News
Data protection levels in democracies and autocracies
October 2023 by Surfshark
According to the UN, privacy is a human right¹. All countries in the European Union are subject to the General Data Protection Regulation (GDPR) — one of the most advanced data protection laws to date. Unfortunately, this is far from reality in 98% of autocratic countries, where, according to Surfshark’s Digital Quality of Life Index, data protection levels are lower than average. In this week’s chart, Surfshark evaluates countries’ data protection levels on a scale from 0 to 5 — 0 equates to no data protection laws, while 5 equates to GDPR-level data protection.
Key insights
Autocratic governments lag behind in data protection. Hungary is the only autocratic country with good data protection — this can be attributed to Hungary’s membership in the European Union (EU), which mandates compliance with the General Data Protection Regulation (GDPR).
Data protection levels tend to be superior in democratic countries, yet democracy doesn’t always guarantee high-quality data protection. The average data protection level among democratic nations is 3 points out of 5, while autocratic nations only average 1 out of 5. However, approximately fifty percent of democratic countries offer data protection levels that fall below the global average.
Some democratic countries really lag behind. Bolivia, Honduras, and Sri Lanka have no specific laws related to data privacy (the data protection level in these countries is 0). This may be because the political regimes in these countries have been fluctuating for some time. Bolivia and Honduras became democratic countries for the first time around the 90s, Sri Lanka — in the 50s, but since then, the countries have been going back and forth between democracy and autocracy.
Australia and the United States established their democracies more than 100 years ago but do not yet have adequate data privacy protection laws. Both countries have a data protection level of 2 out of 5. Even though California has implemented GDPR-like regulations in the form of the CCPA, most states do not yet have such advanced laws.
Methodology and sources
Drawing on data from Surfshark’s Digital Quality of Life Index 2023, we analyzed data protection levels in the countries included in the Index. A country’s data protection was evaluated on a scale of 0 to 5, with 0 meaning no data protection laws, and 5 meaning GDPR-level data protection. A country is considered to have a good level of protection if it is higher than the global average. Note on political regime data: in this study, we used the most up-to-date data, which slightly varies from the one used in the Digital Quality of Life Index 2023.
