Miami - March 12, 2021

• Australia’s Privacy Act 1988: establishes Thirteen (13) Privacy Principles ( https://www.oaic.gov.au/assets/privacy/guidance-and-advice/app-quick-reference-tool.pdf ) contained under schedule 1 of the Act as amended by Privacy Amendment (Enhancing Privacy Protection) Act 2012.
  

• Canada’s PIPEDA 2000: establishes Ten (10) Fair Information Principles ( https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/p_principle/ ) contained under Schedule 1 of PIPEDA.
  

• Japan’s APPI (enacted in 2003 and into force since 2005): amended in 2020 in a manner partly similar to E.U.’s GDPR (modifications will become effective in 2022).
  

• Russia’s Federal Law on Personal Data No. 242-FZ (enacted in 2006): amended in 2014 to require that personal data of Russian citizens be first processed & stored on servers located in Russia ( https://pd.rkn.gov.ru/authority/p146/p191/ ).
  

• Mexico’s LFPDPPP 2010: available at https://www.duanemorris.com/site/static/Mexico_Federal_Protection_Law_Personal_Data.pdf
  

• South Korea’s PIPA 2011: very strict data protection regime which can be read at http://koreanlii.or.kr/w/images/0/0e/KoreanDPAct2011.pdf
  

• South Africa’s POPI Act (enacted in 2013 and effective since July 1, 2020):

- available at: https://popia.co.za/

- prohibits by principle cross-border international data transfers (including personal information), however there are exceptions to such principle.

• European Union’s GDPR (made in 2016 and in force since May 25, 2018): strongest & most comprehensive data privacy regulation in the world (available at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 ).
  

• UK’s Data Protection Act 2018:

- applies EU's GDPR standards but is not limited to them;

- available at: https://www.legislation.gov.uk/ukpga/2018/12/pdfs/ukpga_20180012_en.pdf

• California’s CCPA (enacted in 2018, in force since 2020 & available at: https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5 ) and its supporting CCPA Regulations ( in force since August 14, 2020 after it was approved by California’s Office of Administrative Law and available at: https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/oal-sub-final-text-of-regs.pdf ):

- most comprehensive Internet-focused data privacy legislation in the U.S. (no equivalent at federal level).

• Brazil’s LGPD 2020 (General Personal Data Protection Law): inspired extensively by the E.U.'s GDPR and available in its translated English version at: https://iapp.org/media/pdf/resource_center/Brazilian_General_Data_Protection_Law.pdf
  

• India’s PDP Bill 2019 (not enacted yet):

- available at: http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf

- heavily criticized and debated because the central government can exempt any government agency from the Bill;

- Forbes India reports that " the Bill gives Government blanket powers to access citizens' data ”.

• China's Draft PIPL (published in October 2020 but not enacted yet):

- partly inspired by E.U.’s GDPR;

- unlike China’s 2017 Cyber Security Law [enacted by the Standing Committee of the National People's Congress (NPCSC) to increase data protection/localization and cybersecurity in the interest of national security], the Draft PIPL applies extraterritorially to overseas entities and individuals which/who process the personal data of Data Subjects located in China in order (i) provide products/services to data subjects in China, or (ii) analyze/assess the behavior of data subjects in China;

- available at: https://www.newamerica.org/cybersecurity-initiative/digichina/blog/chinas-draft-personal-information-protection-law-full-translation/

Dr. Ariel Humphrey