Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


III. Criteria

We judged each country along the following criteria:

Constitutional protection

  • Does a constitution exist and does it, even within the shadows of other rights, protect privacy?
  • Does the constitutional court have jurisprudence on privacy protection, and if so, is it a strong history of protection?
  • If a country is part of the council of Europe, the European convention on human rights plays an essential role.

Statutory protection

  • Are there laws protecting the right to privacy against governments and companies?
  • Are there sectoral laws, e.g. medical privacy, workplace privacy, financial privacy?
  • Are these laws useful in pursuing action?

Privacy enforcement

  • Is there a regulatory body with sufficient powers to investigate privacy infractions? ÊCan this regulator act proactively?
  • Does this regulatory act in an effective way? Have cases been taken through the administrative and legal systems?

Identity cards and biometrics

  • Is there a national identity card, and does it involve biometrics?
  • Is biometrics widespread? ÊAre they implemented in privacy protecting ways or in surveillance-enhancing ways, e.g. Central databases?
  • Is there adequate debate about the nature of biometrics or is there a blind faith in the technology and an imperative based on international obligations?


  • Are there laws protecting against use of information for secondary purposes? Ê
  • Has the government initiated plans for sharing personal information between government agencies?
  • Are companies required to hand information over to government?

Visual surveillance

  • To what extent are there CCTV installations in the public and private sectors?
  • Are these regulated?
  • What is the nature of the policy debate, if any?

Communication interception

  • Are there adequate laws protecting against abuse?
  • When can police intercept? E.g. 'Reasonable cause', 'probable cause', etc.
  • What type of investigations can involve interception? e.g. cases where there the crime is punishable by 4 years in prison, 2 years in prison, all crimes, proscribed crimes,
  • Do security services have oversight?
  • Who authorises? A judge? A minister? ['judicial warrants' does not mean the same in all countries, where sometimes judges have investigatory powers, though the survey does attempt to note this]
  • Are telecommunications service providers required to create 'intercept capability'?

Workplace monitoring

  • Are there laws protecting against abuse?
  • Are there legal cases and legal avenues?
  • Are there guidelines?

Government access to data

  • Warrant regimes, e.g. Governments entering homes without warrants
  • How do law enforcement agencies gain access to data on databases in the private sector?
  • What powers do various agencies have to gain access to files, e.g. Tax inspectors

Communications data retention

  • Is there a law requiring retention of telecommunications traffic data? If so, for how long?
  • Has there been any consideration of the different types of information and how retention periods may have to differ?

Surveillance of medical, financial and movement

  • This type of data is usually considered sensitive but not always adequately protected
  • This is a broad issue but we are receiving increasing amounts of information about medical privacy issues (e.g. Databases of medical records), location tracking with RFID (e.g. road user charging), and financial monitoring (e.g. Anti-money laundering laws requiring reporting to the police of suspicious transactions)

Border and trans-border issues

  • Border surveillance developments have resulted in some countries reaching for measures that are ill-considered and disproportionate
  • Is a country implementing unnecessary biometrics at borders, e.g. fingerprints in passports?
  • International co-operation in law enforcement and surveillance and sharing of data with other governments


  • Has government signed on to bad international treaties? E.g. Council of Europe Cybercrime convention, treaty of Prum, etc. (in particular, the leaders of the Prum initiative were Germany, Austria, Belgium, Spain, France, Luxembourg and the Netherlands)
  • Some countries because of their privacy commissioners are actually ambassadors of privacy but unfortunately this is rarely sufficient to counter-act bad government policies at the international level

Democratic safeguards

  • Have parliaments and courts taken measures to counteract over-reaching by the executive?
  • Are there free expression, open government laws, protections for journalists, lawyers, etc.