Privacy Law at Namibia
Nepal has established a foundational legal framework for data protection and privacy through the Privacy Act, 2075 (2018), also known as the Individual Privacy Act. This Act, along with subsequent regulations, outlines individuals' rights to privacy and sets forth provisions for the collection, processing, and protection of personal data.
📜 Key Provisions of Nepal’s Privacy Law
1. Definition of Personal Information the Act defines personal information to include
- Demographic details such as caste, ethnicity, religion, gender, and marital status - Contact information like address, telephone number, and email - Identification details including passport, citizenship, and voter ID numbers - Biometric data such as fingerprints and retina scans - Criminal history and professional opinions This definition is narrower compared to international standards like the GDPR
2. Rights of Individuals the Act grants individuals the right to
- Maintain confidentiality of personal data - Keep personal documents and communications private - Protect their physical and mental health information - Ensure privacy within their residence and property These rights are considered fundamental under Nepal's Constitution
3. Prohibited Activities the Act criminalizes
- Unauthorized recording or listening to private conversations - Unauthorized entry into another person's residence - Unauthorized collection or disclosure of personal information - Making deceitful telephone calls or sending messages with dishonest intent Violations can result in imprisonment for up to three years, fines up to NPR 30,000, or both
4. Enforcement and Penalties the Act allows for both criminal and civil enforcement
- Criminal penalties include imprisonment and fines - Individuals harmed by privacy violations can seek compensation through legal proceedings However, the Act lacks provisions for a dedicated regulatory authority to oversee enforcement
⚠️ Limitations and Areas for Improvement
Lack of Regulatory Authority: The absence of a dedicated data protection authority hampers effective enforcement and oversight
Limited Scope: The Act does not comprehensively address issues like data retention, cross-border data transfers, and the rights to data access, correction, and deletion
Extraterritorial Applicability: The Act does not explicitly apply to foreign entities processing the personal data of Nepali citizens
🛡️ Recommendations for Strengthening Data Protection
To enhance data protection in Nepal, the following measures are recommended:
Establish a Data Protection Authority Create an independent body to oversee compliance and enforcement of data protection law.
Broaden the Scope of the Act Include comprehensive provisions addressing data retention, cross-border data transfers, and individual rights to access, correction, and deletion of personal dat.
Ensure Extraterritorial Applicability Extend the Act's jurisdiction to cover foreign entities processing the personal data of Nepali citizen.
Raise Public Awareness Implement educational programs to inform individuals and organizations about data protection rights and responsibilities. By addressing these areas, Nepal can strengthen its data protection framework and better safeguard the privacy rights of its citizen.
RELATED Blog
0 comments