Mekong Region Laws and Regulations

1. Thailand

• Personal Data Protection Act (PDPA), 2019

• Cybersecurity Act, 2019

2. Vietnam

• Law on Cybersecurity, 2018

• Draft Decree on Personal Data Protection (under development as of 2024)

3. Cambodia

• E-Commerce Law, 2019 (with provisions on data protection)

• Draft Data Protection Law (under discussion as of 2024)

4. Lao People’s Democratic Republic (PDR)

• Cybercrime Law, 2015 (includes limited data protection provisions)

• Draft Cybersecurity Law (pending approval)

5. Myanmar

• Telecommunications Law, 2013 (limited privacy provisions)

• Cybersecurity and Data Protection Bill (draft status as of 2024)

Other Regional Frameworks

6. ASEAN Framework on Personal Data Protection

• Non-binding guidelines to harmonize data protection laws in Southeast Asia.

7. Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) System

• A framework to ensure the free flow of data while protecting privacy across participating economies.

Key International Data Protection Laws and Guidelines

1. European Union (EU)

• General Data Protection Regulation (GDPR), 2018

• E-Privacy Directive (Directive 2002/58/EC, under revision)

2. United States (US)

• California Consumer Privacy Act (CCPA), 2018

• Health Insurance Portability and Accountability Act (HIPAA), 1996

• Children’s Online Privacy Protection Act (COPPA), 1998

3. China

• Personal Information Protection Law (PIPL), 2021

• Cybersecurity Law, 2017

4. India

• Digital Personal Data Protection Act, 2023

5. Japan

• Act on the Protection of Personal Information (APPI), revised in 2020

6. South Korea

• Personal Information Protection Act (PIPA), 2011

7. Australia

• Privacy Act, 1988

• Notifiable Data Breaches Scheme, 2018

8. Canada

• Personal Information Protection and Electronic Documents Act (PIPEDA), 2000

Global Guidelines and Frameworks

1. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

• Non-binding principles for international data privacy and flow.

2. UN Guidelines for the Regulation of Computerized Personal Data Files, 1990

• Internationally recognized principles on privacy and data use.

3. International Organization for Standardization (ISO)

• ISO/IEC 27001: Information Security Management Systems

• ISO/IEC 27701: Privacy Information Management

4. The Council of Europe

• Convention 108+: Modernized Convention for the Protection of Individuals with Regard to the Processing of Personal Data

Please send us enquiries if you want to discuss in detail any of these laws and regulations