Yarovaya Law
Mandatory data retention for 6 months, decryption assistance requirements for authorities.
No additional commentary yet. Contribute on GitHub.
Laws
By Law Type#
Access Laws#
Laws that enable government or law enforcement data access.
No laws found matching the criteria.
Surveillance Laws#
Laws that establish surveillance infrastructure or powers.
No laws found matching the criteria.
Privacy Laws#
Laws that protect individual data rights and privacy.
No laws found matching the criteria.
Localization Laws#
Laws that require data to be stored within jurisdiction.
No laws found matching the criteria.
Security Laws#
National security frameworks without direct data access provisions.
No laws found matching the criteria.
Sector-Specific Laws#
Laws regulating specific sectors (AI, telecom, finance, etc.).
No laws found matching the criteria.
By Government Access Level#
Broad Access#
Bulk collection, minimal oversight, backdoor requirements, or extraterritorial compulsion.
No laws found matching the criteria.
Targeted Access#
Access with warrants or court orders for specific investigations.
No laws found matching the criteria.
Limited Access#
Strong procedural safeguards, narrow scope, independent oversight.
No laws found matching the criteria.
By Data Protection Level#
Strong Protection#
Comprehensive rights (access, erasure, portability), strong enforcement, independent DPA.
No laws found matching the criteria.
Moderate Protection#
Some protections but with significant exceptions or weaker enforcement.
No laws found matching the criteria.
UK GDPR
Post-Brexit version of GDPR retained in UK law, providing similar protections to EU GDPR.
No additional commentary yet. Contribute on GitHub.
TOLA Act
Can compel companies to build backdoors and assist in decryption, with secrecy requirements preventing disclosure.
No additional commentary yet. Contribute on GitHub.
SORM
Mandatory surveillance backdoors in all telecommunications equipment for FSB access.
No additional commentary yet. Contribute on GitHub.
Sikkerhetsloven
Protects national security interests, including requirements for security clearances and protection of sensitive information.
No additional commentary yet. Contribute on GitHub.
Schrems II
Landmark CJEU ruling that invalidated the EU-US Privacy Shield and imposed strict requirements on data transfers to countries without adequate protection. Organizations must now assess destination country surveillance laws before transferring personal data.
Privacy Act 2020
Updated New Zealand privacy law with mandatory breach notification and strengthened enforcement.
No additional commentary yet. Contribute on GitHub.
PIPL
China’s comprehensive personal data protection law with strict cross-border transfer requirements.
No additional commentary yet. Contribute on GitHub.
PIPEDA
Canadian federal privacy law for private sector organizations. Provides fair information principles.
No additional commentary yet. Contribute on GitHub.
PIPA
Comprehensive Korean data protection law with strong enforcement and individual rights.
No additional commentary yet. Contribute on GitHub.
Personopplysningsloven
Norwegian implementation of GDPR. Regulates processing of personal data and establishes Datatilsynet as the supervisory authority.
No additional commentary yet. Contribute on GitHub.
Patriot Act
Broad access to records for national security investigations, including Section 215 bulk data collection.
No additional commentary yet. Contribute on GitHub.
NIS2 Directive
Mandatory cybersecurity requirements for essential and important entities. Requires risk management, incident reporting within 24 hours, and supply chain security. Directors face personal liability for non-compliance.
No additional commentary yet. Contribute on GitHub.
National Security Act
Powers to address foreign interference, espionage and state threats.
No additional commentary yet. Contribute on GitHub.
National Intelligence Law
Organizations and citizens must support, assist and cooperate with national intelligence work. This creates backdoor access concerns for any Chinese software.
No additional commentary yet. Contribute on GitHub.
LED
Data protection rules for police and criminal justice authorities. Provides rights for individuals whose data is processed for law enforcement purposes, with appropriate safeguards.
No additional commentary yet. Contribute on GitHub.
IT Act
Government can intercept, monitor and decrypt any computer resource in the interest of national security.
No additional commentary yet. Contribute on GitHub.
Investigatory Powers Act
Broad surveillance powers including bulk data collection, equipment interference, and communications interception. Requires ISPs to retain browsing history.
No additional commentary yet. Contribute on GitHub.
GDPR
Comprehensive data protection law giving individuals control over their personal data. Requires lawful basis for processing, data minimization, and grants rights including access, erasure, and portability.
No additional commentary yet. Contribute on GitHub.
FISA Section 702
Allows surveillance of non-US persons located outside the US for foreign intelligence purposes. EU citizens have limited legal protections.
No additional commentary yet. Contribute on GitHub.