Generic placeholder image

Non-Exhaustive Typology of Privacy & Data Protection Laws throughout the World

Miami - March 12, 2021

0000000000000000000 v1332.jpg

  • Japan’s APPI (enacted in 2003 and into force since 2005): amended in 2020 in a manner partly similar to E.U.’s GDPR (modifications will become effective in 2022).

  • Russia’s Federal Law on Personal Data No. 242-FZ (enacted in 2006): amended in 2014 to require that personal data of Russian citizens be first processed & stored on servers located in Russia ( ).

  • South Africa’s POPI Act (enacted in 2013 and effective since July 1, 2020):

- available at:

- prohibits by principle cross-border international data transfers (including personal information), however there are exceptions to such principle.

  • UK’s Data Protection Act 2018:

- applies EU's GDPR standards but is not limited to them;

- available at:

- most comprehensive Internet-focused data privacy legislation in the U.S. (no equivalent at federal level).

  • India’s PDP Bill 2019 (not enacted yet):

- available at:

- heavily criticized and debated because the central government can exempt any government agency from the Bill;

- Forbes India reports that " the Bill gives Government blanket powers to access citizens' data ”.

  • China's Draft PIPL (published in October 2020 but not enacted yet):

- partly inspired by E.U.’s GDPR;

- unlike China’s 2017 Cyber Security Law [enacted by the Standing Committee of the National People's Congress (NPCSC) to increase data protection/localization and cybersecurity in the interest of national security], the Draft PIPL applies extraterritorially to overseas entities and individuals which/who process the personal data of Data Subjects located in China in order (i) provide products/services to data subjects in China, or (ii) analyze/assess the behavior of data subjects in China;

- available at:


Dr. Ariel Humphrey