIn () is an American business and employment-oriented online service that operates via websites and mobile apps. Launched on May 5, 2003, the platform is primarily used for professional networking and career development, and allows job se ...
and Twitter, for data collection and control for any data processed outside the United States.


Jamaica

The Jamaican constitution grants its people the right to "respect for and protection of private and family life, and privacy of the home". Although the government grants its citizens the right to privacy, the protection of this right is not strong. But in regards to other privacy laws that has been adopted in the country of Jamaica, the closest one is the Private Security Regulation Authority Act. This act passed in the year 1992, established the Private Security Regulation Authority. This organization is tasked with the responsibility of regulating the private security business and ensuring that everyone working as a private security guard is trained and certified. The goal of this is to ensure a safer home, community, and businesses. One of the reasons as to why this law was passed is that as trained workers, the guards could ensure maximum
Customer service Customer service is the assistance and advice provided by a company to those people who buy or use its products or services. Each industry requires different levels of customer service, but in the end, the idea of a well-performed service is that ...
and also with the education they received they would be equipped how best to deal with certain situations as well as avoid actions can that could be considered violations, such as invasion of privacy. Additionally, as a member of the United Nations, the Jamaica is bound by the
Universal Declaration of Human Rights The Universal Declaration of Human Rights (UDHR) is an international document adopted by the United Nations General Assembly that enshrines the Human rights, rights and freedoms of all human beings. Drafted by a UN Drafting of the Universal De ...
which states in article two "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks".


Japan

On 30 May 2003, Japan enacted a series of laws in the area of data protection: * The Act on the Protection of Personal Information (APPI) * The Act on the Protection of Personal Information Held by Administrative Organs (APPIHAO) * The Act on the Protection of Personal Information Held by Incorporated Administrative Agencies (APPI-IAA) Text was copied from this source, which is available under
Creative Commons Attribution 4.0 International License
The two latter acts (amended in 2016) contain provisions applicable to the protection of personal information by public sector entities.


Kenya

Kenya currently does not have a strong general privacy protection law for its constituents. But in chapter 4 — The Bill of Rights, and in the second part which is titled "Rights and Fundamental Freedoms", of the
constitution A constitution is the aggregate of fundamental principles or established precedents that constitute the legal basis of a polity, organisation or other type of Legal entity, entity and commonly determine how that entity is to be governed. When ...
, privacy is allocated its own section. There we see that the
Kenyan government , image = , caption = Coat of arms of Kenya , date = 1963 , jurisdiction = Republic of Kenya , url = http://www.mygov.go.ke/ , legislature = Parliament of Kenya , meeting_place = ...
express that all its people have the right to privacy, "which includes the right not to have — (a) their person, home or property searched; (b) their possessions seized; (c) information relating to their family or private affairs unnecessarily required or revealed, or (d) the privacy of their communications infringed". Although Kenya grants its people the right to privacy, there seems to be no existing document that protects these specific privacy laws. Regarding privacy laws relating to data privacy, like many African countries as expressed by Alex Boniface Makulilo, Kenya's privacy laws are far from the European 'adequacy' standard. As of today, Kenya does have laws that focus on specific sectors. The following are the sectors: communication and information. The law pertaining to this is called the Kenya Information and Communication Act.Anonymous. 2017. "Global Data Privacy". Nortonrosefulbright. Retrieved 27 March 2017 (http://www.nortonrosefulbright.com/files/global-data-privacy-directory-52687.pdf) This Act makes it illegal for any licensed telecommunication operators to disclose or intercept information that is able to get access through the customer's use of the service. This law also grants privacy protection in the course of making use of the service provided by said company.Anonymous. 2017. "Global Data Privacy". Nortonrosefulbright. Retrieved 27 March 2017 (http://www.nortonrosefulbright.com/files/global-data-privacy-directory-52687.pdf). And if the information of the customer is going to be provided to any third party it is mandatory that the customer is made aware of such an exchange and that some form of agreement is reached, even if the person is a family member. This act also goes as far as protecting data for Kenyans especially for the use of fraud and other ill manners. Additionally, as a member of the United Nations, Kenya is bound by
the universal declaration of Human Rights The Universal Declaration of Human Rights (UDHR) is an international document adopted by the United Nations General Assembly that enshrines the rights and freedoms of all human beings. Drafted by a UN committee chaired by Eleanor Roosevelt, i ...
which states in article two "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks".


Malaysia

After their independence from Great Britain in 1957, Malaysia's existing legal system was based primarily on English common law. The following common law
tort A tort is a civil wrong that causes a claimant to suffer loss or harm, resulting in legal liability for the person who commits the tortious act. Tort law can be contrasted with criminal law, which deals with criminal wrongs that are punishable ...
s are related to personal information privacy and continue to play a role in Malaysia's legal system:
breach of confidence The tort of breach of confidence is, in United States law, a common law tort that protects private information that is conveyed in confidence. A claim for breach of confidence typically requires the information to be of a confidential nature, whi ...
, defamation,
malicious falsehood Malicious falsehood or injurious falsehood is a tort. It is a lie that was uttered with malice, that is, the utterer knew it was false or would cause damage or harm. Malicious falsehood is a false statement made maliciously that causes damage to t ...
, and
negligence Negligence (Lat. ''negligentia'') is a failure to exercise appropriate and/or ethical ruled care expected to be exercised amongst specified circumstances. The area of tort law known as ''negligence'' involves harm caused by failing to act as a ...
. In recent years, however, the Court of Appeal in Malaysia has referred less to English common law and instead looked more toward other nations with similar colonial histories and whose written constitutions are more like the
Malaysian Constitution The Federal Constitution of Malaysia ( ms, Perlembagaan Persekutuan Malaysia) which was promulgated on 16 September 1963, is the supreme law of Malaysia and contains a total of 183 articles. It is a written legal document which was preceded ...
. Unlike the courts in these other nations, such as India's Supreme Court, the Malaysian Court of Appeal has not yet recognized a constitutionally protected right to privacy. In June 2010, the
Malaysian Parliament The Parliament of Malaysia ( ms, Parlimen Malaysia) is the national legislature of Malaysia, based on the Westminster system. The bicameral parliament consists of the Dewan Rakyat (House of Representatives, lit. "People's Assembly") and the ...
passed the Personal Data Protection Act 2010, and it came into effect in 2013.Anon. 2017. "Global Data Privacy Directory". Norton Rose Fulbright. Retrieved 21 March 2018. http://www.nortonrosefulbright.com/files/global-data-privacy-directory-52687.pdf It outlines seven Personal Data Protection Principles that entities operating in Malaysia must adhere to: the General Principle, the Notice and Choice Principle, the Disclosure Principle, the Security Principle, the Retention Principle, the Data Integrity Principle, and the Access Principle. The Act defines personal data as "'information in respect of commercial transactions that relates directly or indirectly to the data subject, who is identified or identifiable from that information or from that and other information." A notable contribution to general privacy law is the Act's distinction between personal data and sensitive personal data, which entails different protections. Personal data includes "information in respect of commercial transactions ... that relates directly or indirectly to a data subject" while sensitive personal data includes any "personal data consisting of information as to the physical or mental health or condition of a data subject, his political opinions, his religious beliefs or other beliefs of a similar nature." Although the Act does not apply to information processed outside the country, it does restrict cross-border transfers of data from Malaysia outwards. Additionally, the Act offers individuals the "right to access and correct the personal data held by data users", "the right to withdraw consent to the processing of personal data", and "the right to prevent data users from processing personal data for the purpose of direct marketing." Punishment for violating the Personal Data Protection Act can include fines or even imprisonment. Other
common law In law, common law (also known as judicial precedent, judge-made law, or case law) is the body of law created by judges and similar quasi-judicial tribunals by virtue of being stated in written opinions."The common law is not a brooding omnipresen ...
and business sector-specific laws that exist in Malaysia to indirectly protect confidential information include: *
Official Secrets Act 1972 The Official Secrets Act 1972 ( ms, Akta Rahsia Rasmi 1972, abbreviated OSA), is a statute in Malaysia prohibiting the dissemination of information classified as an official secret. The legislation is based on the Official Secrets Act of the United ...
*
Communications and Multimedia Act 1998 The Communications and Multimedia Act 1998 ( ms, Akta Komunikasi dan Multimedia 1998), is a Malaysian law which enacted to provide for and to regulate the converging communications and multimedia industries, and for incidental matters. Structure ...
*
Financial Services Act 2013 The Financial Services Act 2013 ( ms, Akta Perkhidmatan Kewangan 2013), is a Malaysia Malaysia ( ; ) is a country in Southeast Asia. The federation, federal constitutional monarchy consists of States and federal territories of Malaysia, thi ...
*
Islamic Financial Services Act 2013 The Islamic Financial Services Act 2013 ( ms, Akta Perkhidmatan Kewangan Islam 2013), is a Malaysia Malaysia ( ; ) is a country in Southeast Asia. The federal constitutional monarchy consists of thirteen states and three federal terr ...
* Labuan Financial Services and Securities Act 2010 *
Labuan Islamic Financial Services and Securities Act 2010 Labuan (), officially the Federal Territory of Labuan ( ms, Wilayah Persekutuan Labuan), is a Federal Territories of Malaysia, Federal Territory of Malaysia. Its territory includes and six smaller islands, off the coast of the state of Sabah ...
  • Common law duty of bank confidentiality

  • Mexico

    On 5 July 2010, Mexico enacted a new privacy package focused on treatment of personal data by private entities. The key elements included were: * Requirement of all private entities who gather personal data to publish their privacy policy in accordance to the law. * Set fines for up to $16,000,000 MXN in case of violation of the law. * Set prison penalties to serious violations.


    New Zealand

    In New Zealand, the
    Privacy Act 1993 Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
    sets out principles in relation to the collection, use, disclosure, security and access to personal information. The introduction into the New Zealand common law of a tort covering invasion of personal privacy at least by public disclosure of private facts was at issue in ''Hosking v Runting'' and was accepted by the Court of Appeal. In ''Rogers v TVNZ Ltd'' the Supreme Court indicated it had some misgivings with how the tort was introduced, but chose not to interfere with it at that stage. Complaints about privacy are considered by th
    ''Privacy Commissioner''


    Nigeria

    Federal Republic of Nigeria's constitution offers its constituents the right to
    privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
    as well as privacy protection. The following can be found in the constitution pertaining to this: "The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected". Additionally, as a member of the United Nations, Nigeria is bound by the universal declaration of Human Rights which states in article twelve "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks". Nigeria is one of the few African countries that is building on the privacy laws. This is evident in the fact that Nine years later in the year 2008, the
    Cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
    and Information Protection Agency Bill was passed. This bill is responsible for the creation of the Cybersecurity and Information Protection Agency. This agency is tasked with the job of preventing
    cyberattack A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricte ...
    s and regulating the Nigerian information technology industry. Additional laws have been passed that are meant to prevent the disclosure of information without permission and the intercepting of some form of transaction with or without evil intent.


    Philippines

    In Article III, Section 3, paragraph 1 of the 1987 Constitution of the Philippines lets its audience know that "The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise as prescribed by law". Not only does this country grant the
    Filipinos Filipinos ( tl, Mga Pilipino) are the people who are citizens of or native to the Philippines. The majority of Filipinos today come from various Austronesian ethnolinguistic groups, all typically speaking either Filipino, English and/or othe ...
    the right to privacy, but it also protects its people's right to privacy by attaching consequences to the violation of it thereof. In the year 2012, the Philippines passed the Republic Act No. 10173, also known as the "Data Privacy Act of 2012". This act extended
    privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
    regulations and laws to apply to more than just individual industries. This act also offered protection of data belonging to the people regardless of where it is stored, be it in private spheres or not. In that very same year, the cybercrime prevention law was passed. This law was "intended to protect and safeguard the integrity of computer and
    communications system A communications system or communication system is a collection of individual telecommunications networks, transmission systems, relay stations, tributary stations, and terminal equipment usually capable of interconnection and interoperati ...
    s" and prevent them from being misused. Not only does the Philippines have these laws, but it has also set aside agents that are tasked with regulating these privacy rules and due ensure the punishment of the violators. Additionally, with the constitution, previous laws that have been passed but that are in violation of the laws above have been said to be void and nullified. Another way this country has shown their dedication in executing this law is extending it to the government sphere as well. Additionally, as a member of the United Nations, the Philippines is bound by the
    Universal Declaration of Human Rights The Universal Declaration of Human Rights (UDHR) is an international document adopted by the United Nations General Assembly that enshrines the Human rights, rights and freedoms of all human beings. Drafted by a UN Drafting of the Universal De ...
    which states in article two "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks".


    Russia

    Applicable legislation: # Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed and ratified by the Russian Federation on December 19.2005; # the Law of the Russian Federation "On Personal Data" as of 27 July 2006 No. 152-FZ, regulating the processing of personal data by means of automation equipment. It is the operator who is required to comply with that Act. As a general rule, consent of the individual is required for processing, i.e. obtaining, organizing, accumulating, holding, adjusting (updating, modifying), using, disclosing (including transfer), impersonating, blocking or destroying of his personal data. This rule doesn't apply where such processing is necessary for performance of the contract, to which an individual is a party.
    Data protection principles and legislation in the Russian Federation (in English)

    On-line database of the Russian laws (in Russian)

    Federal Service on supervising in the sphere of communications, information technology and mass media (in Russian)
    #In 2022, in the doctoral dissertation of Doctor of La
    A. V. Krotov
    the right of private life as an objective right was considered as a sub-branch of constitutional law, under the Subject of the sub-branch of private life law, the author proposes to understand an array of social relations that arise in the process of formation and development of peculiar, inherent exclusively given to the individual physical, mental and social characteristics that are objectively amenable to legal regulation and receive such regulation. As part of the sub-sector, the following stand out: the institution of privacy, including the sub-institution of the inviolability of the home; institution of religious identity; the institute of family relations, including the sub-institution of the right to become a parent and the sub-institution of gender identity; a communication institution that includes the sub-institution of privacy in cyberspace. Thus, taking into account modern trends in the development of society, a qualitatively different understanding of the right of private life is proposed, as a subjective right of private life, A.V. ) choosing the type and measure of acceptable behavior in the sphere of his personalization, depending on his will and consciousness and serving to satisfy his legitimate interests, coupled with the ability of an authorized subject to demand certain behavior from an obligated person and guaranteed by the state. The subjective right to privacy has the following features: it can be both individual and collective; arises in a person (individual subject) and belongs to him from the moment of birth, to the family (collective subject) from the moment of creation; not alienable; combines the norms of law, morality, in some legal systems of religion; is complex, includes negative and positive elements; its nature, as a rule, requires specification of the content in sectoral legislation; is a natural right, derived from the very rational nature of a person, mediates the characteristics of a person as a biosocial being with pronounced innate attitudes to personalize his properties, is connected and aimed at the implementation of the goals inherent in him by nature, and others. Exploring the post-Soviet model of the right to private life, A. V. Krotov notes its features associated with the special culture of Soviet society: the subordination of the individual's personal existence to public principles of morality and ethics, party duty, condemnation of individualism, and the specifics of Eastern Christian theology. In Orthodoxy, a person is not an autonomous being, a person is conceived in relation and communication with other personalities, the world and God, morality is in the center, and non-personality. A. V. Krotov comes to the conclusion that the post-Soviet model of the right to private life in the Orthodox countries of Eastern Europe, as a rule, is an adapted version of the Western doctrine, the result of the catch-up growth paradigm, a necessary and forced reaction to the evolution of technological , cultural, religious, political and legal systems of Western civilization. Approval at the end of the 20th century. of the pro-Western model of the right to private life in the former Soviet states (countries of the Eastern Christendom) occurred en masse not because of the public need for it, but for populist purposes, as a kind of emotional element that convinces people of a change in the state course, to demonstrate the pro-Western orientation of politicians who led the post-Soviet countries at the end of the twentieth century. However, the Western model of the right to private life does not coincide with the mass legal consciousness and the established system of values in Russia (as a collectivist society), with the philosophical and religious principles of Orthodoxy (the principle of conciliarity). Constitutional norms on the right to private life in Russia are developed to a lesser extent in sectoral legislation (compared to Western law).


    Singapore

    Singapore, like other Commonwealth jurisdictions, relies primarily on common law, and the law of confidence is employed for privacy protection cases. For example, privacy can be protected indirectly through various common law torts: defamation, trespass, nuisance, negligence, and breach of confidence. In February 2002, however, the Singaporean government decided that the common law approach was inadequate for their emerging globalized technological economy. Thus, the National Internet Advisory Committee published the Model Data Protection Code for the Private Sector, which set standards for personal data protection and was influenced by the EU Data Protection Directive and the OECD Guidelines on the Protection of Privacy. In the private sector, businesses can still choose to adopt the Model Code, but in 2005 Parliament decided that Singapore needed a more comprehensive legislative privacy framework. In January 2013, Singapore's Personal Data Protection Act 2012 came into effect in three separate but related phases. The phases continued through July 2014 and dealt with the creation of the Personal Data Protection Commission, the national Do Not Call Registry, and general data protection Rules. The Act's general purpose "is to govern the collection, use and disclosure of personal data by organisations" while acknowledging the individual's right to control their personal data and the organizations' legal needs to collect this data. It imposes eight obligations on those organizations that use personal data: consent, purpose limitation, notification, access, correction, accuracy, protection/security, and retention. The Act prohibits transfer of personal data to countries with privacy protection standards that are lower than those outlined in the general data protection rules. The Personal Data Protection Commission is responsible for enforcing the Act, which is based primarily on a complaints-based system. The punishments for violating the Act can include being ordered by the commission to stop collecting and using personal data, to destroy the data, or to pay a penalty of up to $1 million. Singapore has also passed various sector-specific statutes that more indirectly deal with privacy and personal information, including: * Banking Act * Statistics Act * Official Secrets Act * Statutory Bodies and Government Companies Act *
    Central Provident Fund The Central Provident Fund Board (CPFB), commonly known as the CPF Board or simply the Central Provident Fund (CPF), is a compulsory comprehensive savings and pension plan for working Singaporeans and permanent residents primarily to fund thei ...
    Act * Telecommunications Act There are also more specific acts for electronically stored information: * Spam Control Act 2007 * Electronic Transactions Act * National Computer Board Act * Computer Misuse Act


    South Africa

    The
    Constitution A constitution is the aggregate of fundamental principles or established precedents that constitute the legal basis of a polity, organisation or other type of Legal entity, entity and commonly determine how that entity is to be governed. When ...
    of South Africa guarantees the most general right to privacy for all its citizens. This provides the main protection for personal data privacy so far. The Protection of Personal Information Act 2013 (POPI) was signed into act, focusing on data privacy and is inspired by other foreign national treaties like the European Union. Minimum requirements are presented in POPI for the act of processing personal data, like the fact that the data subject must provide consent and that the data will be beneficial, and POPI will be harsher when related to cross-border international data transfers, specifically with personal information. The recording of conversations over phone and internet is not allowed without the permission of both parties with the Regulation of Interception of Communications and Provision of Communications Related Act (2002). In addition, South Africa is part of the
    Southern African Development Community The Southern African Development Community (SADC) is an inter-governmental organization headquartered in Gaborone, Botswana. Its goal is to further regional socio-economic cooperation and integration as well as political and security coopera ...
    and the
    African Union The African Union (AU) is a continental union consisting of 55 member states located on the continent of Africa. The AU was announced in the Sirte Declaration in Sirte, Libya, on 9 September 1999, calling for the establishment of the Africa ...
    .


    Sweden

    The Data Act is the world's first national data protection law and was enacted in Sweden on 11 May 1973. The law was then superseded on 24 October 1998 by the Personal Data Act (Sw. ''Personuppgiftslagen'') that implemented the 1995 EU
    Data Protection Directive The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, is a European Union directive which regulates the processing of personal data within the European Union (EU) and the free movement of such data. The Data Pro ...
    .


    Switzerland

    The main legislation over personal data privacy for the personal and private sector in Switzerland is the Swiss Federal Protection Act, specifically the Data Protection Act, a specific section under the Swiss Federal Protection Act. The Data Protection Act has been enacted since 1992 and is in charge of measuring the consent of sharing of personal data, along with other legislation like the Telecommunication Act and the Unfair Competition Act. The Act generally guides on how to collect, process, store, data, use, disclose, and destruct data. The Data Inspection Board is in charge of overseeing data breaches and privacy enforcement. Personal data must be protected against illegal use by "being processed in good faith and must be proportionate". Also, the reason for the transfer of personal data must be known by the time of data transfer. Data not associated with people (not personal data) is not protected by the Data Protection Act. In the case of data transfer to unsafe data protection countries, these are the major regulations required by the Data Protection Act: * Need of direct channels for data transfer * Individual case must have consent from receivers of data * Disclosure is accessible to public Switzerland is a white-listed country, meaning that it is a nation that has proper levels of data protection under the surveillance by the
    European Commission The European Commission (EC) is the executive of the European Union (EU). It operates as a cabinet government, with 27 members of the Commission (informally known as "Commissioners") headed by a President. It includes an administrative body o ...
    (EU Commission). Switzerland is not under the EU Data Protection Directive 95/46 EC. However, the data protection regulations are sufficient enough under European Union (EU) regulations without being a member of the EU. In addition, Switzerland is part of the Council of Europe and the Organisation for Economic Cooperation and Development. The Data Inspection Board of Switzerland is a member of the International Conference of Data Protection and Privacy Commissioners, European Data Protection Authorities, the EU Article 29 Working Party, and the Nordic Data Protection Authorities.


    Taiwan

    The right to privacy is not explicitly mentioned in the Republic of China Constitution, but it can be protected indirectly through judicial interpretation. For example, article 12 of the Constitution states "the people shall have freedom of confidentiality of correspondence" while article 10 states "the people shall have freedom of residence and of change of residence." Along with several other articles that assert the Constitution's protection of freedoms and rights of the people, the Grand Justices are able to decide how privacy protection fits into the legal system. The Justices first made reference to privacy being a protected right in the 1992 "Interpretation of Council of Grand Justices No. 293 on Disputes Concerning Debtors' Rights," but it was not directly or explicitly declared to be a right. In 1995, Taiwan passed the Computer-Processed Personal Data Protection Act which was influenced by the OECD Guidelines and enforced by each separate Ministry depending on their industry sector responsibility. It only protected personal information managed by government agencies and certain industries. In 2010, Taiwan enacted the Personal Data Protection Act that laid out more comprehensive guidelines for the public and private sectors and was still enforced by individual Ministries. In the 2010 Act, personal data is protected and defined as any "data which is sufficient to, directly or indirectly, identify that person", and includes data such as name, date of birth, fingerprints, occupation, medical records, and financial status, among many others. A few other administrative laws also deal with communication-specific personal privacy protection: * Telecommunications Act * Communications Protection and Surveillance Act Additionally, chapter 28 of the
    Criminal Code A criminal code (or penal code) is a document that compiles all, or a significant amount of a particular jurisdiction's criminal law. Typically a criminal code will contain offences that are recognised in the jurisdiction, penalties that might ...
    outlines punishments for privacy violations in article 315, sections 315-1 and 315–2. The sections primarily address issues of search and seizure and criminal punishment for wrongful invasion of privacy. Finally, articles 18(I),184(I), and 195(I) of the Taiwanese
    Civil Code A civil code is a codification of private law relating to property, family, and obligations. A jurisdiction that has a civil code generally also has a code of civil procedure. In some jurisdictions with a civil code, a number of the core ar ...
    address the "personality right" to privacy and the right to compensation when one injures the "rights" of another, such as when someone uses another's name illegally.


    Thailand

    Thailand's unique history of being an authoritarian buffer state during the Cold War and being under the constant threat of a
    coup d'état A coup d'état (; French for 'stroke of state'), also known as a coup or overthrow, is a seizure and removal of a government and its powers. Typically, it is an illegal seizure of power by a political faction, politician, cult, rebel group, m ...
    means that privacy laws have so far been limited in order to preserve national security and public safety. Thailand uses bureaucratic surveillance to maintain national security and public safety, which explains the 1991 Civil Registration Act that was passed to protect personal data in computerized record-keeping and data-processing done by the government. The legislature passed the Official Information Act 1997 to provide basic data protection by limiting personal data collection and retention in the public sector. It defines personal information in a national context in relation to state agencies. Two communication technology related laws, the Electronic Transactions Act 2001 and the Computer Crime Act 2007, provide some data privacy protection and enforcement mechanisms. Nevertheless, Thailand still lacks legislation that explicitly addresses privacy security. Thus, with the need for a more general and all-encompassing data protection law, the legislature proposed the Personal Data Protection Bill in 2013, which is heavily influenced by the OECD Guidelines and the EU Directive. The draft law is still under evaluation and its enactment date is not yet finalized.


    Ukraine

    Privacy and
    data protection Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data pr ...
    in
    Ukraine Ukraine ( uk, Україна, Ukraïna, ) is a country in Eastern Europe. It is the second-largest European country after Russia, which it borders to the east and northeast. Ukraine covers approximately . Prior to the ongoing Russian inv ...
    is mainly regulated by the Law of Ukraine No. 2297-VI 'On Personal Data Protection' enacted on
    1 June Events Pre-1600 *1215 – Zhongdu (now Beijing), then under the control of the Jurchen ruler Emperor Xuanzong of Jin, is captured by the Mongols under Genghis Khan, ending the Battle of Zhongdu. *1252 – Alfonso X is proclaimed king o ...
    2010. On 20 December 2012 legislation was substantially amended. Some general and sector-specific aspects of privacy are regulated by the following acts: * The
    Constitution of Ukraine The Constitution of Ukraine ( uk, Конституція України, translit=Konstytutsiia Ukrainy) is the fundamental law of Ukraine. The constitution was adopted and ratified at the 5th session of the ''Verkhovna Rada'', the parliament ...
    ; * The
    Civil Code of Ukraine The Civil Code of Ukraine ( uk, Цивільний кодекс України, ''Tsyvilnyi Kodeks Ukrayiny'') is a single normative legal act; Law of Ukraine, which is the main act of regulation of private law relations in Ukraine. It regulates ...
    ; * Law of Ukraine No. 2657-XII 'On Information' dated 2 October 1992; * Law of Ukraine No. 1280-IV 'On Telecommunications' dated 18 November 2003; * Law of Ukraine No. 80/94-BP 'On Protection of Information in the Information and Telecommunication Systems' dated 5 July 1994; * Law of Ukraine No. 675-VIII 'On Electronic Commerce' dated 3 September 2015.


    United Kingdom

    As a member of the
    European Convention on Human Rights The European Convention on Human Rights (ECHR; formally the Convention for the Protection of Human Rights and Fundamental Freedoms) is an international convention to protect human rights and political freedoms in Europe. Drafted in 1950 by t ...
    , the United Kingdom adheres to
    Article 8 of the European Convention on Human Rights Article 8 of the European Convention on Human Rights provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions that are "in accordance with law" and " necessary in a democrati ...
    , which guarantees a "right to respect for privacy and family life" from state parties, subject to restrictions as prescribed by law and
    necessary in a democratic society __NOTOC__ "Necessary in a democratic society" is a test found in Articles 8–11 of the European Convention on Human Rights, which provides that the state may impose restrictions of these rights only if such restrictions are "necessary in a democra ...
    towards a legitimate aim. However, there is no independent tort law doctrine which recognises a right to privacy. This has been confirmed on a number of occasions. Processing of personal information is regulated by the
    Data Protection Act 2018 The Data Protection Act 2018 (c. 12) is a United Kingdom Act of Parliament which updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR) and replaces the Data P ...
    , supplementing the EU General Data Protection Regulation, which is still in force (in amended form) after the UK's exit from the EU as "retained EU legislation". * ''
    Kaye v Robertson ''Kaye v Robertson'' 991FSR 62 is a case in English law, expressing the view that there is no common-law right to privacy in English law. Facts The case involved actor Gorden Kaye, who had suffered serious head injuries when a plank smashed thr ...
    '' * ''
    Wainwright v Home Office is an English tort law case concerning the arguments for a tort of privacy, and the action for battery. Facts Alan Wainwright, along with his mother, went to visit his stepbrother, who was detained in Leeds Prison awaiting trial. Because the s ...
    ''


    United States

    The right to privacy is not explicitly stated anywhere in the Bill of Rights. The idea of a right to privacy was first addressed within a legal context in the United States. Louis Brandeis (later a Supreme Court justice) and another young lawyer,
    Samuel D. Warren II Samuel Dennis Warren (1852 – February 18, 1910), also Samuel Dennis Warren II, was an American attorney from Boston, Massachusetts. Biography Warren was born in 1852. His father was also named Samuel D. Warren, known as S.D. Warren, who found ...
    , published an article called "The Right to Privacy" in the '' Harvard Law Review'' in 1890 arguing that the
    United States Constitution The Constitution of the United States is the Supremacy Clause, supreme law of the United States, United States of America. It superseded the Articles of Confederation, the nation's first constitution, in 1789. Originally comprising seven ar ...
    and
    common law In law, common law (also known as judicial precedent, judge-made law, or case law) is the body of law created by judges and similar quasi-judicial tribunals by virtue of being stated in written opinions."The common law is not a brooding omnipresen ...
    allowed for the deduction of a general "right to privacy". Their project was never entirely successful, and the renowned tort expert and Dean of the College of Law at University of California, Berkeley,
    William Lloyd Prosser William Lloyd Prosser (March 15, 1898 – 1972) was the Dean of the School of Law at UC Berkeley from 1948 to 1961. Prosser authored several editions of ''Prosser on Torts'', universally recognized as the leading work on the subject of tort law ...
    argued in 1960 that "privacy" was composed of four separate torts, the only unifying element of which was a (vague) "right to be left alone". The four torts were: * Appropriating the plaintiff's identity for the defendant's benefit * Placing the plaintiff in a false light in the public eye * Publicly disclosing private facts about the plaintiff * Unreasonably intruding upon the seclusion or solitude of the plaintiff One of the central privacy policies concerning minors is the
    Children's Online Privacy Protection Act The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law, located at (). The act, effective April 21, 2000, applies to the online collection of personal information by persons or entities under U.S. juri ...
    (COPPA), which requires children under the age of thirteen to gain parental consent before putting any personal information online. For additional information on Privacy laws in the United States, see: *
    Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy– Kassebaum Act) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1 ...
    (HIPAA) * Right to Financial Privacy Act of 1978 *
    Financial Services Modernization Act Finance is the study and discipline of money, currency and capital assets. It is related to, but not synonymous with economics, the study of production, distribution, and consumption of money, assets, goods and services (the discipline of fina ...
    (GLB)
    15 U.S. Code §§ 6801–6810

    Final Rule on Privacy of Consumer Financial Information, 16 Code of Federal Regulations, Part 313
    *
    Fair Credit Reporting Act The Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 ''et seq'', is U.S. Federal Government legislation enacted to promote the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies. It ...
    (FCRA)
    15 U.S. Code §§ 1681-1681u
    *
    Fair Debt Collection Practices Act The Fair Debt Collection Practices Act (FDCPA), Pub. L. 95-109; 91 Stat. 874, codified as –1692p, approved on September 20, 1977 (and as subsequently amended) is a consumer protection amendment, establishing legal protection from abusive deb ...
    (FDCPA)
    15 U.S.C. §§ 1692-1692
    *
    Driver's Privacy Protection Act The Driver's Privacy Protection Act of 1994 (also referred to as the "DPPA"), Title XXX of the Violent Crime Control and Law Enforcement Act, is a United States federal statute governing the privacy and disclosure of personal information gathered ...
    (DPPA)
    18 U.S.C. §§ 2721–2725

    Clinger-Cohen Act of 1996

    Computer Fraud and Abuse Act of 1986

    E-Government Act of 2002
    Recently, a handful of lists and databases are emerging to help risk managers research US State and Federal laws that define liability. They include: * Perkins Coie Security Breach Notification Chart: A set of articles (one per state) that define data breach notification requirements among US states. *NCSL Security Breach Notification Laws: A list of US state statutes that define data breach notification requirements. *ts jurisdiction: A commercial cybersecurity research platform with coverage of 380+ US State & Federal laws that impact cybersecurity before and after a breach. ts jurisdiction also maps to the NIST Cybersecurity Framework.


    Uzbekistan

    Though the right to privacy exists in several regulations, the most effective privacy protections come in the form of constitutional articles of Uzbekistan. Varying aspects of the right to privacy are protected in different ways by different situations.


    Vietnam

    Vietnam, lacking a general data protection law, relies on Civil Code regulations relating to personal data protection. Specifically, the Code "protects information relating to the private life of a person." The 2006 Law on Information Technology protects personal information, such as name, profession, phone number, and email address, and declares that organizations may only use this information for a "proper purpose". The legislation, however, does not define what qualifies as proper. The 2005 Law on Electronic Transactions protects personal information during electronic transactions by prohibiting organizations and individuals from disclosing "part or all of information related to private and personal affairs ... without prior agreement." The 2010 Law on Protection of Consumers' Rights provides further protection for consumer information, but it does not define the scope of that information or create a data protection authority; additionally, it is only applicable in the private sector. In 2015, the Vietnam legislature introduced the Law on Information Security, which ensures better information safety and protection online and in user's computer software. It took effect on 1 July 2016 and is Vietnam's first overarching data protection legislation.


    Countries without official data privacy laws

    ''Source'' * Afghanistan * Algeria * Bahrain * Bangladesh * Belarus * Belize * Bolivia * Botswana * Burundi * Cambodia * Cameroon * Central African Republic * Comoros * Cuba * Djibouti * Ecuador * Egypt * El Salvador * Equatorial Guinea * Eritrea * Ethiopia * Fiji * Gambia * Guatemala * Guinea * Haiti * Iran * Iraq * Jordan * Kiribati * Kuwait * Lebanon * Liberia * Libya * Malawi * Maldives * Mongolia * Mozambique * Myanmar * Namibia * Nauru * Oman * Pakistan * Palau * Palestine * Panama * Papua New Guinea * Rwanda * Samoa * Saudi Arabia * Sierra Leone * Somalia * Sri Lanka * Sudan * Syria * Tajikistan * Timor-Leste * Togo * Tonga * Turkmenistan * Tuvalu * United Arab Emirates * Uzbekistan * Vanuatu * Vatican (Holy See) * Venezuela * Zambia


    See also

    * Data Protection Act 1998 (United Kingdom) *
    Data Protection Directive The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, is a European Union directive which regulates the processing of personal data within the European Union (EU) and the free movement of such data. The Data Pro ...
    (European Union) * Data protection and privacy laws (Russia) *
    Electronic Communications Privacy Act Electronic Communications Privacy Act of 1986 (ECPA) was enacted by the United States Congress to extend restrictions on government wire taps of telephone calls to include transmissions of electronic data by computer ( ''et seq.''), added new pr ...
    (United States) * General Data Protection Regulation (European Union) *
    Global Privacy Enforcement Network Global means of or referring to a globe and may also refer to: Entertainment * ''Global'' (Paul van Dyk album), 2003 * ''Global'' (Bunji Garlin album), 2007 * ''Global'' (Humanoid album), 1989 * ''Global'' (Todd Rundgren album), 2015 * Bruno ...
    *
    Information Privacy Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data pr ...
    *
    Information Privacy Law Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its dat ...
    * Personality rights *
    Privacy Act of 1974 The Privacy Act of 1974 (, ), a United States federal law, establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintaine ...
    (United States) * Privacy Act 1988 (Australian) *
    Regulation of algorithms Regulation of algorithms, or algorithmic regulation, is the creation of laws, rules and public sector policies for promotion and regulation of algorithms, particularly in artificial intelligence and machine learning. For the subset of AI algorith ...
    *
    Right to be forgotten The right to be forgotten (RTBF) is the right to have private information about a person be removed from Internet searches and other directories under some circumstances. The concept has been discussed and put into practice in several jurisdiction ...


    References


    External links


    2014 International Compendium of Data Privacy Laws
    provided by
    BakerHostetler BakerHostetler is an American law firm founded in 1916. One of the firm's founders, Newton D. Baker, was U.S. Secretary of War during World War I, and former Mayor of Cleveland, Ohio. History , the firm was ranked the 73rd-largest law firm in ...

    Handbook on European data protection law
    {{DEFAULTSORT:Privacy Law Data laws
    Law Law is a set of rules that are created and are enforceable by social or governmental institutions to regulate behavior,Robertson, ''Crimes against humanity'', 90. with its precise definition a matter of longstanding debate. It has been vario ...