In Brazil, the National Congress is debating two separate bills, one in the Senate and one in the House. The House Bill on the Protection of Personal Data is strongly influenced by the EU’s General Data Protection Regulation, even updating and strengthening GDPR requirements in a number of areas. While the bill may secure passage in 2018, comprehensive bills have been debated in Brazil on and off since 2010 (see the December 2010 report in this blog) and the current political and economic turmoil in the country may lead to further delays.
In South Africa, the country’s Information Regulator is now expected to put the Protection of Personal Information (POPI) Act into effect in the second half of 2018. POPI was signed into law by President Jacob Zumi in 2013, but its implementation delayed while regulatory infrastructure, capability and guidance were developed.
In India, Electronics and IT Minister Ravi Shankar Prasad stated that a report from the 10-member Srikrishna Committee on data protection was expected shortly, after which a comprehensive bill would be prepared. In a hearing challenging the Aadhaar near the end of January, the country’s Attorney General informed the Supreme Court that a draft bill would be ready by March 2018.
In Thailand, a public consultation on a revised Personal Data Protection Bill, which incorporates a number of concepts from the GDPR, concluded on February 6. The next steps for the bill will be its advancement to the country’s Cabinet for approval, then to the National Legislative Assembly and finally to the country’s King for final approval.
Finally, definitive effective dates for previously enacted comprehensive DP laws were reported for Bermuda and the Cayman Islands. Bermuda’s Personal Information Protection Act, passed in July 2016, will come into full force in December 2018. Cayman’s Data Protection Law, passed in March 2017, will come into effect a month after Bermuda's, in January 2019.