Privacy Laws Around the World: A Global Overview

Privacy Laws Around the World

Privacy laws vary dramatically across countries and regions. Understanding the legal landscape helps you know your rights and choose services based in jurisdictions with strong privacy protections.

European Union: GDPR

The General Data Protection Regulation (GDPR) is the world's most comprehensive privacy law:

• Right to access: Request all data a company holds about you
• Right to deletion: Request your data be erased (right to be forgotten)
• Consent requirements: Companies must obtain explicit consent for data collection
• Data breach notification: Companies must report breaches within 72 hours
• Fines: Penalties up to 4% of global revenue or 20 million euros
• Extraterritorial reach: Applies to any company processing EU residents' data

United States

• No federal privacy law: No comprehensive federal data protection legislation
• CCPA/CPRA (California): Most protective US state law, giving consumers the right to know, delete, and opt out of data sales
• Sectoral laws: HIPAA for health data, FERPA for education, COPPA for children
• Growing state laws: Virginia, Colorado, Connecticut, and other states have enacted privacy legislation

Other Notable Privacy Frameworks

• Brazil (LGPD): Comprehensive privacy law modeled on GDPR
• Canada (PIPEDA): Federal privacy law covering commercial activities
• Japan (APPI): Data protection law with adequacy agreement with the EU
• South Korea (PIPA): One of the strictest privacy laws in Asia
• Australia: Privacy Act with ongoing reforms to strengthen protections
• India (DPDPA): New data protection law enacted in 2023
• China (PIPL): Comprehensive privacy law, though the government has broad data access

Privacy-Friendly Jurisdictions

Some countries and regions are particularly known for strong privacy protections:

• Switzerland: Strong privacy laws, home to ProtonMail and Tresorit
• Iceland: Strong privacy protections and press freedom
• Estonia: Advanced digital identity with strong privacy framework

Implications for eSIM Users

• Privacy laws affect what carriers must retain and share with governments
• Choose eSIM providers based in privacy-friendly jurisdictions when possible
• Your rights regarding data requests and deletion depend on your location and the provider's location

Privacy laws provide a legal framework, but technology provides practical protection. An anonymous eSIM operates beyond many data retention requirements simply because there is no identity data to retain.