Privacy Policy Requirements by Country: Data-Protection Law in 33 Jurisdictions
Almost every country now requires a website or app that collects personal data to publish a privacy policy, but the governing law and mandatory disclosures differ. This reference compares the data-protection statute for 33 jurisdictions, with a free, locally-drafted privacy policy template for each.
Why privacy-policy requirements differ by country
A privacy policy is the public-facing part of a data-protection regime, so its required contents follow the local statute. The EU/EEA and UK GDPR demand a specific list of disclosures — legal basis, retention, data-subject rights, transfers; Brazil's LGPD, Canada's PIPEDA, and national laws across Asia, Africa and the Gulf impose their own variants. What must be disclosed, which rights must be offered, and which regulator supervises all change by jurisdiction — which is why the template differs per country.
Governing statute & free template by country
| Country | Primary governing statute | Free privacy policy template |
|---|---|---|
| Argentina | Ley de Protección de Datos Personales N.° 25.326; Decreto Reglamentario 1558/2001 | Política de Privacidad para Sitio Web Argentina |
| Belgium | Reglement UE 2016/679 (RGPD) art. 13-14 ; Loi belge du 30 juillet 2018 relative a la protection des personnes physiques a l egard des traitements de donnees a caractere personnel | Politique de Confidentialité RGPD Belgique |
| Brazil | Lei 13.709/2018 (LGPD) | Política de Privacidade (LGPD) |
| Chile | Ley N° 19.628/1999 Art. 4; Ley N° 21.719/2024 | Website Privacy Policy Chile (Política de Privacidad) |
| Colombia | Ley 1581/2012; Decreto 1377/2013 | Privacy Policy (Política de Tratamiento de Datos) Colombia |
| Denmark | Databeskyttelsesloven (LOV nr. 502 af 23/05/2018) | Business Privacy Policy Denmark |
| Finland | Yleinen tietosuoja-asetus (EU 2016/679) art. 13–14; Tietosuojalaki (1050/2018); Laki sähköisen viestinnän palveluista (917/2014) | Privacy Policy Finland |
| France | Règlement UE 2016/679 (RGPD) art. 13-14 (information des personnes concernées) ; Loi n°78-17 du 6 janvier 1978 modifiée (Informatique et Libertés) | Politique de Confidentialité RGPD France |
| Germany | DSGVO Art. 13 (Informationspflicht bei Direkterhebung); DSGVO Art. 14 (Dritterhebung); BDSG §26 (Beschäftigtendatenschutz); TTDSG §25 (Cookies); TMG §13 (Informationspflicht) | Website Privacy Policy Germany |
| Ghana | Data Protection Act 2012 (Act 843) | Privacy Policy (Ghana) |
| Hong Kong | Personal Data (Privacy) Ordinance (Cap. 486) | Privacy Policy (Hong Kong) |
| India | Digital Personal Data Protection Act, 2023 | Privacy Policy (India) |
| Ireland | Data Protection Act 2018 (GDPR) | Privacy Policy (Ireland) |
| Italy | Reg. UE 2016/679 artt. 12–14, 6, 15–22; D.Lgs. 196/2003 (Codice Privacy) | Informativa Privacy GDPR (Clienti e Sito Web) |
| Kenya | Data Protection Act No. 24 of 2019 | Privacy Policy (Kenya) |
| Malaysia | Personal Data Protection Act 2010 (Act 709) | Privacy Policy (Malaysia) |
| Mexico | Ley Federal de Protección de Datos Personales en Posesión de los Particulares art. 17 | Short-Form Privacy Notice Mexico (Aviso de Privacidad Simplificado) |
| Netherlands | AVG (EU 2016/679) art. 13 (informatieverstrekking); Uitvoeringswet AVG 2018; AVG art. 6 (grondslagen) en art. 32 (beveiliging) | Privacybeleid Website Nederland |
| New Zealand | Privacy Act 2020 | Privacy Policy (New Zealand) |
| Nigeria | Companies and Allied Matters Act (CAMA) 2020 | Privacy Policy (Nigeria) |
| Norway | Personvernforordningen (GDPR) art. 13-14; personopplysningsloven (2018); ekomloven | Privacy Policy Norway |
| Pakistan | Prevention of Electronic Crimes Act 2016 | Privacy Policy (Pakistan) |
| Philippines | Data Privacy Act (RA 10173) | Privacy Policy (Philippines) |
| Poland | art. 13-14 RODO (obowiązek informacyjny); art. 5-6 RODO (zasady i podstawy); art. 15-22 RODO (prawa); art. 77 RODO (skarga do PUODO); ustawa z 10.05.2018 o ochronie danych osobowych (Dz.U. 2018 poz. 1000) | Polityka prywatności (RODO) |
| Portugal | Regulamento (UE) 2016/679 (RGPD); Lei nº 58/2019 de 8 de agosto | Privacy Policy GDPR Portugal (Política de Privacidade RGPD) |
| Quebec | Act Respecting the Protection of Personal Information (CQLR, c. P-39.1) | Privacy Policy (Quebec) |
| Singapore | Personal Data Protection Act 2012 (PDPA) | Privacy Policy (Singapore) |
| Spain | LOPDGDD Ley Orgánica 3/2018 (art. 13); RGPD (UE) 2016/679 | Privacy Policy Spain (Política de Privacidad LOPDGDD) |
| Sweden | Europaparlamentets och rådets förordning (EU) 2016/679 (GDPR) art. 13-14; lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning (dataskyddslagen); lag (2003:389) om elektronisk kommunikation (LEK) | Integritetspolicy Sverige (GDPR-kompatibel) |
| Switzerland | Revidiertes Bundesgesetz über den Datenschutz (DSG, SR 235.1) Art. 19-21 (Informationspflichten), Art. 22 (Datenschutzfolgenabschätzung), Art. 24 (Meldepflicht bei Datenpannen), Art. 25 (Auskunftsrecht), Art. 51 (Bussen bis CHF 250'000); Datenschutzverordnung (DSV, SR 235.11); Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB); EU-DSGVO Art. 6 (Rechtsgrundlagen, für EU-Kunden anwendbar) | Datenschutzerklärung Website Schweiz |
| United Arab Emirates | Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) | Online Store Privacy Policy (UAE) |
| United Kingdom | UK General Data Protection Regulation (UK GDPR) | Privacy Policy (UK) |
| United States | California Consumer Privacy Act (CCPA) | Privacy Policy |
Statutes shown are the primary governing act; the specific requirements are set out on each linked country page. All 33 template links verified live on 2026-06-25.
Frequently asked questions
Is a privacy policy legally required?
In most jurisdictions, yes — any site or service that collects personal data must publish a privacy notice under the local data-protection law (for example the EU/UK GDPR, Brazil's LGPD, Canada's PIPEDA). The required contents and the supervising regulator differ by country; this table lists the governing statute for 33 jurisdictions.
What must a privacy policy include?
Common mandatory items are: what data is collected, the purpose and legal basis, retention period, third-party sharing and international transfers, data-subject rights, and contact details for the controller or DPO. GDPR-based regimes require the fullest list; other laws are lighter. The country page sets out the local requirement.
Does one privacy policy work in every country?
Not reliably. A GDPR-compliant policy covers a lot, but national laws add or vary requirements (consent rules, breach contacts, local-language obligations). A jurisdiction-specific policy reduces compliance risk. Each country template is drafted to its local statute.
Are these privacy policy templates free?
Yes — a free, jurisdiction-specific privacy policy template is available for every country listed, as PDF or Word with no signup.
About this comparison
Each entry maps a jurisdiction to its primary governing statute and to the matching free template on forms-legal.com. The data is curated from our multi-jurisdiction legal document library; the linked country pages carry the full, locally-drafted document and the current statutory detail. Templates are free to download as PDF or Word with no signup. This is reference information, not legal advice.