Support Centre
Back

Keeping up to Date With Global Privacy Updates

June 09, 2022|
Blog

Keeping up to Date With Global Privacy Updates

Keeping up to Date With Global Privacy Updates

As the privacy landscape continues to develop at speed, the OneTrust DataGuidance Global Privacy Updates page is the go-to resource for tracking all upcoming global privacy updates. This page outlines privacy laws from across the world that you should be aware of, their legislative status, and key dates you should know. Use the table of contents below for a quick overview of privacy updates on the horizon or click on each update to navigate directly to further information, legal texts, and further resources. 

 

Page last updated: 9 June 2022

The following laws have been added or updated in the latest release:

Africa

  • Eswatini: The Data Protection Act No.5 of 2022
  • Kenya: The Data Protection Regulations, 2021

Asia-Pacific

  • Japan: The Act on the Protection of Personal Information (Act No. 57 of 2003 as amended in 2020)
  • Thailand: The Personal Data Protection Act 2019

CIS

  • Russian Federation: Amendments to Federal Law of 27 July 2006 No. 152-FZ on Personal Data
  • Uzbekistan: Law on Cybersecurity (No. RK-764)

Europe 

  • Andorra: Law 29/2021, of 28 October, of Personal Data Protection
  • EU: The Data Governance Act

Table of Contents 

Africa

Asia-Pacific

Canada

Caribbean 

CIS

Europe

Latin America

Middle East

USA

Global Privacy Updates

Africa

Botswana

Law: Data Protection Act, 2018

Status: In force

OneTrust DataGuidance confirmed, on 20 October 2021, with Senwelo Monise, Associate Attorney at Botlhole Law Group, and Lesedi Dingake, Associate at Desai Law Group, that it was announced, on 15 October 2021, in the Botswana Government Gazette, that the Data Protection Act (Act No. 32 of 2018) ('the Act') came into effect, upon the issuance of the Data Protection Act (Commencement Date) Order 2021 by the Minister of Presidential Affairs, Governance and Public Administration.

Resources:

Back to top

Eswatini

Law: The Data Protection Act No.5 of 2022 ('the Act')

Status: In force

The Eswatini Communications Commission published, on 4 March 2022, the Data Protection Act No.5 of 2022.

Resources:

Back to top

Kenya

Law: The Data Protection Regulations, 2021

Status: In force

OneTrust DataGuidance confirmed the development with with Nzilani Mweu, Partner at Rilani Advocates, who noted that the 2021 Regulations are now in effect.

Resources:

Back to top

South Africa

Law: Protection of Personal Information Act, 2013 (Act 4 of 2013)

Status: Partially into force

The President of South Africa announced, on 22 June 2020, the commencement of certain sections of the Protection of Personal Information Act, 2013 ('POPIA'). More specifically, Sections 2 to 38, 55 to 109, 111, and 114(1), (2), and (3) will commence on 1 July 2020. Furthermore, Sections 110 and 114(4) will commence on the later date of 30 June 2021.

The Regulator further issued, on 24 March 2021, a media statement marking 100 days till the deadline for public and private bodies to ensure compliance with POPIA. In particular, the Regulator outlined that it would be prioritising the following:

  • consideration of applications for approval of codes of conducts; 
  • processing public comments on the draft guidelines for registration of information officers; 
  • consideration of applications for prior authorisation; 
  • finalising the guidance note on exclusions and exemptions from POPIA; 
  • finalising the template for notification of security compromises in terms of Section 22 of POPIA; and 
  • finalising the guidance note on processing of personal information across borders. 

In addition, several Sections from POPIA and the Regulations, such as those regulating the processing of personal data and data subject rights, did not become operational until 1 July 2020. Furthermore, Regulation 4 entered into effect on 1 May 2021, while Regulation 5 became effective on 1 March 2021, and the residual Regulations entered into effect on 1 July 2021.

Resources:

Back to top

Rwanda

Law: Law relating to Personal Data Protection and Privacy

Status: In force

Law No. 058/2021 of 13 October 2021 Relating to the Protection of Personal Data and Privacy was published, on 15 October 2021, in the Rwanda Official Gazette ('the Law'). The Law entered into effect upon its publication in the Official Gazette. 

Resources:

Back to top

Uganda

Law: Data Protection and Privacy Regulations

Status: In force

The Data Protection and Privacy Regulations, 2021 were approved and published in the Official Gazette on 12 March 2021.

Resources:

Back to top

Zambia

Law: Data Protection Act No. 3 of 2021

Status: In force

OneTrust DataGuidance confirmed, on 20 January 2022, with Christine Mwambazi, Associate at Corpus Legal Practitioners, that the Data Protection Act No. 3 of 2021 and the Electronic Communications and Transactions Act No. 4 of 2021 entered into force on 31 March 2021. 

Resources:

Back to top

Zambia

Law: The Cyber Security and Cyber Crimes Act No. 2 of 2021

Status: In force

OneTrust DataGuidance confirmed, on 7 February 2022, with Christine Mwambazi, Associate at Corpus Legal Practitioners, that the Cyber Security and Cyber Crimes Act entered into force on 1 April 2021.

Resources:

Back to top

Zimbabwe

Law: Data Protection Bill

Status: Enacted

OneTrust DataGuidance confirmed, on 5 December 2021, with Steve Munyaradzi Chikengezha, Associate at DLA Piper Africa Zimbabwe - Manokore Attorneys that the Data Protection Act [Chapter 11:12] ('the Act') was enacted on 3 December 2021

Resources:

Back to top

Asia-Pacific

Australia

Law: Review of Privacy Act 1988 (No. 119, 1988) (as amended)

Status: In legislative process

The public consultation on the reviewed Privacy Act has been launched on 10 January 2022. The consultation is aimed at a review of the Act to ensure that the privacy framework empowers consumers, protects their data, and serves the Australian economy. The submissions and feedback they receive will inform the review's final report.

Resources:

Back to top

Australia

Law: Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021

Status: In legislative process

The Australian Government is accepting submissions on the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 ('the Online Privacy Bill') until 6 December 2021.

Resources:

Back to top

Brunei Darussalam

Law: Draft Personal Data Protection Order

Status: In legislative process

The Authority for Info-communications Technology Industry of Brunei Darussalam ('AITI') initiated, on 20 May 2021, a public consultation on its draft Personal Data Protection Order ('the PDPO'). In particular, the PDPO establishes comprehensive obligations to data controllers, intermediaries, and processors including the mandatory designation of a data protection officer, the receipt of consent prior to the use and processing of personal information, a limit on the use of data for the purposes communicated to data subjects, and providing notification to authorities of a data breach within three calendar days. In addition, the PDPO requires data controllers to facilitate the data subject rights under the PDPO which establishes the right to withdraw consent, the right to access information, the right to rectification, and data portability.

Resources:

Back to top

China

Law: Personal Information Protection Law of the People's Republic of China 

Status: In force

The PIPL entered into effect on 1 November 2021.

Resources:

Back to top

China

Law: Data Security Law

Status: In force

The Data Security Law entered into effect on 1 September 2021.

Resources:

Back to top

Hong Kong  

Law: Personal Data (Privacy) (Amendment) Bill 2021

Status: In force 

The Privacy Commissioner for Personal Data ('PCPD') announced, on 8 October 2021, that the Personal Data (Privacy) (Amendment) Bill 2021 ('PDPO Amendment Bill') was gazetted and entered into force on 8 October 2021. 

Resources:

Back to top

India

Law: Personal Data Protection Bill, 2019

Status: In legislative process

Lok Sabha, the lower House of Parliament, published, on 16 December 2021, the revised list of business for the same date, in which it confirmed that Shri P.P. Chaudhary and Shri Manish Tewari had presented the Joint Parliamentary Committee ('JPC') report on the Personal Data Protection Bill, 2019 ('the Bill'). 

Resources:

Back to top

Indonesia

Law: Draft Personal Data Protection Act

Status: First Reading

The House of Representatives of the Republic of Indonesia confirmed, on 11 November 2021, it would continue its discussion on the draft of the Personal Data Protection Act, with time allowed for the discussion extended for the third time.

Resources:

Back to top

Japan

Law: The Act on the Protection of Personal Information (Act No. 57 of 2003 as amended in 2020) ('APPI')

Status: In force

The APPI entered into effect on 1 April 2022.

Resources:

Back to top

Myanmar

Law: Amendments to the Law Protecting the Privacy and Security of Citizens (2017) and the Electronic Transactions Law (2004)

Status: Unknown

OneTrust DataGuidance confirmed, on 18 May 2021, with Dr Ross Taylor, Counsel and Head of Financial Services at Tilleke & Gibbins, that the State Administration Council had adopted, in February 2021, amendments to the Law Protecting the Privacy and Security of Citizens (2017) and the Electronic Transactions Law (2004).

Resources:

Back to top

Mongolia

Law: Draft Law on Protection of Personal Information 

Status: Submitted for Discussion 

OneTrust DataGuidance confirmed, on 4 July 2021, with Erdenedalai Odkhuu, Partner at Melville Erdenedalai LLP, that currently five draft laws on information and information security are being discussed by the Parliament of Mongolia, namely: Law on Protection of Personal Information; Law on Public Information; Law on Information Transparency and the Right for Information; Revised Law on Electronic Signature; and Law on Cybersecurity.

Resources:

Back to top

Pakistan

Law: Personal Data Protection Bill 2021 (August 2021)

Status: Published for public consultation

OneTrust DataGuidance confirmed, on 28 February 2022, with Saeed Hasan Khan, Partner at S.U. Khan Associates Corporate & Legal Consultants, that the Federal Cabinet of Pakistan approved, on 16 February 2022, the draft of the Personal Data Protection Bill 2021.

Resources:

Back to top

Philippines

Law: Substitute Bill to amend the Data Privacy Act of 2012 (Republic Act No. 10173) 

Status: Proposed 

The National Privacy Commission ('NPC') issued, on 25 June 2021, a statement addressing recent efforts to strengthen the current privacy law in the Philippines, following the 55th Asia Pacific Privacy Authorities ('APPA') Forum. In particular, the NPC highlighted that a substitute bill to amend the Data Privacy Act of 2012 (Republic Act No. 10173) had been approved by the Committee on Information and Communications Technology of the House of Representatives.

Resources:

Back to top

Shanghai

Law: Shanghai Data Regulations

Status: In force

The Shanghai Municipal People's Government announced on 29 November 2021, that the Standing Committee of the 15th Shanghai Municipal People's Congress adopted the Shanghai Data Regulations. The Regulations entered into effect on 1 January 2022.

Resources:

Back to top

Shenzhen

Law: Shenzhen Special Economic Zone Data Regulation

Status: In force

The Standing Committee of Shenzhen Municipal People's Congress announced, on 7 July 2021, that the Shenzhen Special Economic Zone Data Regulation had passed. The Regulations entered into effect on 1 January 2022.

Resources:

Back to top

South Korea

Law: Amendments to Personal Information Protection Act 2011 (as amended in 2020) ('PIPA')

Status: In legislative process

The Personal Information Protection Commission ('PIPC') published, on 17 May 2021, its public consultation on the amendments to the Personal Information Protection Act 2011 (as amended in 2020) ('PIPA').

Resources:

Back to top

Sri Lanka

Law: Draft Bill for an Act to Provide for the Regulation of Processing of Personal Data (2021)

Status: Passed

The Parliament of Sri Lanka published, on 22 March 2022, the Personal Data Protection Act, No. 9 of 2022 ('PDPA'), following its passage on 9 March 2022 and subsequent certification on 19 March 2022.

Resources:

Back to top

Thailand

Law: The Personal Data Protection Act 2019 ('PDPA') 

Status: In force

The Personal Data Protection Act 2019 entered into effect on 1 June 2022.

Resources:

Back to top

Vietnam

Law: Decree No. 70/2021/ND-CP Amending & Supplementing Several Articles of Decree No. 181/2013/ND-CP dated 14 November 2013 implementing the Law on Advertising

Status: In legislative process

The Ministry of Information and Communications ('MIC') announced, on 26 July 2021, that the Government had promulgated the Draft Decree No. 70/2021/ND-CP Amending & Supplementing Several Articles of Decree No. 181/2013/ND-CP dated 14 November 2013 implementing the Law on Advertising ('Decree 70'). 

Resources:

Back to top

Vietnam

Law: Draft Decree on Personal Data Protection

Status: In legislative process

A consultation was launched on draft decree on 9 February 2021. If passed, the bill would be the first comprehensive data protection legislation in Vietnam, covering topics such as the introduction of definitions, including personal data, sensitive data, and data processing, data subject rights, and consent, as well as data principles such as purpose limitation, data retention, and cross-border data transfers.

Resources:

Back to top

Canada

Canada - Federal

Law: Bill C-11 for the Digital Charter Implementation Act, 2020

Status: In legislative process

Bill introduced to the House of Commons on 17 November 2020. If passed, the bill would enact the Consumer Privacy Protection Act ('CPPA'), which would protect the personal information of individuals while regulating organisations' collection, use, or disclosure of personal information in the course of commercial activities, and would repeal Part 1 of PIPEDA and amend PIPEDA's short title to the Electronic Documents Act.

The Office of the Privacy Commissioner of Canada ('OPC') submitted, on 11 May 2021, comments on Bill C-11, the Digital Charter Implementation Act, 2020 to the Standing Committee on Access to Information, Privacy and Ethics, outlining a number of enhancements the OPC believes are required to both aid in responsible innovation and protect the privacy rights of Canadians.

Resources:

Back to top

Quebec

Law: Bill 64, An Act to modernize legislative provisions as regards the protection of personal information

Status: Passed

Bill 64 received royal assent, on 22 September 2021, in the National Assembly of Quebec.

Resources:

Back to top

Caribbean

British Virgin Islands

Law: Data Protection Act, 2021

Status: The Act will enter into force on a date appointed by the Minister, by notice published in the Gazette, and different dates may be appointed for different provisions of the Act.

The Data Protection Act, 2021 was enacted, on 13 April 2021, in the Official Gazette. The Act represents a comprehensive data protection legislation, addressing, among other things, general privacy principles, data subjects' rights, and the establishment of the Office of the Information Commissioner.

Resources:

Back to top

Jamaica

Law: Protection Act no. 7 of 2020

Status: Partially in force

OneTrust DataGuidance confirmed, on 21 January 2021, with the Kellye-Rae Fisher Campbell, Attorney-at-Law, that, on 30 November 2021, Sections 2,4, 56, 57, 60, 66, 74, 77, and the First Schedule of the Data Protection Act no. 7 of 2020 had become operational following the publication of Supplement No. 160 of Volume CXLIV of 30 November 2021in the Jamaica Gazette Supplement.

Resources:

Back to top

CIS

Belarus

Law: Law on Personal Data

Status: In force

The Law on Personal Data entered in force on 15 November 2021. 

Resources:

Back to top

Kazakhstan

Law: Amendments to Law of the Republic of Kazakhstan of 21 May 2013 No. 94-V on Personal Data and its Protection

Status: The proposed amendments have been submitted for public consultation with no clear timeline of an enforcement date.

The Ministry of Digital Development, Innovations and Aerospace ('MDAI') published, on 13 April 2021, its draft amendments to Law of the Republic of Kazakhstan of 21 May 2013 No. 94-V on Personal Data and its Protection. The amendments would introduce, among other things, registrar and notification requirements for data processing operators, a prohibition on the use of publicly available personal data without consent, the introduction of the right to erasure, stricter requirements to informing data subjects of the use of their data, and new data security measures and obligations.

Resources:

Back to top

Russian Federation

Law: Amendments to Federal Law of 27 July 2006 No. 152-FZ on Personal Data ('the Law')

Status: Passed

The State Parliament ('Duma') announced, on 24 May 2022, a bill amending the Law was adopted at first reading.

Resources:

Legal Text (only available in Russian)

OneTrustDataGuidance Jurisdiction Overview

Back to top

Russian Federation

Law: Bill No. 1176731-7 on the activities of foreign persons in the information and telecommunications network 'Internet' on the territory of the Russian Federation

Status: Passed

The Duma announced, on 17 June 2021, that Bill No. 1176731-7 had been adopted with amendments following its third reading. 

Resources:

Back to top

Ukraine

Law: Draft Data protection Law

Status: In legislative process

The Parliament of Ukraine ('Verkhovna Rada') announced, on 7 June 2021, that it had received a draft data protection law addressing, among other things, grounds for the processing of personal and sensitive information, data subject rights, responsibilities for data controllers and operators including the adoption of Privacy by Design and requirements for the security of processing, and the carrying out of Data Protection Impact Assessments.

Resources:

Back to top

Uzbekistan

Law: Bill to Improve the Legal Framework for Personal Data

Status: In legislative process

The Legislative Chamber of the Oliy Majlis of the Republic of Uzbekistan ('the Chamber') announced, on 25 May 2021, that it had adopted a bill to improve the legal framework for personal data at its first reading. In particular, the Chamber noted the rising number of violations committed as a result of the misuse of personal data, as well as the increasing use of personal data via the internet and other networks.

Resources:

Back to top

Uzbekistan

Law: Draft law on Advertising

Status: In legislative process

The Legislative Chamber of the Oliy Majlis of the Republic of Uzbekistan submitted, on 21 May 2021, a draft law on advertising for public consultation. In particular, if enacted, the draft law would replace Law of the Republic of Uzbekistan of 25 December 1998 No. 723-I on Advertising to establish favourable conditions for the development of the advertising market in Uzbekistan.

Resources:

Back to top

Uzbekistan

Law: Law on Cybersecurity (No. RK-764) ('the Cybersecurity Law')

Status: Passed

The Legislative Chamber of the Oliy Majlis of the Republic of Uzbekistan adopted, on 15 April 2022, the Cybersecurity Law. The Cybersecurity Law will enter into force on 17 July 2022.

Resources:

Back to top

Europe

Andorra

Law: Law 29/2021, of 28 October, of Personal Data Protection ('the Law') 

Status: In force

The Andorran data protection authority ('APDA') announced, on 17 May 2022, the Law entered into force.

Resources:

Back to top

EU

Law: The Data Governance Act ('DGA')

Status: Passed

The Council of the European Union announced, on 16 May 2022, that the DGA had been adopted following the Council's approval of the European Parliament's position.

Resources:

Back to top

EU

Law: Proposal for a Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) ('the Draft ePrivacy Regulation')

Status: The Council and the Parliament will now start negotiations on the text.

The Council of the European Union has agreed on a negotiating mandate with the European Parliament. If passed, the ePrivacy Regulation will replace the Directive on Privacy and Electronic Communications (2002/58/EC) (as amended) ('the ePrivacy Directive').

Resources:

Back to top

EU

Law: Directive (EU) 2019/1937 of 23 October 2019 on the protection of persons who report breaches of Union law

Status: In force. Awaiting Member State implementation

The Directive was published in the EU Official Journal on 16 November 2019 and entered into force on the twentieth day after its publication. Member States must implement Directive into national law by 17 December 2021.

Resources:

Back to top

EU

Law: Revised Directive on Security of Network and Information Systems ('NIS 2 Directive')

Status: In legislative process

The draft of the Revised NIS Directive was published on 16 December 2020. In particular, the NIS 2 Directive, among other things, adds new sectors based on their critical nature thereby expanding the scope of the current NIS Directive, as well as eliminates the distinction between digital service providers and operators of essential services.

Resources:

Back to top

EU

Law: Regulation on a framework for Digital Green Certificates to facilitate free movement during the COVID-19 pandemic

Status: Passed

The European Commission announced, on 14 June 2021, that the Regulation on the EU Digital COVID Certificate had been signed into law.

The Regulation will apply for 12 months as of 1 July 2021.

Resources:

Back to top

EU

Law: Proposal for a Regulation on laying down harmonised rules on artificial intelligence

Status: In legislative process

The European Commission released, on 21 April 2021, its proposal for a regulation on laying down harmonised rules on artificial intelligence ('the Proposed AI Regulation'), a regulation on machinery products ('the Proposed Machinery Products Regulation'), as well as a new Coordinated Plan on AI. In particular, the Commission highlighted that the proposals aim to turn Europe into a global hub for trustworthy AI and that the regulations would apply directly in the same way across all Member States based on a future-proof definition of AI.

Resources:

Back to top

EU

Law: Proposal for a Regulation on Harmonised Rules on Fair Access to and Use of Data (Data Act) 

Status: In legislative process

The European Commission published, on 23 February 2022, its proposal for a Regulation on Harmonised Rules on Fair Access to and Use of Data (Data Act) which includes an explanatory memorandum.

Resources:

Back to top

Germany

Law: Law on data protection and the protection of privacy in telecommunications and telemedia

Status: Passed

The German Federal Parliament ('Bundestag') passed, on 20 May 2021, the draft law regulating data protection and the protection of privacy in telecommunications and telemedia ('TTDSG'). The TTDSG will enter into force on 1 December 2021.

Resources:

Back to top

Italy

Law: National Cybersecurity Agency by Law No. 109 of 4 August 2021

Status: In force

Decree No. 82 of 14 June 2021 ('the Decree') was published, on 4 August 2021, in the Official Gazette. Specifically, the Decree contains urgent provisions on cybersecurity, a definition of national cybersecurity architecture, as well as the establishment of the National Cybersecurity Agency by Law No. 109 of 4 August 2021. The law came into effect on 5 August 2021, a day after its publication in the Official Gazette

Resources:

Back to top

Monaco

Law: Data Protection Act No. 3 of 2021

Status: In legislative process

The Monegasque data protection authority ('CCIN') issued, on 28 January 2022, a statement, in commemoration of Data Protection Day, highlighting the bill relating to the protection of personal data recently submitted to the Office of the National Council.

Resources:

Back to top

Switzerland

Law: Revised Federal Act on Data Protection 1992 ('FADP')

Status: Passed and awaiting Council of State approval

The Revised FADP was published in the official gazette on 6 October 2020. The revised FADP broadly seeks alignment with the GDPR, introducing comprehensive provisions for data protection issues.

Resources:

Back to top

Latin America

Brazil

Law: Law No. 13.709 of 14 August 2018, General Personal Data Protection Law (as amended by Law No. 13.853 of 8 July 2019) ('LGPD')

Status: In force

The LGPD entered into force on 18 September 2020. However, its enforcement provisions entered into force on 1 August 2021.

Resources:

Back to top

Ecuador

Law: Law for the Protection of Personal Data

Status: Published in Official Registry

The Organic Law on the Protection of Personal Data was published, on 21 May 2021, in the Official Registry. Organisations have two years from the date of publication in the Official Registry to commence their processes of adaptation to the law.

Resources

Back to top

El Salvador

Law: Law on Protection of Personal Data and Habeas Data

Status: Archived

OneTrust DataGuidance confirmed, on 8 June 2021, with Fernando Farrar, Associate at BLP Legal, that Legislative Decree No. 875 for the Law on the Protection of Personal Data and Habeas Data was vetoed, on 7 May 2021, by the President on the grounds of inconvenience. Farrar noted that the Commission of Economy of the Legislative Assembly permanently archived the Law on the Protection of Personal Data and Habeas Data on 20 May 2021.

Resources:

Back to top

Mexico

Law: Bill to reform the Federal Law on Protection of Personal Data Held by Private Parties

Status: In legislative process

Senator José Alberto Galarza Villaseñor of the Parliamentary Group of the Citizen Movement introduced, on 29 April 2021, a bill to reform and add various provisions to the Federal Law on Protection of Personal Data Held by Private Parties in relation to its territorial scope.

Resources:

Back to top

Panama

Law: Executive Decree No. 285 of 28 May 2021 that regulates the Law No. 81 on Personal Data Protection

Status: Approved

The National Authority of Transparency and Access to Information ('ANTAI') announced, on 28 May 2021, that the President of the Republic of Panama approved the Executive Decree No. 285 of 28 May 2021 that regulates the Law No. 81 on Personal Data Protection, which establishes principles, rights, obligations, and procedures to regulate the protection of personal data in Panama.

Resources:

Back to top

Paraguay

Law: Bill on the Protection of Personal Data of the Republic of Paraguay

Status: In legislative process

The Chamber of Deputies announced, on 30 April 2021, the official presentation of the bill on the Protection of Personal Data of the Republic of Paraguay. The bill will be submitted for consideration to the advisory commissions in the Chamber of Deputies.

Resources:

Back to top

Peru

Law: Bill creating the National Authority for Transparency, Access to Public Information and Protection of Personal Data

Status: In legislative process

The Council of Ministers approved, on 9 June 2021, a bill that creates the National Authority for Transparency, Access to Public Information and Protection of Personal Data.

Resources:

Back to top

Middle East

DIFC

Law: DIFC Law No. 2 of 2022

Status: In legislative process  

The Dubai International Financial Centre ('DIFC') announced, on 8 March 2022, that it had enacted the DIFC Laws Amendment Law, DIFC Law No. 2 of 2022 to incorporate amendments to several DIFC laws, including the DIFC Data Protection Law No. 5 of 2020 ('the Data Protection Law').

Resources:

Back to top

Oman

Law: Draft law on the protection of personal data of 2021

Status: Enacted

The Ministry of Information ('MoI') announced, on 9 February 2022, that Royal Decree No. 6 of 2022 Promulgating the Law on the Protection of Personal Data ('the Data Protection Law') had been issued by HRH Sultan Haytham, and published in the Official Gazette No. 1429 on 13 February 2022.

The Data Protection Law shall come into force a year from its date of issuance, i.e. 9 February 2023.

Resources:

Back to top

Israel

Law: Privacy Protection Bill (Amendment No. 14) 5722-2022

Status: In legislative process

On 5 January 2021, the Israeli Parliament laid the Privacy Protection Bill (Amendment No. 14), 5722-2022, amending the Protection of Privacy Law, 5741-1981 on the table for its first reading.

Resources:

Back to top

Israel

Law: Privacy Protection Law (Amendment - Reinforcement of the Right to Privacy and its Protection), 2022

Status: In legislative process

OneTrust DataGuidance confirmed, on 3 February 2022, with Dalit Ben-Israel, Partner, Chair of IT and Privacy Practice at Naschitz, Brandes, Amir & Co., that the draft bill for Privacy Protection Law (Amendment - Reinforcement of the Right to Privacy and its Protection), 2022 ('the Bill') had been submitted, on 31 January 2022, to the Parliament.

Resources:

Back to top

Jordan

Law: Draft law on the protection of personal data of 2021

Status: In legislative process

The Prime Minister's Office announced, on 30 December 2021, that the Council of Ministers approved, on 29 December 2021, a draft law on the protection of personal data of 2021.

Resources:

Back to top

Qatar - Qatar Financial Centre

Law: Data Protection Regulations 2021 and Data Protection Rules 2021 (previously Data Protection Regulations 2005 and Data Protection Rules 2005)

Status: Approved (takes effect 21 May 2022)

The Qatar Financial Centre Authority ('QFCA') issued, on 21 December 2021, the Data Protection Regulations 2021 and the Data Protection Rules 2021, noting that the new regulations will take effect 6 months after their issue date (i.e. 21 May 2022), after which the QFC Data Protection Regulations and Rules of 2005 shall be repealed.

Resources:

Back to top

Saudi Arabia

Law: Personal Data Protection Law

Status: Passed

The Saudi Authority for Data and Artificial Intelligence announced on Twitter, on 22 March 2022, it had decided to postpone the full enforcement of the Law from its original date, 23 March 2022, to 17 March 2023.

Resources:

Back to top

UAE - ADGM

Law: Data Protection Regulations 2021

Status: Partially in force

The Abu Dhabi Global Market's Data Protection Regulations 2021 have come into effect for establishments, after a 12-month transition period had begun on 14 February 2021.

Resources:

Back to top

UAE Federal

Law: Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data

Status: Passed

On 28 November 2021, the UAE Cabinet announced that it had enacted Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data.

Resources:

Back to top

USA

California

Law: Additional Regulations under the California Consumer Privacy Act of 2018 ('CCPA')

Status: Approved

The California Attorney General ('AG') announced, on 15 March 2021, the approval of additional regulations to the California Consumer Privacy Act of 2018 ('CCPA') by the Office of Administrative Law, affecting Sections 999.306, 999.315, 999.326, and 999.332 of the CCPA Regulations. In particular, the AG noted that the approved regulations ban 'dark patterns' that delay or obscure the process for opting out of the sale of personal information, and prohibit the burdening of consumers with confusing language or unnecessary steps, such as forcing them to click through multiple screens, or presenting reasons why they should not opt out.

Resources:

Back to top

California

Law: California Privacy Rights Act of 2020 ('CPRA')

Status: Approved

CPRA was approved on 4 November 2020. In particular, the CPRA amends the California Consumer Privacy Act of 2018 ('CCPA') and require businesses to, among other things, not share a consumer's personal information upon the consumer's request, provide consumers with an opt-out option for having their sensitive personal information, as defined in law, used or disclosed for advertising or marketing, obtain permission before collecting data from consumers who are younger than 16, obtain permission from a parent or guardian before collecting data from consumers who are younger than 13, and correct a consumer's inaccurate personal information upon the consumer's request.

The CPRA will enter into force on 1 January 2023 and would apply only to personal information collected after 1 January 2022.

Resources:

Back to top

Colorado

Law: Senate Bill ('SB') 21-190 for an Act concerning additional protection of data relating to personal privacy ('CPA')

Status: Waiting for Governor's signature

The Colorado Senate repassed, on 8 June 2021, Senate Bill ('SB') 21-190 for an Act concerning additional protection of data relating to personal privacy, following their consideration of amendments made to SB 21-190 by the Colorado House of Representatives. In particular, SB 21-190 now requires the signature of the Governor, or it can become law without the Governor's signature if not expressly vetoed.

Once enacted, SB 21-190 will go into effect on 1 July 2023.

Resources:

Back to top

Ohio

Law: HB 376

Status: Introduced

House Bill ('HB') 376 to enact sections 1355.01, 1355.02, 1355.03, 1355.04, 1355.05, 1355.06, 1355.07, 1355.08, and 1355.09 of the Ohio Revised Code to enact the Ohio Personal Privacy Act was introduced to the Ohio House of Representatives, on 12 July 2021, by Representatives Rick Carfagna and Thomas Hall. 

Resources:

Back to top

Puerto Rico

Law: House Bill ('HB') 655 for the Electronic Information Privacy Act

Status: In legislative process

The House Bill ('HB') 655 for the Electronic Information Privacy Act was introduced, on 20 April 2021, to the Puerto Rico House of Representatives.

Resources:

Back to top

Virginia

Law: House Bill 2307 for the Consumer Data Protection Act ('CDPA')

Status: Passed 

House Bill ('HB') 2307 to Amend the Code of Virginia by adding in Title 59.1 a Chapter Numbered 52, Consisting of Sections Numbered 59.1-571 - 59.1-581, relating to the Consumer Data Protection Act ('CDPA'), and its State Senate companion bill 1392 were both signed, on 2 March 2021, by the Virginia State Governor. 

The CDPA will enter into effect on 1 January 2023.

Resources:

Back to top

Wisconsin

Law: 2021 Wisconsin Act 73

Status: Enacted

The Office of the Commissioner of Insurance ('OCI') announced, on 15 July 2021, that Governor Tony Evers had signed Act 73, which creates Chapter 601, Subchapter IX of the Wisconsin Statutes on Insurance Data Security.

Resources:

Back to top

Utah

Law: Senate Bill ('SB') 227 for the Consumer Privacy Act ('UCPA')

Status: Passed

The Utah State Governor signed, on 24 March 2022, Senate Bill ('SB') 227 for the Consumer Privacy Act ('UCPA'), thereby enacting the legislation.

Resources:

Back to top

Keep up to date with upcoming webinars, news, and insights by following OneTrust DataGuidance on LinkedIn and Twitter

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.