Table 2 Policies and laws in data security and privacy protection of countries and supranational alliances.
Rank | C/SA | Key policies and laws | Main contents |
|---|---|---|---|
1 | United Kingdom | Data Protection Act (DPA) | Regulates data protection principles, citizens’ data rights, and complaint channels |
UK Digital Strategy (UK Government, 2022) | Emphasizes data security and intellectual property protection | ||
2 | United States | National Security and Personal Data Protection Act (US Government, 2019) | Emphasizes the data security and privacy protection of nation and citizens |
Uniform Personal Data Protection Act (Uniform Law Commission, 2021) | Emphasizes the data security and privacy protection of business entities holding personal data | ||
American Data Privacy and Protection Act (US Government, 2021) | Emphasizes the data security and privacy protection of consumers and businesses | ||
Federal Data Strategy (US Government, 2019) | Adopts “ethical governance” as its primary guiding principle and underscores the urgent need to protect security, privacy, and confidentiality | ||
3 | Germany | Federal Data Protection Act (Federal Government, 2021) | Provides protection for personal data and data from public institutions, while detailing the rights of data subjects |
Recommendations on Data and Algorithms | Distinguishes ethical principles between responsible data governance and the responsible use of algorithmic systems, and advocates for separate regulation of personal and non-personal data | ||
Data Strategy of the Federal German Government (Federal German Government, 2021) | Identifies four key areas of action, one of which is “promoting data innovation and the responsible use of data” | ||
4 | Australia | Freedom of Information Act | Marks the inception of data ethics regulation and forms the foundational legal framework for data ethics supervision in Australia |
Privacy Act | |||
Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 | Further added regulations for online privacy | ||
5 | Switzerland | Federal Act on Data Protection (FADP) | Safeguards personal privacy and fundamental rights during data processing; establishes the principles of legality, integrity, and proportionality in data processing |
Federal Act on Human Genetic Testing (HGTA) | Protects individuals’ privacy and rights in human genetic testing | ||
Human Research Act (HRA) | Regulates research activities involving humans, ensures ethical and legal compliance | ||
6 | Singapore | Personal Data Protection Act 2012 (Singapore Government, 2012) | Cornerstone of Singapore’s data protection legal framework; focuses on the collection, use, disclosure, and protection of personal data |
Cybersecurity Act (Singapore Government, 2018) | Prevents, manages, and responds to cybersecurity threats and incidents, particularly in the context of critical information infrastructure | ||
Electronic Transactions Act (Singapore Government, 2010) | Fosters the security and reliability of electronic transactions | ||
7 | China | Cybersecurity Law of the People’s Republic of China (National People’s Congress of China, 2016) | Data processing activities should comply with laws and regulations, respect social morals, and adhere to cyber ethics |
Data Security Law of the People’s Republic of China (National People’s Congress of China, 2021a) | |||
Personal Information Protection Law of the People’s Republic of China (National People’s Congress of China, 2021b) | Embodies data ethics principles, such as informed consent, transparency, openness, security, accountability, and public welfare in its provisions on personal information processing | ||
Regulations on Network Data Security Administration (Cyberspace Administration of China, 2021) | Provides detailed provisions regarding data processing activities that violate legal regulations and ethical morals | ||
8 | European Union | Data Protection Directive (European Union, 1995) | Protects the rights related to the processing of personal data and sets regulatory requirements for data security and individual privacy |
General Data Protection Regulation (GDPR) (European Union, 2018) | Emphasizes the protection of personal data rights and establishes an independent regulatory body, the ethical red lines in the era of big data have been clearly delineated | ||
9 | OECD | OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD, 1980) | Outlines eight fundamental principles in the protection of personal data OECD Privacy Guidelines—global minimum standards for privacy and data protection |
