This Global Trends benchmark compares data protection laws across 12 major jurisdictions.

The European Union (EU), with its General Data Protection Regulation in force since 2018, has played a pivotal role in influencing legislative work and privacy debates in other parts of the world. New (or significantly amended) data protection legislation entered into force in the past three years in Brazil, China, Indonesia, Japan, Korea, Singapore, and South Africa. In the United States (US), despite the lack of comprehensive federal legislation, ten states already enacted their own privacy laws. Australia, Canada and India have recently been revising their respective privacy frameworks.

Most of the surveyed jurisdictions apply general privacy rules to location data and treat biometric data as a sensitive category of personal data, where explicit consent is generally required. Most of the surveyed jurisdictions have specific rules on children’s data (e.g. treating children’s data as sensitive information, requiring consent from their parents or guardians, among others).

Not all the jurisdictions covered in this benchmark have set up an independent data protection authority (DPA). Besides, in those where DPAs were established, responsibilities, organisation, and resources vary significantly.

The highest data protection fines involving big online platforms have so far been imposed in the US (US$5bn settlement with Facebook in 2019), the EU (€1.2bn fine on Meta Platforms in 2023), and China (CNY 8.03bn fine on Didi Global in 2022).

For more information and to access the full report, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to the Global Trends service.