Our latest Global Trends benchmark compares data protection laws across 14 jurisdictions, by analysing in each:

• Data protection framework and key updates over the past three years. Lawful basis to process personal data and extraterritorial applicability.
• Privacy rules for location data, biometric data, and children’s data.
• Enforcement frameworks and data protection authorities (DPAs).
• Landmark privacy-related cases for location, biometric and children’s data, and/or involving big tech groups.

Key takeaways
 

• While the US has no data protection framework at federal level, all other jurisdictions covered in this benchmark have comprehensive data protection frameworks in place.
• Over the past three years, in some of those jurisdictions the respective data protection frameworks were updated, or major reforms were presented and are still under debate.
• Several jurisdictions covered in this benchmark have specific rules granting special protection to location, biometric and/or children’s data.
• Data protection frameworks, when in place, are usually enforced by a single DPA. Only in India and Indonesia no DPA has been established yet.
• The benchmark highlights several enforcement cases for infringements involving location, biometric and children’s data, often involving major tech groups such as Google, Meta, Tools for Humanity/Worldcoin, and TikTok.

Covered jurisdictions in this benchmark:

Australia, Brazil, Canada, China, the EU, India, Indonesia, Japan, Kenya, Korea, Singapore, South Africa, the UK and the US.

For more information and to access the full benchmark, please click on "Access the full content" - or on "Request Access", in case you are not subscribed to our Global Trends service.