Data Protection and Privacy Laws Around the World

Data protection has become an essential part of human life, and this is why governments around the world have taken it upon themselves to ensure they enact laws that will safeguard sensitive data of their citizenry.

The way data laws are made vary from one country to another. Some countries have omnibus coverage, which means that there is a national data protection law, but various industries are also allowed to create their own laws. In others, there exists what is known as sectoral coverage. This simply means that various trades, industries, and local authorities have independent data protection laws.

This simply means that data privacy laws are not the same in all countries. You, therefore, have to constantly navigate the mess of inconsistent regulation. Therefore, you also have a responsibility to keep your data secure as you browse through the web. This includes having a robust Virtual Private Network – Nord VPN service, and adopting a host of practices that will ensure you are safe from the prying eyes of cybercriminals.

To better understand how data is regulated, below is an overview of laws, acts, regulations, and decrees in some of the world’s biggest economies:

United States

The United States, despite being the world’s superpower, doesn’t have national laws that govern data privacy. In fact, it is one of the countries that follow the sectoral approach, which simply means that each sector and state can develop its own data protection laws.

In this country, there are over 100 privacy laws at the state level (25 of them in California), and about 20 industry or sector-specific federal laws governing data privacy.

The new California Consumer Privacy Act (CCPA) offers citizens with four rights which provide them with more power over their private data. This includes right to access, notice, equal services, and opt in or out.

According to the act, all businesses which intend to collect data from California citizens must comply with the CCPA, lest they will find themselves on the wrong side of the law.

However, there are some prominent national data protection laws in the U.S which include the privacy act 1974, the privacy protection act 1999, and fair credit reporting act 2018. Additionally, the country abides by special privacy shield agreements which it shares with Switzerland and the European Union.


In China, data privacy is enhanced by national law. This follows the introduction of a new privacy bill by the Standardization Administration of China in January 2018, which was affected in May 2018.

Astonishingly, the data privacy law in china contains more strenuous requirements than the GDPR. It contains a myriad of provisions which relate to transparency, consent, and personal right over data.

Before this law came into place, there existed other data privacy laws in china, which include the Criminal law 2015, Civil Law of the People’s Republic of China 2017, cybersecurity Law 2017, consumer protection law 2013, and the National Standard of Information Security technology 2013.

The United Kingdom

Data privacy in the U.K is regulated by the Data Protection Act 2018, which complements the EU GDPR.

This act outlines various data subject rights that include data protection offenses, consent from minors, data protection fees, personal data, and data protection laws enforcement.

Even though Brexit threatens the data protection provisions under EU GDPR, experts say that the U.K is highly unlikely to change its existing data protection laws.


Previously, data privacy was regulated under the ACT on Protection of Personal Information of 2003. This country now uses the new ACT on Protection of Personal Information which was affected in 2017. This act outlines the basic data protection policies, with businesses and organizations intending to use personal data expected to abide by these policies.

The act has various provisions, which circle around record-keeping, third-party transfers, protection of data privacy rights, breaches, and anonymity.

The GDPR explained

The General Data Protection Regulation, popularly known as GDPR is a law that was enacted in May 2018. It consists of modernised laws which govern how businesses handle and process data. Also, it is aimed at protecting the rights of people across Europe.

The GDPR contains various provisions, which pertains on how individuals, businesses, and other bodies should handle personal information.

This regulation allows people to have easier access to the data that companies hold about them, and also requires organisations to get consent from people before collecting any information about them. 

Even though businesses across Europe could take years to be completely GDPR compliant, this is a regulation that clearly communicates to other economic blocs around the world that data protection is possible.

Therefore, governments should come to the realization that the business world is evolving first; thus there is need to develop laws which will assure their people of utmost data protection.

As an individual, make sure that you are aware of the data privacy laws in your country or state, and ensure that you abide by them. But perhaps the most critical thing is that you should be wary of the imminent threats you face every day as you browse through the web, and find ways to protect yourself from data loss.