Adello new logo white-blue
Request Demo

The Data Privacy Regulations around the World

The Data Privacy Regulations around the World

The Internet advertising market is a rapidly growing and developing sector. According to the EMarket, the advertising market has grown more than 100 times during the last 20 years, and it will reach $105.28 billion by 2025.

However, several factors can negatively affect its growth. One of them is privacy regulations, which created big discussions in the marketing world. Indeed, people are becoming more and more concerned about their privacy on the Internet. In solidarity with its citizens, governments around the world implement privacy regulations on the Internet.

Advertisers’ point of view

It may seem that the data regulation would be a reasonable decision that can make people’s lives more convenient. However, not for the advertisers.

Data play a significant role in the advertisement field. By collecting and analyzing the data and thus deriving and observing consumer behavior, advertisers can better understand the demand in the marketers, target relevant audiences in the right place and time. Today, data collection and retargeting will be limited due to the data regulation laws.

Privacy regulations in different countries

Data privacy regulations have, in a nutshell, the common goal: to protect the privacy of Internet users. However, there are still differences in each country.


The US data protection landscape is a patchwork from different laws and regulations, which vary from one state to another. The California Consumer Privacy Act (CCPA) is a state law designed to enhance privacy rights and consumer protection for residents of California, United States.

This regulation provides California residents with the right to know what personal data is being collected about them, shared, sold, or disclosed, and to whom. Moreover, it allows accessing personal data and restricting their sale.


The General Data Protection Regulation (GDPR), regulation of the European Union, strengthens and unifies personal data protection across the European Union. Legality, fairness and transparency, purpose limitation, data minimization, accuracy, and accountability are the key principles of the GDPR. It is essential to understand that GDPR differentiates and applies to those who process the data and those who collect it. Unlike in the US, the law encompasses all EU states and provides all internet users located in the EU control over their personal data.


Switzerland’s Data Protection Act “Datenschutzgesetz” (DSG) is quite similar to GDPR in Europe. Same as European data restriction, the regulations were revised in 2020 and will come into effect already next year.  The main principles of collecting and transferring data remained the same. However, the personal data of legal entities will be no longer protected under Switzerland’s Data Protection Act SG. Credit agencies would have to erase any data after ten years in case the individual will demand it.

The difference from the GDPR is additional regulations, such as breach notification requirements, the right to data portability, and requirements for regular data protection impact assessments.


In 2020 the Canadian government presented Digital Charter Implementation Act, also known as Bill C-11. The bill repeals parts of the Personal Information Protection and Electronic Documents Act and replaces them with new data regulations for commercial activity in Canada.

The regulations are similar to GDPR. However, the Canadian government implemented higher fines, reaching up to 5% (unlike 4% in Europe) of global income.

Data Privacy
Photo by guvendemir from Getty Images Signature


The Privacy Amendment to Australia’s Privacy Act came into effect earlier than in other English-speaking countries, in February 2018. Organizations with an income higher than 3 million AUD would have to disclose personal data breaches that can be considered as “harmful” within 30 days of their discovery.

Another feature of the Australian data regulation is higher fines, which reach 1.8 million Australian dollars (1.3 million USD)  for the law breach.

New Zealand

In December 2020, New Zealand implemented the new data protection regulation repealing the previous bill of data regulation in 1993.

There are several similarities between the New Zealand regulations and GDPR. Same as in Europe and Australia, the organizations have to notify authorities and affected parties in case of data breaches. However, the fines are much lower than in the EU and constitute just 10,000 NZD (about 7,000 USD). Moreover, there are missing key provisions that are in GDPR, such as the “right to be forgotten” and the right to data portability.


In 2020 China introduced the draft of the data protection bill. Personal Data Protection Law  (PDPL) has an aim to “protect the rights and interests of individuals,” “regulate personal information processing activities,” and “facilitate reasonable use of personal information”.

In combination with China’s Cybersecurity Law (CSL) and the Data Security Law of the People’s Republic of China (DSL), the new regulation will provide a comprehensive system for protecting personal data in China. After the bill passed in August, the businesses in China, independently of physical presence in the country, have to comply or pay the fines of up to 50,000,000 CNY (7 million USD) or 5% of global annual income.


The data protection regulation of Thailand was approved in February 2019 and was supposed to come into effect on May 28, 2019. However, the grace period has been extended for another year for key provisions and industries.

Speaking about similarities with GDPR, it’s important to mention the broad definition of personal data, extraterritorial applicability, the requirement to establish a legal basis for collecting and personal data usage, and potentially harsh penalties for non-compliance.

The fines, however, are more complicated than in Europe. The penalties cannot be higher than 5 million THB (approximately 152,000 USD). Nevertheless, under certain conditions, the punishment can even include imprisonment for up to one year.

South Africa

South Africa’s Protection of Personal Information Act (POPIA) was implemented in July 2020.

In some cases, POPIA is stricter than GDPR. GDPR has certain exceptions for small and medium-sized businesses, for example, the requirements for having a dedicated Data Protection Officer and record-keeping. Meanwhile, POPIA regulations apply to all companies regardless of size. However, in some cases, South Africa’s regulation doesn’t require governing data portability, unlike in the EU. Due to their similarities, companies that are already GDPR compliant will certainly have a head start in becoming compliant with POPIA.

Apple’s and Google’s solutions

Different big companies have already developed their solution regarding personal data processing. For instance, Apple released Intelligent Tracking Prevention (ITP). Improving the privacy of Safari browser is the main purpose of ITP. The last version allows clearing the storage one week after website visitation automatically. Meanwhile, the cookies will be deleted after 24 hours.

For the in-app data privacy protection, Apple released Apple’s App Tracking (AAP). AAP allows users to block personal data transferring to advertising companies.

Last year Google declared, that they are planning to refuse cookies already in 2022. Moreover, Google is developing its own personal data transferring solution. Google Privacy Sandbox, which will be released in 2023, will allow taking aggregated data from users.

The Future

The recent privacy regulation laws significantly impacted the advertisement industry. Those companies that were using third-party cookies were negatively influenced the most.

According to HubSpot, 41% of marketers see the inability to track the users’ data as a serious challenge. At the same time, 44% of advertisers expect to increase their spendings up to 25% to keep the same performance as in 2021. In fact, it can be hard for some companies to adapt to the new rules.

Nevertheless, there is a solution. Back in 2008, Adello built its programmatic tech stack relying purely on cookieless technologies and advancing it with the strict GDPR regulations in mind.

Using advertising IDs, you can target mobile devices based on options like age, gender, interests, and geolocation. And again, yes, without cookies and respecting people’s privacy. Reach out, for example, to American tourists in Zurich, automotive enthusiasts in Geneva, or people between 18 and 34 in Bern, and promote your brand. Combining various targeting options, you can reach out to a unique audience with “similar” interests.

Why use mobile advertising? Because the percentage of mobile device website traffic worldwide is huge and increased by 23% in the last seven years. In 2021, mobile devices generated 54.25% of the traffic, meanwhile, desktops achieved just 42.9%. If you think about it, every day you see people in public transportation, restaurants, airports looking at their smartphones. Today, people are shopping, sharing photos, chatting, reading news, searching for new products “on the go” via their phones.

From the beginning Adello perfectioned its algorithms using advertiser IDs and geolocation, with data anonymization and encryption in respect of people’s privacy, thus creating the future of the industry!

Do you want to have more information about us and our mobile marketing solution? Contact us, to learn how you can boost your business 😊

Leave a Reply

Request Demo
Copyright 2008 - 2023 © Adello