International Privacy Law

As businesses continue to make a global impact, it's important to get to know the laws of the land and understand how your data flows across international boundaries. Most countries have their own data protection laws that need to be adhered to, and many fall under the jurisdiction of more than one.

 

Here are a few of the international data privacy laws your compliance officer should be aware of.

 

PIPEDA

In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) covers the disclosure of personal information in the private sector.
Learn more about PIPEDA.

Federal Law on the Protection of Personal Data

Mexico's Federal Law on the Protection of Personal Data held by Private Properties 2010 regulates the processing of personal data for private enterprises.

LGPD

As of August 2020, Brazil formally enacted its first general data protection law, Lei Geral de Proteção de Dado (LGPD). This comprehension data protection regulation applies to all businesses in Brazil and the data collection and use of Brazilian citizens and residents.

 

GDPR

The General Data Protection Regulation (GDPR) extends to all businesses (including businesses that operate outside of Europe) that offer goods and services to European residents and collect personal data in the process.
Learn more about the GDPR.

Data Protection Act 2

France's Data Protection Act 2 (Law No. 2016-1321) supports the provisions of the GDPR.

Federal Data Protection Act 2017

Germany's Federal Bundesdatenschutzgesetz (BDSG) works alongside the GDPR to outline how data can be collected and processed.

FLDP and DPO

The Federal Law on Data Protection (FLDP) and Data Protection Ordinance (DPO) are the data privacy laws of Switzerland.

Data Protection Act 2018

The Data Protection Act 2018 incorporates the EU GDPR and supplements its provisions in the United Kingdom. An amended version of this law came into effect on midnight of 31 December 2020.

 

Personal Information Security SpecificationThis is the data privacy law in China that relates to transparency, personal rights over data, and consent. In October 2020, China unveiled a draft of the Personal Information Protection Law (PIPL) for public consultation. This comprehensive data privacy legislation has yet to be passed into law.

APPI

Japan's Act on the Protection of Personal Information (APPI) applies to any company, whether in Japan or located outside Japanese borders, that offers goods and services in the country.

PDPB

Tabled in December 2019, the Personal Data Protection Bill 2019 (PDPB) is based on the GDPR and grants Indian citizens certain data protection rights. The revised version of the law, the Personal Data Protection (PDP) legislation is expected to pass into law in early 2021. Currently, data privacy is covered by the Information Technology Act 2000.

The Russian Federal Law on Personal Data (No. 152-FZ)

The Federal Law on Personal Data 2006 (Act No. 152 FZ) relates to the collection and processing of customer data in Russia.

 

PoPIThe Protection of Personal Information (PoPI) Act 2013 is a data privacy law in South Africa that prescribes how customer data can be used for marketing purposes.

Australia's Privacy Act 1988

This is the key privacy law that governs both the public and private sectors in Australia.

New Zealand Privacy Act 1993

This is the key privacy law that governs both the public and private sectors in New Zealand.