Law: Law No. 1/2016 on the Protection of Personal Data ('the Law') (there is currently no available copy of the Law)
Regulator: Governing Body for the Protection of Personal Data (not yet operational).
Summary: The Law is similar in several aspects to comparable frameworks for data protection within the region. For instance, it provides consent as a main principle, details obligations for data controllers and data processors, and requires that the collection of personal data coheres with explicit, pertinent, true, and exact purposes. The Law also sets out data subject rights and general data processing notification requirements. The data protection authority established by the Law, however, is not yet operational and, as such, many provisions within the Law are of limited effect. In addition to the Law, Law No. 2/2016, of 22 July 2016 ('the Electronic Communications Law') regulates electronic communications and networks, and there are numerous other sector-specific laws and directives that contain relevant provisions.