National data protection authority

Last updated October 05, 2025

There are several national data protection authorities across the world, tasked with protecting information privacy. In the European Union and the EFTA member countries, their status was formalized by the Data Protection Directive ^[1] and they were involved in the Madrid Resolution.

Authorities by group of states

On the European level, it is the G29 and the European Data Protection Supervisor (EDPS). The process was backed in 2005 by the Council of Europe, during the World Summit on the Information Society (Tunis, November 2005), and in 2006/2007 within forums on Internet governance (Athens 2006, Rio 2007).
On 12 June 2007, OECD issued a recommendation entitled "OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy". It aimed to improve national Privacy law enforcement so national authorities can better cooperate with foreign authorities and put in place efficient international mechanisms to ease trans-frontier cooperation for legislation protecting privacy.^[2] This recommendation was implemented with the 2010 founding of the Global Privacy Enforcement Network.
An Ibero-American network of data protection exists. In May 2008, during its 6th meeting, in Colombia, its declaration asking international conferences on data protection and privacy to "pursue their efforts, regardless of their geographical location, in order to adopt common legal instruments".
Another network is that of the Central and Eastern data protection authority (CEDPA). This network has expressed its will to pursue and strengthen its activities within the CEDPA, notably to elaborate common solutions and assist new members with the establishment of data protection legislation. That was during the June 2008 meeting in Poland.

List of national data protection authorities

European Economic Area

Austria: Austrian Data Protection Authority (German : Datenschutzbehörde)
Belgium: Belgian Data Protection Authority (Dutch : Gegevensbeschermingsautoriteit (GBA), French : Autorité de protection des données (APD), German : Datenschutzbehörde), also known as APD-GBA
Bulgaria: Bulgarian Data Protection Authority (Bulgarian : Комисия за защита на личните данни)
Cyprus: Office of the Commissioner for Personal Data Protection (Greek : Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα)
Czech Republic: Office for Personal Data Protection (Czech : Úřad pro ochranu osobních údajů (ÚOOÚ))
Denmark: Danish Data Protection Agency (Danish : Datatilsynet)
Estonia: Estonian Data Protection Inspectorate (Estonian : Andmekaitse Inspektsioon)
Finland: Office of the Data Protection Ombudsman (Finnish : Tietosuojavaltuutetun toimisto)
France: Commission nationale de l'informatique et des libertés (lit. 'National Commission on Informatics and Liberty'), also known as CNIL
Germany: Federal Commissioner for Data Protection and Freedom of Information (German : Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI))
- Note: Competent supervisory authorities for the enforcement of data protection in the private sector are the respective state authorities.^[3]
Greece: Hellenic Data Protection Authority (Greek : Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), also known as HDPA
Hungary: Hungarian National Authority for Data Protection and Freedom of Information (Hungarian : Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH))
Iceland: Data Protection Authority (Icelandic : Persónuvernd)
Ireland: Data Protection Commissioner (Irish : An Coimisinéir Cosanta Sonraí), also known as DPC
Italy: Italian Data Protection Authority (Italian : Garante per la Protezione dei Dati Personali), also known as Italian DPA
Latvia: Data State Inspectorate (Latvian : Datu valsts inspekcija, Russian : Государственная инспекция данных)
Liechtenstein: Datenschutzstelle
Lithuania: State Data Protection Inspectorate (Lithuanian : Valstybinė duomenų apsaugos inspekcija (VDAI))
Luxembourg: National Commission for Data Protection (German : Nationale Kommission für den Datenschutz, French : Commission nationale pour la protection des données), also known as CNPD
Malta: Office of the Information and Data Protection Commissioner, also known as IDPC
Netherlands: Dutch Data Protection Authority (Dutch : Autoriteit Persoonsgegevens (AP))
Norway: Norwegian Data Protection Authority (Norwegian : Datatilsynet)
Poland: Polish Data Protection Commissioner (Polish : Urząd Ochrony Danych Osobowych (UODO))
Portugal: National Commission Data Protection (Portuguese : Comissão Nacional de Proteção de Dados (CNPD)), also known as NCDP
Romania: National Authority for the Supervision of Personal Data Processing (Romanian : Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal), also known as ANSPDCP
Slovakia: Office for Personal Data Protection of the Slovak Republic (Slovak : Úrad na ochranu osobných údajov Slovenskej republiky)
Slovenia: Information Commissioner of the Republic of Slovenia (Slovene : Republika Slovenija Informacijski pooblaščenec)
Spain: Spanish Data Protection Agency (Spanish : Agencia Española de Protección de Datos (AEPD))
- Andalusia: Transparency and Data Protection Council of Andalusia (Spanish : Consejo de Transparencia y Protección de Datos de Andalucía)
- Basque Country: Basque Data Protection Authority (Basque : Datuak Babesteko Euskal Bulegoa, Spanish : Agencia Vasca de Protección de Datos)
- Catalonia: Catalan Data Protection Authority (Catalan : Autoritat Catalana de Protecció de Dades (APDCAT))
Sweden: Swedish Data Protection Authority (Swedish : Datainspektionen), also known as Swedish DPA

Europe

Albania: Information and Data Protection Commissioner (IDP) (Komisionerit për të Drejtën e Informimit dhe Mbrojtjen e të Dhënave Personale (KDIMDP))
Andorra: Data Protection Agency of Andorra (Catalan : Agència Andorrana de Protecció de Dades (APDA))
Croatia: Croatian Personal Data Protection Agency (Croatian : Agencija za zaštitu osobnih podataka (AZOP))
Georgia: Personal Data Protection Service (Georgian :პერსონალურ მონაცემთა დაცვის სამსახური)
Guernsey: Data Protection Office
North Macedonia: Directorate for Personal Data Protection (Macedonian : Дирекција за заштита на лични податоци)
Isle of Man: Office of the Data Protection Supervisor
Monaco: Commission de contrôle des informations nominatives (lit. 'Personal Data Control Board'), also known as CCIN
Russia: Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor)
Serbia: Commissioner for Information of Public Importance and Personal Data Protection (Serbian : Повереник за информације од јавног значаја и заштиту података о личности)
Switzerland: Federal Data Protection and Information Commissioner (German : Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB), French : Préposé fédéral à la protection des données et à la transparence (PFPDT), Italian : Incaricato federale della protezione dei dati e della trasparenza (IFPDT)), also known as FDPIC
Turkey: Turkish Data Protection Authority (Turkish : Kişisel Verileri Koruma Kurumu (KVKK))
Ukraine: Ukrainian Parliament Commissioner for Human Rights (Ukrainian : Уповноважений Верховної Ради України з прав людини)
United Kingdom: Information Commissioner's Office, also known as ICO

Africa

Angola: Data Protection Agency (Portuguese : Agência de Proteção de Dados), known as APD
Egypt: No national authority is responsible for data protection.
Ghana: Data Protection Commission
Morocco: Commission nationale de contrôle de la protection des données à caractère personnel (lit. 'National Commission for the Control of the Protection of Personal Data'), also known as CNDP
Mozambique: No national authority is responsible for data protection.
Nigeria: National Information Technology Development Agency (NITDA) and Nigerian Communications Commission (NCC) provide services regarding data protection.
Senegal: Commission de protection des Données Personnelles (lit. 'Commission for the protection of Personal Data'), also known as CDP
South Africa: Information Regulator ^[4]
Tunisia: National Authority for Protection of Personal Data (French : Instance nationale de protection des données personnelles), known as INPDP
Zimbabwe: There is currently no data protection authority but the Zimbabwe Media Commission comments on the degree of protection of privacy from public bodies programs.

Asia

China: Cyberspace Administration of China (CAC)
Hong Kong: Office of the Privacy Commissioner for Personal Data (PCPD)
India: Data Protection Board of India
Indonesia: Personal Data Protection Authority
Israel: The Privacy Protection Authority (Hebrew : הרשות להגנת הפרטיות)
Japan: Personal Information Protection Commission (Japan) (PPC)
Kazakhstan: Data protection is regulated by the state.
Macau: Office for Personal Data Protection, known as OPDP
Malaysia: Personal Data Protection Commissioner Office
Pakistan: National Commission for Personal Data Protection
Philippines: National Privacy Commission
Qatar: Qatar Ministry of Transport and Communications
Saudi Arabia: No national authority is responsible for data protection.
Singapore: Personal Data Protection Commission
South Korea: Personal Information Protection Commission (South Korea) (PIPC)
Taiwan: No national authority is responsible for data protection.
Thailand: Office of the Personal Data Protection Committee
Turkmenistan: No national authority is responsible for data protection.
Uzbekistan: Regulators for data protection are sector-specific.

Oceania

North America

Canada: Office of the Privacy Commissioner of Canada (French : Commissariat à la protection de la vie privée du Canada)
Mexico: National Institute of Transparency for Access to Information and Personal Data Protection (Spanish : Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI))
USA: There is no single national authority.

Central America

Costa Rica: Agency for the Protection of Individual's Data (Spanish : Agencia de Protección de datos de los Habitantes), known as PRODHAB
Dominican Republic: No national authority is responsible for data protection.
Honduras: National Civil Registry (Spanish : Registro Nacional de las Personas)^[5] and Institute for the Access to Public Information (Spanish : Instituto Acceso Informacion Publica)^[6]
Panama: No national authority is responsible for data protection.

South America

Argentina: Dirección Nacional de Protección de Datos Personales (lit. 'National Directorate for Personal Data Protection'), known as PDP
Bolivia: No national authority is responsible for data protection.
Brazil: National Data Protection Authority (ANPD) ^[7]
Chile: There is no dedicated authority.
Colombia: Superintendency of Industry and Commerce (SIC)
Peru: Ministerio de Justicia y Derechos Humanos (Perú) (lit. 'Ministry of Justice and Human Rights')
Uruguay: Personal Data Control and Regulatory Unit.
Venezuela: No national authority is responsible for data protection.

References

↑ Article 28 of EU directive 95/46/EC
↑ OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy
↑ "Datenschutzaufsichtsbehörden für den nicht-öffentlichen Bereich". www.ldi.nrw.de. Archived from the original on November 1, 2020. Retrieved Oct 15, 2020.
↑ "Information Regulator South Africa".
↑ "Home". rnp.hn.
↑ "Archived copy". Archived from the original on 2022-06-17. Retrieved 2022-07-14.{{cite web}}: CS1 maint: archived copy as title (link)
↑ "Brazil's Temer creates data protection agency - official gazette". Reuters. 2018-12-28. Retrieved 2018-12-28.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Article 28 of EU directive 95/46/EC

[2] OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy

[3] "Datenschutzaufsichtsbehörden für den nicht-öffentlichen Bereich". www.ldi.nrw.de. Archived from the original on November 1, 2020. Retrieved Oct 15, 2020.

[4] "Information Regulator South Africa".

[5] "Home". rnp.hn.

[6] "Archived copy". Archived from the original on 2022-06-17. Retrieved 2022-07-14.{{cite web}}: CS1 maint: archived copy as title (link)

[7] "Brazil's Temer creates data protection agency - official gazette". Reuters. 2018-12-28. Retrieved 2018-12-28.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

v t e Privacy
Principles	Right of access to personal data Expectation of privacy Right to privacy Right to be forgotten Post-mortem privacy
Privacy laws	Australia Brazil Canada China Denmark England European Union Germany Ghana New Zealand Russia Singapore Sri Lanka Switzerland United Kingdom United States California, amended in 2020
Data protection authorities	Australia Denmark European Union France Germany India Indonesia Ireland Isle of Man Netherlands Norway Philippines Poland South Korea Spain Sweden Switzerland Thailand Turkey United Kingdom
Areas	Consumer Digital Education Medical Workplace
Information privacy	Automotive Law Financial Internet Facebook Google Twitter Email Personal data Personal identifier Social networking services Privacy-enhancing technologies Privacy engineering Privacy-invasive software Privacy policy Privacy software Secret ballot Virtual assistant privacy
Advocacy organizations	American Civil Liberties Union Center for Democracy and Technology Computer Professionals for Social Responsibility Data Privacy Lab Electronic Frontier Foundation Electronic Privacy Information Center European Digital Rights Future of Privacy Forum Global Network Initiative International Association of Privacy Professionals NOYB Privacy International
See also	Anonymity Cellphone surveillance Data security Eavesdropping Global surveillance Identity theft Mass surveillance Panopticon PRISM Search warrant Wiretapping Human rights Personality rights
Category