Law: Individual Privacy Act, 2075 (2018) ('the Act')
Regulator: There is no general data protection authority.
Summary: Privacy in Nepal is protected under both the Criminal (Code) Act 2017 (only available in Nepali here) and Article 28 of the Constitution of Nepal 2015 (only available in Nepali here), which provides individuals with the fundamental right to privacy. Although the Act was introduced in order to give effect to this constitutional right to privacy, the Government of Nepal has yet to enact a regulation to supplement the Act. The Act includes provisions on data collection, storage, and disclosure, and requires the consent of an individual before collecting their personal information. However, the Act does not define 'consent' nor the procedures for obtaining consent. It also does not contain provisions on data subject rights, data breach notification, or data protection officers, nor does it establish a data protection authority. It is expected that at least some of these matters could be addressed when a regulation is developed to work alongside the Act. In addition, a bill relating to information technology, initially tabled by the Government in February 2019, is currently under discussion.