It goes without saying that the internet knows no boundaries and knows no country. The problem is that we very much do live in a world with boundaries and countries — and as such, we are all very much bound by laws.

Our primary interest is always and always will be our customers — but we also work within the laws of the countries that our servers are located in. We always strive to balance the demands of what the locals laws are and what is right for our clients and we will always take the side of our clients if we ever have to choose between the two.

With recent news coverage of breaches into communications carried out online, we thought we’d offer an overview of the internet privacy laws of the world’s biggest internet markets.


The United States

There is no single law with regards to individual data and the protection of consumer data, or laws with regards to gathering, acquiring, storing or the use of that data.

The US uses a patchwork of laws that addresses different kinds of data. HIPAA, for example, regulates the health history of the individual and the use and disclosure of that information. The Fair Credit Reporting Act allows consumers the ability to view, correct, contest, and limit the uses of credit reports. The Electronic Communications Privacy Act is meant to protect individuals from the interception of data — however, the law was written with loopholes such as implied consent when reading a communication or accepting employment.


The European Union

The EU tightly regulates consumer data through the European Convention on Human Rights and its courts have given it broad interpretation. Data collection by member states always falls under this law. The EU also regulates the automated collection of data.

If information is going to be exchanged between the EU and the US, American companies that receive the data have to comply with what’s known as the “Safe Harbour” framework, which ensures the companies comply with EU law. Users from the EU, in fact, are often given greater privacy controls over their online accounts on sites such as eBay and Amazon because of these laws.



Since 2001, Canadians have been protected by the Personal Information Protection and Electronic Documents Act, which covers any private organization regulated by the Canadian government. The law coves how companies and government agencies can use information and how they need to disclose its collection. There are exceptions for libraries, journalists, individuals and Canada’s intelligence agencies.



The online privacy laws in India do not have the legal authority to do much if someone feels their privacy is being violated. However, since the 2008 Mumabi attack, the Indian government has been known to actively monitor Internet traffic and actively censor websites it deems objectionable to taste or national security.


Hong Kong, SAR

Unlike the rest of China, Hong Kong is administered by an autonomous government (hence the “Special Administrative Region” designation). Citizens of Hong Kong are guaranteed the freedom of speech and press, and the government respects those rights.

However, its online privacy laws, enacted in 1993 are fairly basic. The laws prohibit using a computer with an intent to commit an offense; with a dishonest intent to deceive; with a view to gain for oneself or another or with a dishonest intent to cause loss to another.



China’s position on the internet is clear — it prohibits any websites that it feels will cause a disturbance within its boarders. This definition changes daily and its censorship program encompasses internet activity from websites to social media feeds.

The country does have several privacy laws on the books. The latest, enacted in 2013 is The Rules Regarding the Protection of Personal Information of Telecommunications and Internet Users, which regulates personal information as it pertains to e-commerce. Chinese tort courts have upheld that privacy cannot be infringed on and can be liable under the court; its criminal courts have maintained that telecoms companies are criminally liable for releasing a customer’s information.

However, it remains to be seen if China’s new law regarding privacy will do much, as the older law, The Decision on Strengthening the Protection of Online Information, wasn’t clear as to what the responsibilities of the government were. The law was not fully implemented because of this.