THE LEX DIGITALIS

International & Comparative Information Technology (IT) Law

lex digitalis: special rules and regulations which applies to information technology area, also known as it law, cyber law, tech law


European Union (EU)

EU GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement Of Such Data, And Repealing Directive 95/46/EC (General Data Protection Regulation)

EU LAW ENFORCEMENT DIRECTIVE – Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data by Competent Authorities for the Purposes of the Prevention, Investigation, Detection or Prosecution of Criminal Offences or the Execution of Criminal Penalties, and on the Free Movement of Such Data, and Repealing Council Framework Decision 2008/977/JHA

EU 95/46/EC DIRECTIVE – Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

EU E-PRIVACY DIRECTIVE – Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

EU NON-PERSONAL DATA REGULATION – Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union

EU OPEN DATA DIRECTIVE – Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information

EU INSTITUTIONS DATA REGULATION – Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC

EU CYBERSECURITY ACT – Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)

EU NIS DIRECTIVE – Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Concerning Measures for a High Common Level of Security of Network and Information Systems Across the Union

EU COUNCIL CYBER REGULATION – Council Regulation (EU) 2019/796 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States

EU INFOSEC DIRECTIVE – Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA

EU ECITRC REGULATION – Regulation (EU) 2021/887 of the European Parliament and of the Council of 20 May 2021 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres

EU P2B REGULATION – Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on Promoting Fairness and Transparency for Business Users of Online Intermediation Services

EU COM RANKING GUIDE – European Commission, Commission Notice Guidelines on ranking transparency pursuant to Regulation (EU) 2019/1150 of the European Parliament and of the Council 2020/C 424/01

EU EIDAS – Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

EU INFORMATION SOCIETY DIRECTIVE – Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services

EU E-COMMERCE DIRECTIVE – Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’)

EU TERROR CONTENT REGULATION – Regulation (EU) 2021/784 of the European Parliament and of the Council of 29 April 2021 on addressing the dissemination of terrorist content online

EU DIGITAL CONTENT AND SERVICES DIRECTIVE – Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services

EU AVMS DIRECTIVE – Directive 2010/13/EU of the European Parliament and of the Council of 10 March 2010 on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual media services (Audiovisual Media Services Directive)

EU ACCESSIBILITY DIRECTIVE – Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services

EU WEB ACCESIBILITY DIRECTIVE – Directive (EU) 2016/2102 of the European Parliament and of the Council of 26 October 2016 on the accessibility of the websites and mobile applications of public sector bodies

EU ECC DIRECTIVE – Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code

EU COUNCUL EUROHPC REGULATION – Council Regulation (EU) 2021/1173 of 13 July 2021 on establishing the European High Performance Computing Joint Undertaking and repealing Regulation (EU) 2018/1488

EU OPEN INTERNET REGULATION – Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Unio

EU PSD – Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (Text with EEA relevance)

EU GEO-BLOCKING DIRECTIVE – Regulation (EU) 2018/302 of the European Parliament and of the Council of 28 February 2018 on addressing unjustified geo-blocking and other forms of discrimination based on customers’ nationality, place of residence or place of establishment within the internal market and amending Regulations (EC) No 2006/2004 and (EU) 2017/2394 and Directive 2009/22/EC

EU COPYRIGHT DIRECTIVE – Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC

EU SATELLITE AND CABLE II DIRECTIVE – EU Directive (EU) 2019/789 of the European Parliament and of the Council of 17 April 2019 laying down rules on the exercise of copyright and related rights applicable to certain online transmissions of broadcasting organisations and retransmissions of television and radio programmes, and amending Council Directive 93/83/EEC

EU PORTABILITY REGULATION – Regulation (EU) 2017/1128 of the European Parliament and of the Council of 14 June 2017 on cross-border portability of online content services in the internal market

EU E-INVOICING DIRECTIVE – Directive 2014/55/EU of the European Parliament and of the Council of 16 April 2014 on electronic invoicing in public procurement

EU DATABASE DIRECTIVE – Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases

EU STRATEGIES

European Declaration on Digital Rights and Principles for the Digital Decade

EU CYBERSECURITY STRATEGY – Joint Communication to the European Parliament and the Council the EU’s Cybersecurity Strategy for the Digital Decade, JOIN(2020) 18 final, 16.12.2020

EU DATA STRATEGY – Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions – A European Strategy For Data, COM/2020/66 final, 19.2.2020

EU AI STRATEGY – Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions Artificial Intelligence for Europe, COM/2018/237 final, 25.4.2018

OTHER EU INSTRUMENTS

Council Implementing Regulation (EU) 2020/1125 of 30 July 2020 implementing Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States

European Parliament resolution of 13 June 2018 on cyber defence (2018/2004(INI))

Code of Practice on Disinformation

European Commission, Communication on ‘Tackling online disinformation: a European approach’, COM(2018) 236, 26 April 2018

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS 2030 Digital Compass: the European way for the Digital Decade COM/2021/118 final

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union COM(2022) 122 final

DRAFT EU LAW

DRAFT EU DMA – Proposal for a Regulation of the European Parliament and of the Council on Contestable and Fair Markets in the Digital Sector (Digital Markets Act)

DRAFT EU DSA – Regulation of the European Parliament and of the Council on a Single Market For Digital Services (Digital Services Act) and Amending Directive 2000/31/EC

DRAFT EU AI ACT – Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts

DRAFT DATA ACT – Proposal for a, REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, on harmonised rules on fair access to and use of data, (Data Act) COM(2022) 68 final

DRAFT EU NIS DIRECTIVE 2 – Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 COM/2020/823 final

DRAFT EU CRITICAL ENTITIES DIRECTIVE – Proposal for a DIRECTIVE OF the European Parliament and of the Council on the resilience of critical entities COM/2020/829 final

DRAFT eIDAS REGULATION – Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity COM/2021/281 final

DRAFT EU DATA GOVERNANCE ACT – Proposal for a Regulation of the European Parliament and of the Council on European data governance (Data Governance Act) COM/2020/767 final

DRAFT EU GIG WORKERS DIRECTIVE – Proposal for a DIRECTIVE OF the European Parliament and of the Council on improving working conditions in platform work COM/2021/762 final

DRAFT E-PRIVACY REGULATION – COM (2017) 10: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)

DRAFT MACHINE REGULATION – COM (2021) 202: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on machinery products

DRAFT EU CHIPS ACT – Proposal for a REgulation of the European Parliament and of the Council establishing a framework of measures for strengthening Europe’s semiconductor ecosystem (Chips Act) 2022/0032 (COD)

DRAFT GENERAL PRODUCT SAFETY REGULATION – COM (2021) 346: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on general product safety, amending Regulation (EU) No 1025/2012 of the European Parliament and of the Council, and repealing Council Directive 87/357/EEC and Directive 2001/95/EC of the European Parliament and of the Council

DRAFT DLT REGULATION – Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a pilot regime for market infrastructures based on distributed ledger technology

DRAFT DORA REGULATION – Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 COM/2020/595 final

DRAFT MICA ACT – Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on Markets in Crypto-assets, and amending Directive (EU) 2019/1937 COM/2020/593 final

Legislative proposal on building an EU space-based global secure communication system

European Chips Act

Declaration of the Industrial Alliance for Processors and Semiconductor Technologies

European Cyber Resilience Act

New design requirements and consumer rights for electronics

Multimodal digital mobility services

European Data Act

European Health Data Space

European Alliance for Industrial Data, Edge and Cloud

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the European Health Data Space COM(2022) 197 final

COM (2022) 209: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down rules to prevent and combat child sexual abuse


Council of Europe (CoE)

COE 108 CONVENTION – Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data

COE 108 ADDITIONAL PROTOCOL (181) – Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows

COE 108+ CONVENTION – Modernised Convention for the Protection of Individuals with Regard to the Processing of Personal Data

COE CONVENTION ON CYBERCRIME – Convention on Cybercrime (ETS No. 185)

COE CYBERCRIME CONVENTION ADDITIONAL PROTOCOL – Additional Protocol to the Convention on Cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems (ETS No. 189)

COE CYBERCRIME CONVENTION 2ND PROTOCOL – Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence


United States of America (USA)

US CDA – The Communications Decency Act

US CFAA – The Computer Fraud and Abuse Act

US DMCA – The Online Copyright Infringement Liability Limitation Act of the Digital Millennium Copyright Act of 1998

US CAN-SPAM ACT – The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003

US CLOUD ACT – The Clarifying Lawful Overseas Use of Data Act

US CRIMES AND CRIMINAL PROCEDURE – 18 U.S. Code § 2703 – Required disclosure of customer communications or records

US HIPAA – The Health Insurance Portability and Accountability Act of 1996

US CCPA – California Consumer Privacy Act of 2018

The Federal Trade Commission Act of 1914 (FTCA)

The Children’s Online Privacy Protection Act (COPPA)

The Health Insurance Portability and Accountability Act (HIPAA)

The Electronic Communications Privacy Act

The Computer Fraud and Abuse Act

The Restore Online Shopper’s Confidence Act (ROSCA)

The Communications Decency Act of 1996

The Anti-Cybersquatting Consumer Protection Act of 1999 (ACPA)

The Unlawful Internet Gambling Enforcement Act of 2006 (UIGEA)

The Keeping the Internet Devoid of Sexual Predators Act of 2008

The Broadband Data Improvement Act of 2008 (BDIA)

The Uniform Commercial Code (UCC)

The FCC Open Internet Rules

The Prioritizing Resources and Organization for Intellectual Property Act of 2008

The Jumpstart Our Business Startups Act (Title III – Crowdfunding)

Electronic Signatures in Global and National Commerce Act

California Electronic Communications Privacy Act

California Invasion of Privacy Act (CIPA)

California Financial Information Privacy Act

Anticybersquatting Consumer Protection Act

Illinois Biometric Information Privacy Act

The Video Privacy Protection Act of 1988 (18 U.S.C. § 2710) (‘VPPA’)

Virginia Consumer Data Protection Act (CDPA)

Colorado Privacy Act (CPA)


CANADA

PIPEDA – The Personal Information Protection and Electronic Documents Act


CHINA

CHINA – Personal Information Protection Law of the People’s Republic of China

CHINA – Data Security Law of the People’s Republic of China


TURKISH LAW

TURKEY – The Turkish Internet Law: Full Translation of the Law no. 5651

TURKEY – The Turkish Data Protection Law

TURKEY – Turkish Electronic Signature Law

TURKEY – Presidential Circular – Information and Communication Security


REGULATORY BODIES

Data Protection

EDPB – European Data Protection Board

EDPS – European Data Protection Supervisor

Ireland – Data Protection Commission

United Kingdom – The Information Commissioner’s Office (ICO)

Datatilsynet – Norwegian Data Protection Authority

PDPC – Singapore Personal Data Protection Commission

CNIL – Commission nationale de l’informatique et des libertés

Italy – The Italian Data Protection Authority (Garante per la protezione dei dati personali)

Netherlands – the Dutch Data Protection Authority (Dutch DPA)

Romania – The National Supervisory Authority For Personal Data Processing

Greece – The Hellenic Data Protection Authority

Canada – Office of the Privacy Commissioner of Canada