|
| Region | Related legislation | Remark |
|
| European Union | Data Protection Directive, 1995 | The general data protection regulations were further revised in 2014 and 2016, with the latest version coming into force in May 2018. To date, it is the latest and most comprehensive legal document on personal data protection in the international community. |
| | Directive No.95/46/EC/ of the European Parliament and of the Council on entry protection relating to the processing of entry data and the free circulation of such data, 1995 | |
| | European Union Privacy Directive, 1998 | |
| | Privacy and Electronic Communications Directive 2002 | |
| | European Union Data Retention Directive, 2006 | |
| | Draft No.2012/72 and 73 on the protection of individuals in relation to the processing of personal data and the free flow of such data, 2012 | |
|
| | General data protection ordinance, 2012 | |
| European commission | The 1981 convention on the protection of individuals in the automated processing of personal data was amended, 1999 | |
| | Additional agreement on regulatory authorities and cross-border data flows to the convention on personal protection in the automated processing of personal data, 2001 | |
| | Convention on personal protection in the processing of personal data, 2012 | |
|
| Germany | The German state of Hesse enacted the Data Law of Hesse, the world's first specialized personal data protection law, 1970 | The Federal Data Protection Act of 1977 stipulates that only with the consent of the parties concerned can personal data be collected, processed, and used, and the data parties have the right to know, correct, delete, and screen. |
| | Germany enacted a national Federal Data Protection Act, 1977 | |
|
| Sweden | Swedish Data Act 1973 | The world's first national personal data protection law |
| | Personal Data Act 1998 (supersedes the former) | |
|
| France | Information, Records and Freedom Act, 1978 | |
|
| Britain | UK Data Protection Act, 1984 | |
|
| Australia | The Privacy Act 1988 was passed in November 2012 and the Privacy Act Amendment Act came into force in March 2014 | |
|
| Japan | Personal Information Protection Act, 1988 | |
| | Law on the protection of personal data of administrative bodies in relation to computer processing, 1990 | |
| | Personal Information Protection Act, 2003 | |
|
| Malaysia | The Personal Data Protection Law was passed in 2010 and came into force on November 15, 2013 | |
|
| America | The Fair Credit Reporting Act, 1970 | |
| | Bank Secrecy Act, 1970 | |
| | Fair Information General Rules, 1973 | |
| | Privacy Act, 1974 | |
| | Financial Privacy Act, 1978 | |
| | Family Educational Rights and Privacy Act, 1978 | |
| | Privacy Protection Act, 1980 | |
| | Electronic Communications Secrecy Act, 1986 | |
| | Federal Electronic Communications Privacy Protection Act, 1986 | |
| | Computer Comparison and Privacy Protection Act, 1988 | |
| | Telemarketing Consumer Protection Act, 1991 | |
| | Consumer Credit Reporting Act, 1996 | |
| | Children's Online Privacy Protection Act, 1998 | |
| | National Cybersecurity and Critical Infrastructure Protection Law, 2002 | |
| | Consumer Information Privacy Act, 2010 | |
| | Internet Privacy Protection Act, 2012 | |
| | Federal Privacy Act, 2014 | |
| | California Online Privacy Protection Act, 2014 | |
| | Privacy Shield Agreement, 2016 | |
|
| Netherlands | Data Registration Act 1988; Personal Data Protection Act, 1999 (supersedes the former) | The Personal Data Protection Law of The Netherlands enacted in 1999 stipulates the following principles for government agencies to collect personal information: Personal data processing shall be carried out in accordance with the law and in a reasonable and appropriate manner; the collection of personal data must be accurate, authentic, and legitimate; the data subject has made an explicit consent to its own data processing; the processing of personal data should not exceed the scope of the data acquisition purpose; after the purpose of collection and processing of personal data is realized, the personal data shall not continue to be stored in the form of data subject being identified. |
|
| New Zealand | Privacy Act, 1993 | There are 12 information privacy principles: The purpose of collecting individual information is legal; personal information comes from the person himself; rules for collecting information from the person; storage and security of personal information; get entry information; modify the input information; review of alignment and accuracy before use; the agency shall not hold personal information for longer than necessary; restrict the use of incoming information; restrictions on the disclosure of personal information; unique identification marks, etc. |
|
| OECD | Guidelines on privacy protection and cross-border flow of personal data, 1980 | |
|
| United Nations General Assembly | Guidelines on specification of personal data documents for computer processing, 1990 | |
|
| APEC | APEC Privacy Framework, 2004 | |
|
| Taiwan, China | Computer Processing of Personal Data Protection Act, 1995 | It regulates schools, hospitals, telecommunications, finance, and insurance. |
| | Personal Data Protection Act, 2012 | The scope of use is extended to all industries. According to article 6, it classifies sensitive personal information based on whether it is related to individual core privacy, including “personal INFORMATION related to medical treatment, gene, sexual life, health examination, and criminal record.” |
|
| Hong Kong, China | Personal Data (Privacy) Ordinance, 1996. The Personal Data (Privacy) (Amendment) Ordinance was enacted in June, 2012 | |
|
