OPTF

Cyber laws around the world: Privacy is not the policy

There is no doubt that the European Union’s GDPR has changed the cyber regulation landscape forever. As onlookers from non-EU countries urge their governments and regulators to adopt similar legislation, countries are rapidly adopting their own sweeping data protection and cyber legislation, much of which is below the standards required to genuinely protect the rights of their citizens.  

Over the last few months, the OPTF has commissioned eight articles from journalists, lawyers, and other members of civil society all around the world. Each article reviewed and analysed recent and upcoming cyber laws from specific places: the Philippines, Peru, Russia, India, Hong Kong, Brasil, Indonesia, and Kazakhstan. 

All legislators face their own unique challenges on the path to enacting effective data protection regulation. For various reasons, data protection regulation seems to be falling short time and time again. Whether it’s deliberately faulty Trojan-horse bills designed to increase governmental powers, out-of-touch and outdated notions about data protection, or failing to cover the ever-growing scope of ‘data’ — regulators are failing to come up with effective solutions.

Overall, cyber laws are becoming more common, more severe, and (often) more damaging to people’s civil rights. Internet freedoms are being eroded with extreme efficacy by multiple governments around the world, as they learn just how easy and effective tech regulation can be. 

SIM registration in the Philippines

New laws in the Philippines require residents to register their SIM cards using government-issued ID, a policy which is disastrous for people’s privacy and online anonymity. 

Similar legislation had previously been blocked by President Duterte who, motivated by his own self-interests, cited human rights concerns as justification for vetoing the proposal. Though Duterte provided an (unexpected, but welcome) ally for opponents of SIM registration, there has been a renewed push for cyber laws since the  election of President Marcos Jr. Read the full article by Jamael Jacob

Peruvian Government cracking down on social media 

In Peru, a bill is proposed which places serious restrictions on people’s ability to communicate and express themselves freely online. Its narrow interpretation of ‘free speech’ could usher in an unprecedented era of litigation and prosecution for legitimate, non-harmful speech. 

The bill requires that all content posted on social media must be ‘truthful, complete, accurate, updated, verifiable, and understandable.’ Additionally, it would require express written consent to post photos, videos, or information about a person. 

These requirements would not only impact everyday people trying to use social media for its original purpose, but also have a chilling effect on the Fourth Estate. Read the full article by Lucía León Pacheco 

Attacks targeting civil society in Russia

Russia has become well known for its numerous restrictive laws which regulate and limit people’s activities in cyberspace. Laws in Russia carry penalties of up to 15 years for spreading fake information about the Russian military and state institutions abroad. 

As the war with Ukraine continues, multiple criminal cases have been opened against writers, journalists, and a councillor. 

The Russian authorities are also known to have blocked or throttled several major social media platforms including Twitter, Facebook, and Instagram. Currently there is no sign that censorship efforts will slow down, rather  it seems the government’s attempts to control information flow will become more drastic and intense. Read the full article by Baurzhan Rakhmetov

Data protection regulation in India 

India’s journey towards data protection regulation has been long and difficult. Late in 2022, the Indian Government withdrew the most recent effort—the Personal Data Protection Bill—and indicated they would work on a new bill soon. 

Efforts to create data protection legislation have been caught up in an ongoing judicial debate about whether or not there exists a constitutionally protected right to privacy in India. Although India’s Supreme Court has now judged that the right to privacy is protected, there remains uncertainty about the future of data protection legislation in the country. Read the full article by Amber Sinha

More and more cyber laws in Hong Kong

Freedom of expression in Hong Kong has been continuously eroded—not just in cyberspace—for some time now. A recent case where five people were sentenced to 19 months in jail for their role in publishing children’s storybooks signalled yet another lowering of the bar for freedom of expression in Hong Kong.  

Recent consultation for a new cyber-crime law has sparked concern from the Internet sector, civil society, and regular people. Among items suggested were the criminalisation of non-malicious, but unauthorised access of devices, and harsher sentencing across the board. Read the full article by Charles Mok

Assessing the impact of Brazil’s data protection law

Brazil’s own data protection law was passed just a few days after the GDPR came into effect. However, the result of Brazil’s regulation has been relatively mixed. The law originally allowed for the sharing of personal data among authorities, enabling the distribution of sensitive personal info without consent. The Supreme Court has since ruled against authorities operating a shared database, there has already been significant damage done to people’s privacy. 

Additionally, due to different rules applying for and to certain groups, particularly judicial and law enforcement authorities. Consequently, the data protection law is often being used to avoid releasing data under access to information requests — stifling journalistic work. Read the full article by Adriana Meireles

Data protection regulation finally passes in Indonesia

Six years after it was initially submitted to parliament, the Indonesian Data Protection Bill was finally approved in September 2022. The long-pending legislation was delayed by political disagreements over who (or what) body should be tasked with administering the bill. Members of civil society expressed a desire for an independent body which would be free from government influence or intervention. 

It will be up to President Joko Widodo to decide who the supervisory authority will be — and its exact makeup remains unknown.  Read the full article by Juliana Harsianti

Pegasus enabling surveillance in Kazakhstan 

The NSO’s Pegasus spyware has made headlines around the world, but there are still scant mechanisms available to protect against its dramatic and devastating surveillance capabilities. 

Apple has notified a number of Kazakhstanis that Pegasus tracking software was installed on their device. In particular, human rights defender and government critic Bakhytzhan Toregozhina. She posted on her Facebook page that she had suspected she was being tracked, but now the snooping was confirmed — and other activists have echoed her feelings.  Read the full article by Dana Mukhamejanova


The OPTF is observing and analysing trends in cyber laws around the world and how they impact people’s digital rights and privacy. We are embarking on ongoing work to track these trends — if you would like to help us (or know someone who can) please get in touch!