Global Comprehensive Privacy Law Mapping Chart 1Last updated: April 2022
Note: This tool is for
informational purposes and is
not legal advice. Whether a law
includes a particular provision
should always be verified via
official sources.Argentina Armenia Australia Benin Republic
Personal Data
Protection Act *Law On Personal
Data ProtectionPrivacy Act 1988
Digital CodeAustralian Privacy
Principles (included
in Privacy Act)
Australian Privacy
Principles GuidelinesINDIVIDUAL RIGHTSRight to access Articles 4(6) and 14Articles 15, 18(1 and 4)
and 20(1 and 2)APP 12 Article 437
Right to correct Article 16 Articles 6, 15(2) and 21(2) APP 13 Article 441
Right to delete Articles 4(5) and 16 Article 15(2)APP Guidelines, APP 13
(related to correcting
inaccuracy)Articles 441, 443 and 444
Right to portability Article 438
Right to opt out of all or
specific processingArticles 9(3), 11(2), 12(2)
and 21(6)APP 7 Articles 390 and 440
Right to opt in for sensitive
data processingArticles 2 and 7* Articles 12 and 13* APP 3 Article 394
Age-based opt-in right Article 9(9) Article 446
Right not to be subject to
fully automated decisionsArticles 401, 415 and 439BUSINESS OBLIGATIONSNotice/transparency
requirementsArticles 6 and 13 Articles 9(5-8) and 10 APPs 1 and 5Articles 384, 403, 415,
416 and 418
Legal basis for processing Article 8 Articles 383 and 389
Purpose limitation Article 4(3)Articles 4(2), 16, 18(2)
and 19(1)APP 6 Articles 383(3) and 424
Data minimization Article 4(1), (7) Articles 5, 18(2) and 19(1) APP 3.1–3.2 Articles 383(4) and 424
Security requirements Article 9Article 19 and
Government Decision on
Biometric Personal Data*APP 11 Articles 383 and 426
Privacy by designAPP Guidelines,
APP 1, 1.3Article 424
Processor/service provider
requirementsArticle 9 (security) Article 14 Article 386
Prohibition on discrimination Articles 393 and 401
Record keepingChapter IV (Articles
21–28) (for data files,
registers, banks, etc.)APP Guidelines,
APP 1, 1.5Article 435
Risk/impact assessmentsPrivacy Act 1988, 33D;
APP Guidelines,
APP 1, 1.7; Australian
Government Agencies
Privacy Code*Article 428
Data breach notification* Article 21(3 and 4) Privacy Act 1988, Part IIIC Article 427
Registration with authoritiesChapter IV (Articles
21–28) (for data files,
registers, banks, etc.)Article 23Articles 405 and 406
(reporting obligation)
Data protection officerAustralian Government
Agencies Privacy Code*Articles 430–432
International data transfer
restrictionsArticle 12 Articles 26 and 27 APP 8 Articles 391 and 392SCOPEExemption for
employee data Section 16 of
Labour CodePrivacy Act 1988, 7B(3)
Nonprofits covered Articles 1 and 2 Article 1(1)Privacy Act 1988, 6C–6EArticle 380OAIC guidance
Sectoral law carveouts Article 1(2)
State-level preemptionENFORCEMENTIndependent enforcement
authorityAgencia de Acceso a la
Información PúblicaPersonal Data
Protection AgencyOffice of the
Australian Information
CommissionerAutorité de Protection
des Données à caractère
Personnel
Chapter V
(Articles 29 and 30)Articles 24 and 25 Privacy Act 1988, Part IV Articles 462–490
Rulemaking authorityChapter V
(Articles 29 and 30)National Assembly, RA
Government, Personal
Data Protection AgencyPrivacy Act 1988, 100 Article 483
Fining authority Article 31Article 24; Article 189.17,
Administrative
Violations CodePrivacy Act 1988,
Part III, 13G; Part IIIA;
Part V, 46, 65–66, etc.Articles 452-455, 459
and 483
Criminal penalties Articles 31 and 32Article 145, Criminal Code
(medical privacy)Privacy Act 1988,
Part V, 46, 65 and 66;
Part VIA, 80Q, etc.Articles 460 and 461
Personal liability Articles 31 and 32 Privacy Act 1988, 99A Article 460
Private right of action Articles 33–39 Articles 17 and 21 Articles 449–451
*Data breach notification: Many countries and all 50 U.S. states have separate data breach notification laws. The term in this chart refers to a provision included in
a comprehensive data protection law.
IAPP 全球隐私地图
文档预览
中文文档
6 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共6页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2023-10-19 06:00:41上传分享