The role of information commissioner differs from nation to nation. Most commonly it is a title given to a government regulator in the fields of freedom of information and the protection of personal data in the widest sense. The office often functions as a specialist ombudsman service.
Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data privacy or data protection.
The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Science, Innovation and Technology. It is the independent regulatory office dealing with the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland. When they audit an organisation they use Symbiant's audit software.
Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person.
Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.
Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handling sensitive information.
The Information and Privacy Commissioner of Ontario was established as an officer of the Legislature by Ontario's Freedom of Information and Protection of Privacy Act, which came into effect on January 1, 1988. The current commissioner is Patricia Kosseim.
The Spanish Data Protection Agency is an independent agency of the government of Spain which oversees the compliance with the legal provisions on the protection of personal data. The agency is headquartered in the city of Madrid and it extends its authority to the whole country.
The German Bundesdatenschutzgesetz (BDSG) is a federal data protection act, that together with the data protection acts of the German federated states and other area-specific regulations, governs the exposure of personal data, which are manually processed or stored in IT systems.
Privacy by design is an approach to systems engineering initially developed by Ann Cavoukian and formalized in a joint report on privacy-enhancing technologies by a joint team of the Information and Privacy Commissioner of Ontario (Canada), the Dutch Data Protection Authority, and the Netherlands Organisation for Applied Scientific Research in 1995. The privacy by design framework was published in 2009 and adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities in 2010. Privacy by design calls for privacy to be taken into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., taking human values into account in a well-defined manner throughout the process.
Data anonymization is a type of information sanitization whose intent is privacy protection. It is the process of removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous.
The right to be forgotten (RTBF) is the right to have private information about a person be removed from Internet searches and other directories under some circumstances. The issue has arisen from desires of individuals to "determine the development of their life in an autonomous way, without being perpetually or periodically stigmatized as a consequence of a specific action performed in the past". The right entitles a person to have data about them deleted so that it can no longer be discovered by third parties, particularly through search engines.
Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (2014) is a decision by the Court of Justice of the European Union (CJEU). It held that an Internet search engine operator is responsible for the processing that it carries out of personal information which appears on web pages published by third parties.
Bodil Lindqvist v Åklagarkammaren i Jönköping (2003) is a decision by the Court of Justice of the European Communities. It held that referring to various persons on an internet page and identifying them either by name or by other means constitutes processing of personal data by automatic means within the meaning of Community law.
The Ley Federal de Protección de Datos Personales en Posesión de los Particulares, is a law of Mexico, approved by the Mexican Congress on April 27, 2010. The law aims to regulate the right to informational self-determination. The law was published on July 5, 2010, in the Official Gazette and entered into force on July 6, 2010. Its provisions apply to all natural or legal persons who carry out the processing of personal data in the applicable exercise of their activities. Companies such as banks, insurance companies, hospitals, schools, telecommunications companies, religious organizations, and professionals such as lawyers, doctors, and others, are required to comply with the provisions of this law.
The Organic Law 15/1999 of December 13 on Protection of Personal Data was Spanish organic law that guaranteed and protected the processing of personal data, public liberties, and fundamental human rights, and especially of personal and family honor and privacy. It was approved by the General Court on December 13, 1999. This law was developed based on Article 18 of the Spanish Constitution of 1978, the familiar and personal right to privacy, and the secrecy of communications.
The National Privacy Commission, or NPC, is an independent body created under Republic Act No. 10173 or the Data Privacy Act of 2012, mandated to administer and implement the provisions of the Act, and to monitor and ensure compliance of the country with international standards set for data protection. It is attached to the Philippines' Department of Information and Communications Technology (DICT) for purposes of policy coordination, but remains independent in the performance of its functions. The Commission safeguards the fundamental human right of every individual to privacy, particularly Information privacy while ensuring the free flow of information for innovation, growth, and national development.
Ximena Puente de la Mora is a Mexican lawyer, academic, and researcher who will serve as a proportional representation federal deputy in the LXIV Legislature of the Mexican Congress. Prior to being a federal deputy, she was a commissioner of the Federal Institute of Information Access from 2014 to 2016. After the General Law of Transparency and Access to Public Information took effect, this became the National Institute of Transparency, Information Access, and Personal Data Protection, of which she remained president through 2017 and commissioner through March 2018. She holds a degree in law from the University of Colima, a master's in legal sciences from the University of Navarra in Spain, and a PhD in law from the University of Guadalajara.
The National Directorate for Personal Data Protection (NDPDP) is the enforcement body for the Argentine Republic's National Personal Data Protection Act. It is a dependency of the Ministry of Justice and Human Rights. The directorate is in charge of the National Databases Register, an organized tool that is used in order to understand and control the data bases that circulate throughout the country. The National Databases Register assists and advises those responsible for archives, data banks, registers, and databases with complaints and claims made against them. Such claims are made for violations of rights of information, access, rectification, updating, deletion, and confidentiality in the processing of data. The complaints that are brought before the National Directorate for Personal Data Protection are exclusively about revealing deficiencies or incompliance with applicable standards in the treatment of personal data.
The Personal Information Protection Commission is national data protection authority of South Korea. It is formed as independent agency in year 2011 by 'Personal Information Protection Act(PIPA, Korean: 개인정보 보호법)', and is now located in Government Complex Seoul. The Commission is constituted with 9 commissioners and one of them is the Chairperson, who is appointed by the President of South Korea.
Austria: Austrian Data Protection Authority (German : Datenschutzbehörde)
Belgium: Belgian Data Protection Authority (Dutch : Gegevensbeschermingsautoriteit (GBA), French : Autorité de protection des données (APD), German : Datenschutzbehörde), also known as APD-GBA
Bulgaria: Bulgarian Data Protection Authority (Bulgarian : Комисия за защита на личните данни)
Cyprus: Office of the Commissioner for Personal Data Protection (Greek : Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα)
Czech Republic: Office for Personal Data Protection (Czech : Úřad pro ochranu osobních údajů (ÚOOÚ))
Denmark: Danish Data Protection Agency (Danish : Datatilsynet)
Estonia: Estonian Data Protection Inspectorate (Estonian : Andmekaitse Inspektsioon)
Finland: Office of the Data Protection Ombudsman (Finnish : Tietosuojavaltuutetun toimisto)
France: Commission nationale de l'informatique et des libertés (lit. 'National Commission on Informatics and Liberty'), also known as CNIL
Germany: Federal Commissioner for Data Protection and Freedom of Information (German : Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI)) 
Greece: Hellenic Data Protection Authority (Greek : Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), also known as HDPA
Hungary: Hungarian National Authority for Data Protection and Freedom of Information (Hungarian : Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH))
Iceland: Data Protection Authority (Icelandic : Persónuvernd)
Ireland: Data Protection Commissioner (Irish : An Coimisinéir Cosanta Sonraí), also known as DPC
Italy: Italian Data Protection Authority (Italian : Garante per la Protezione dei Dati Personali), also known as Italian DPA
Latvia: Data State Inspectorate (Latvian : Datu valsts inspekcija, Russian : Государственная инспекция данных)
Liechtenstein: Datenschutzstelle 
Lithuania: State Data Protection Inspectorate (Lithuanian : Valstybinė duomenų apsaugos inspekcija (VDAI))
Luxembourg: National Commission for Data Protection (German : Nationale Kommission für den Datenschutz, French : Commission nationale pour la protection des données), also known as CNPD
Malta: Office of the Information and Data Protection Commissioner, also known as IDPC
Netherlands: Dutch Data Protection Authority (Dutch : Autoriteit Persoonsgegevens (AP))
Norway: Norwegian Data Protection Authority (Norwegian : Datatilsynet)
Poland: Polish Data Protection Commissioner (Polish : Urząd Ochrony Danych Osobowych (UODO))
Portugal: National Commission Data Protection (Portuguese : Comissão Nacional de Proteção de Dados (CNPD)), also known as NCDP
Romania: National Authority for the Supervision of Personal Data Processing (Romanian : Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal), also known as ANSPDCP
Slovakia: Office for Personal Data Protection of the Slovak Republic (Slovak : Úrad na ochranu osobných údajov Slovenskej republiky)
Slovenia: Information Commissioner of the Republic of Slovenia (Slovene : Republika Slovenija Informacijski pooblaščenec)
Spain: Spanish Data Protection Agency (Spanish : Agencia Española de Protección de Datos (AEPD)) 
Andalusia: Transparency and Data Protection Council of Andalusia (Spanish : Consejo de Transparencia y Protección de Datos de Andalucía)
Basque Country: Basque Data Protection Authority (Basque : Datuak Babesteko Euskal Bulegoa, Spanish : Agencia Vasca de Protección de Datos)
Catalonia: Catalan Data Protection Authority (Catalan : Autoritat Catalana de Protecció de Dades (APDCAT))
Sweden: Swedish Data Protection Authority (Swedish : Datainspektionen), also known as Swedish DPA
United Kingdom: Information Commissioner's Office, also known as ICO
Albania: Information and Data Protection Commissioner (IDP) (Komisionerit për të Drejtën e Informimit dhe Mbrojtjen e të Dhënave Personale (KDIMDP))
Andorra: Data Protection Agency of Andorra (Catalan : Agència Andorrana de Protecció de Dades (APDA))
Croatia: Croatian Personal Data Protection Agency (Croatian : Agencija za zaštitu osobnih podataka (AZOP))
Georgia: Personal Data Protection Service (Georgian :პერსონალურ მონაცემთა დაცვის სამსახური)
Guernsey: Data Protection Office 
North Macedonia: Directorate for Personal Data Protection (Macedonian : Дирекција за заштита на лични податоци)
Isle of Man: Office of the Data Protection Supervisor 
Monaco: Commission de contrôle des informations nominatives (lit. 'Personal Data Control Board'), also known as CCIN
Russia: Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor)
Serbia: Commissioner for Information of Public Importance and Personal Data Protection (Serbian : Повереник за информације од јавног значаја и заштиту података о личности)
Switzerland: Federal Data Protection and Information Commissioner (German : Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB), French : Préposé fédéral à la protection des données et à la transparence (PFPDT), Italian : Incaricato federale della protezione dei dati e della trasparenza (IFPDT)), also known as FDPIC
Turkey: Turkish Data Protection Authority (Turkish : Kişisel Verileri Koruma Kurumu (KVKK))
Ukraine: Ukrainian Parliament Commissioner for Human Rights (Ukrainian : Уповноважений Верховної Ради України з прав людини)
Angola: Data Protection Agency (Portuguese : Agência de Proteção de Dados), known as APD
Egypt: No national authority is responsible for data protection.
Ghana: Data Protection Commission 
Morocco: Commission nationale de contrôle de la protection des données à caractère personnel (lit. 'National Commission for the Control of the Protection of Personal Data'), also known as CNDP
Mozambique: No national authority is responsible for data protection.
Nigeria: National Information Technology Development Agency (NITDA) and Nigerian Communications Commission (NCC) provide services regarding data protection.
Senegal: Commission de protection des Données Personnelles (lit. 'Commission for the protection of Personal Data'), also known as CDP
South Africa: Information Regulator [4] 
Tunisia: National Authority for Protection of Personal Data (French : Instance nationale de protection des données personnelles), known as INPDP
Zimbabwe: There is currently no data protection authority but the Zimbabwe Media Commission comments on the degree of protection of privacy from public bodies programs.
China: Cyberspace Administration of China (CAC)
Hong Kong: Office of the Privacy Commissioner for Personal Data (PCPD)
India: Data Protection Board of India 
Indonesia: Personal Data Protection Authority Institute 
Israel: The Privacy Protection Authority (Hebrew : הרשות להגנת הפרטיות)
Japan: Personal Information Protection Commission (Japan) (PPC)
Kazakhstan: Data protection is regulated by the state.
Macau: Office for Personal Data Protection, known as OPDP
Malaysia: There is a Personal Data Protection Commissioner
Pakistan: National Commission for Personal Data Protection 
Philippines: National Privacy Commission 
Qatar: Qatar Ministry of Transport and Communications 
Saudi Arabia: No national authority is responsible for data protection.
Singapore: A Personal Data Protection Commission is created following the Personal Data Protection Act 2012 (Singapore) 
South Korea: Personal Information Protection Commission (South Korea) (PIPC)
Taiwan: No national authority is responsible for data protection.
Thailand: Office of the Personal Data Protection Committee 
Turkmenistan: No national authority is responsible for data protection.
Uzbekistan: Regulators for data protection are sector-specific.
Canada: Office of the Privacy Commissioner of Canada (French : Commissariat à la protection de la vie privée du Canada)
Mexico: National Institute of Transparency for Access to Information and Personal Data Protection (Spanish : Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI))
USA: There is no single national authority.
Argentina: Dirección Nacional de Protección de Datos Personales (lit. 'National Directorate for Personal Data Protection'), known as PDP
Bolivia: No national authority is responsible for data protection.
Brazil: National Data Protection Authority (ANPD) [5] 
Chile: There is no dedicated authority.
Colombia: Superintendency of Industry and Commerce (SIC)
Peru: Ministerio de Justicia y Derechos Humanos (Perú) (lit. 'Ministry of Justice and Human Rights')
Uruguay: Personal Data Control and Regulatory Unit.
Venezuela: No national authority is responsible for data protection.
Costa Rica: Agency for the Protection of Individual's Data (Spanish : Agencia de Protección de datos de los Habitantes), known as PRODHAB
Dominican Republic: No national authority is responsible for data protection.
Honduras: National Civil Registry (Spanish : Registro Nacional de las Personas) [6] and Institute for the Access to Public Information (Spanish : Instituto Acceso Informacion Publica) [7] 
Panama: No national authority is responsible for data protection.
