Law: There is no general personal data protection law.

Regulator: There is no data protection authority.

Summary: Whilst there is no general data protection law in Timor-Leste, the Constitution of the Democratic Republic of Timor-Leste, which was enacted in 2002, provides every individual with the right to privacy. Furthermore, Article 38 of the Constitution specifically addresses personal data protection and provides every citizen with the right to access, the right to rectification, and the right to know the purpose for which their personal data was collected, as well as outlines consent requirements for the processing of certain types of data. In addition, there are sectoral laws regulating money laundering and the national health system.