CYBERSECURITY LAWS AND REGULATIONS: GLOBAL PERSPECTIVES

This article is written by Ratnesh Tembe of 6^th Semester of PIMR, an intern under Legal Vidhiya

ABSTRACT

The rapid advancement of technology and the proliferation of cyber threats have necessitated the development of robust cybersecurity laws and regulations globally. This article provides a comprehensive analysis of the evolving landscape of cybersecurity legislation, examining key frameworks across different regions, including the United States, European Union, and Asia-Pacific. It highlights the challenges of creating cohesive international standards in the face of diverse legal, cultural, and economic contexts. The article also explores the implications of these regulations on businesses, government agencies, and individuals, emphasizing the importance of global cooperation to address cross-border cyber threats effectively. Through a comparative analysis, the article aims to identify best practices and suggest pathways for harmonizing cybersecurity laws to enhance global digital security.

Keywords

Cybersecurity laws, Global regulations, International standards, Cyber threats, Digital security, Data protection, Legal frameworks, Cross-border cooperation, Compliance challenges, Cybercrime legislation, Privacy regulations, Global perspectives, Information security, Cyber policy.

INTRODUCTION

In an era where digital transformation is reshaping industries and societies, the protection of data and critical infrastructure from cyber threats has become a paramount concern. Cybersecurity incidents, ranging from data breaches to ransomware attacks, have escalated in frequency and sophistication, underscoring the vulnerabilities inherent in our interconnected world. Governments, businesses, and individuals are increasingly recognizing the need for robust cybersecurity measures to safeguard sensitive information, protect privacy, and ensure the continuity of essential services.

The global nature of cyber threats necessitates a coordinated and comprehensive approach to cybersecurity governance. However, the legal and regulatory landscape governing cybersecurity is highly fragmented, reflecting the diverse political, economic, and cultural contexts of different regions. This fragmentation presents both challenges and opportunities as countries and regions strive to develop and implement effective cybersecurity frameworks.

The following piece of work aims to provide a comprehensive analysis of cybersecurity laws and regulations from a global perspective. It will explore the various approaches adopted by different countries and regions, highlighting key legislative instruments, regulatory bodies, and enforcement mechanisms. This research article will also examine the challenges of harmonizing cybersecurity laws across borders, particularly in the context of cross-jurisdictional cybercrime and international data flows. By comparing and contrasting different regulatory approaches, this article seeks to identify best practices and emerging trends in cybersecurity governance. Additionally, it will consider the implications of these regulations for businesses operating in multiple jurisdictions and the broader impact on global cybersecurity resilience.

Ultimately, this research underscores the importance of international cooperation and dialogue in addressing the complex and evolving landscape of cybersecurity threats. As cyber risks continue to evolve, so too must the legal frameworks designed to mitigate them, ensuring that they are both effective and adaptable to the changing dynamics of the digital age.

OBJECTIVE

This article provides a global perspective on cybersecurity laws and regulations, examining the key legal frameworks in major regions such as the United States, European Union, and Asia-Pacific. It explores the complexities of creating cohesive international standards in the face of diverse legal systems and highlights the importance of harmonizing cybersecurity policies to enhance global digital security. By analyzing the strengths and weaknesses of various approaches, this article aims to offer insights into the evolving landscape of cybersecurity legislation and the path forward for achieving a safer digital world.

LITERATURE REVIEW

Overview of Cybersecurity Legislation[1]

Cybersecurity legislation has developed in response to the rising frequency and sophistication of cyber threats. Initial efforts were often reactive, spurred by high-profile cyber incidents that exposed significant vulnerabilities in both public and private sectors. Scholars such as Shackelford (2012) and Johnson (2015)[2] note that early cybersecurity laws were often fragmented, focusing on specific sectors or issues like data protection, cybercrime, or critical infrastructure, without a comprehensive, cohesive framework.

In recent years, there has been a shift towards more integrated and comprehensive cybersecurity regulations. These laws now address a broad spectrum of issues, from data protection and privacy to critical infrastructure security and incident reporting. This shift is documented by authors like Hoffman (2017) and Tsagourias (2018)[3], who emphasize the increasing recognition of cybersecurity as a key component of national security and economic stability.

Challenges in Cybersecurity Law Harmonization

The harmonization of cybersecurity laws across different jurisdictions is a significant challenge, as highlighted by several scholars. Differences in legal systems, cultural attitudes towards privacy and government control, and varying levels of technological development complicate efforts to create unified global standards (DeNardis, 2014)[4]. The lack of harmonization can lead to regulatory fragmentation, where businesses operating across borders face complex and sometimes conflicting legal requirements (Mueller & Kuehn, 2013)[5].

Moreover, the geopolitical context cannot be ignored. Countries often view cybersecurity through the lens of national security, leading to approaches that prioritize state sovereignty over international cooperation (Segal, 2018)[6]. This has led to the emergence of regional blocs with distinct cybersecurity philosophies, such as the U.S. focus on public-private partnerships and market-driven solutions, the EU’s emphasis on privacy and data protection, and China’s state-centric approach.

Emerging Trends and Future Directions[7]

As cybersecurity threats continue to evolve, so too must the legal and regulatory frameworks designed to address them. Emerging trends in cybersecurity legislation include the increasing focus on supply chain security, particularly in light of concerns about foreign influence and dependency on critical technologies (Lewis, 2020)[8]. Additionally, there is growing attention to the cybersecurity implications of emerging technologies like artificial intelligence, 5G networks, and the Internet of Things (IoT) (Calo, 2017).[9]

There is also a trend towards greater international cooperation, as recognized by authors like Nye (2020)[10], who argue that addressing the global nature of cyber threats requires coordinated responses at the international level. Initiatives like the Paris Call for Trust and Security in Cyberspace[11], launched in 2018, represent efforts to build consensus around key principles for cybersecurity governance, although their effectiveness remains to be seen.

The literature on cybersecurity laws and regulations highlights a dynamic and rapidly evolving field, shaped by the ongoing arms race between cyber threats and the legal frameworks designed so as to counter them. While significant progress has been made in developing comprehensive cybersecurity laws in key regions, challenges remain in achieving global harmonization and addressing the complex interplay between security, privacy, and economic interests. Future research will need to focus on these emerging challenges and explore innovative solutions to enhance global digital security in an increasingly interconnected world.

This literature review provides a foundation for understanding the current state of cybersecurity legislation and identifies key areas for further research and analysis.

CYBERSECURITY LAWS & REGULATIONS

The comparative analysis of cybersecurity laws across the United States, European Union, and Asia-Pacific reveals a landscape marked by diversity and complexity. This discussion explores the key themes that emerge from this analysis, including the challenges of global harmonization, the balance between security and privacy, and the impact of these laws on businesses and governments. Additionally, it considers the future trajectory of cybersecurity legislation in a rapidly evolving digital world.

The Challenges of Global Harmonization[12]

One of the most pressing issues in the realm of cybersecurity law is the lack of global harmonization. As cyber threats are inherently transnational, impacting multiple jurisdictions simultaneously, there is a clear need for coordinated global responses. However, achieving harmonization is complicated by the varying legal, cultural, and political contexts of different regions.

For instance, the United States’ sector-specific and decentralized approach contrasts sharply with the European Union’s more unified and comprehensive framework. In the Asia-Pacific, the diversity in approaches, ranging from China’s state-centric model to Japan’s collaborative strategy, further complicates efforts to establish common standards.

The absence of global harmonization leads to several challenges. For multinational businesses, it creates a complex web of regulatory requirements that can be difficult and costly to navigate. Compliance with one region’s laws may not satisfy another’s, leading to increased operational risks and potential legal liabilities. Additionally, the lack of standardized cybersecurity measures across borders makes it harder to coordinate international efforts to combat cybercrime, as differing laws and enforcement mechanisms can hinder collaboration between nations.

International organizations and multi-stakeholder initiatives, such as the Paris Call for Trust and Security in Cyberspace, have made efforts to foster global cooperation on cybersecurity issues. However, these initiatives often face limitations due to the divergent priorities and interests of participating countries. The challenge moving forward will be to find common ground that respects national sovereignty while establishing minimum global standards that enhance collective security.

Balancing Security and Privacy

The balance between security and privacy is a central concern in cybersecurity legislation. Different regions have prioritized these elements differently, reflecting broader societal values and political considerations.

The European Union’s General Data Protection Regulation (GDPR)[13] is often cited as a model for balancing security and privacy. By setting stringent standards for data protection, GDPR ensures that individuals’ privacy rights are safeguarded even as organizations implement robust cybersecurity measures. This approach has been influential globally, prompting other regions to consider similar protections.

In contrast, the United States often prioritizes security, particularly in the context of national defense and critical infrastructure protection. Laws like the Cybersecurity Information Sharing Act (CISA)[14] emphasize the importance of sharing threat intelligence between the private sector and government to enhance collective security. However, this focus on security has sometimes led to concerns about potential infringements on privacy, particularly in the absence of comprehensive federal data protection legislation akin to GDPR.

China’s approach[15] further shifts the balance towards state control, with its cybersecurity laws granting the government broad powers to monitor and regulate online activities. While this model is effective in enforcing state security, it raises significant concerns about privacy, censorship, and human rights.

The ongoing challenge for policymakers is to craft laws that strike the right balance between these competing priorities. As cyber threats continue to evolve, the pressure to enhance security measures will grow, but it is crucial that these efforts do not come at the expense of fundamental privacy rights. Finding this equilibrium will be key to ensuring that cybersecurity laws are both effective and ethically sound.

Impact on Businesses and Governments

The varying cybersecurity laws across different regions have significant implications for both businesses and governments. For businesses, particularly those operating across multiple jurisdictions, the complexity of complying with different regulatory frameworks can be a major burden. This is particularly true in industries that are heavily regulated, such as finance and healthcare, where compliance with cybersecurity laws is not just a legal requirement but also a crucial component of operational risk management.

In the United States, the sector-specific approach to cybersecurity regulation means that businesses must navigate a patchwork of laws, each with its own set of requirements. This can lead to significant compliance costs, particularly for smaller companies that may lack the resources to keep up with the evolving regulatory landscape. Moreover, the lack of a comprehensive federal framework means that businesses must also contend with state-level regulations, which can vary widely.

The Future of Cybersecurity Legislation

As cyber threats continue to evolve, so too must the laws designed to protect against them. The future of cybersecurity legislation is likely to be shaped by several key trends.

First, there will be a growing focus on the cybersecurity implications of emerging technologies. Artificial intelligence, 5G networks, and the Internet of Things are all areas where new regulatory frameworks will be needed to address the unique security challenges these technologies pose.

Second, supply chain security will become an increasingly important area of focus. The global nature of supply chains means that vulnerabilities in one part of the world can have far-reaching implications, making it essential for governments and businesses to ensure that cybersecurity is a priority at every stage of the supply chain.

Finally, international cooperation will be critical in addressing the global nature of cyber threats. While achieving global harmonization of cybersecurity laws may be challenging, there is a growing recognition that coordinated international efforts are essential to effectively combat cybercrime and protect critical infrastructure.

COMPARATIVE ANALYSIS OF CYBERSECURITY LAWS

The global landscape of cybersecurity laws is marked by significant diversity, reflecting the unique legal, cultural, and political contexts of different regions. This comparative analysis examines the cybersecurity frameworks of the United States, European Union, and Asia-Pacific, highlighting their distinct approaches and the implications for international harmonization.

United States

The United States has developed a multifaceted and decentralized approach to cybersecurity legislation, characterized by a combination of federal and state-level laws. The U.S. approach is often described as sector-specific, with regulations targeting different industries based on their particular cybersecurity needs.

Key Legislation

• The Computer Fraud and Abuse Act (CFAA)[16] , enacted in 1986, is one of the cornerstone federal laws addressing cybercrime. It criminalizes unauthorized access to computer systems and has been widely used to prosecute cyber offenses. However, it has faced criticism for being outdated and overly broad, leading to calls for reform.
• The Cybersecurity Information Sharing Act (CISA) of 2015 promotes information sharing between the government and private sector to enhance collective defense against cyber threats. CISA aims to facilitate the exchange of threat intelligence, although its effectiveness has been questioned due to concerns about privacy and the voluntary nature of participation.

Strengths and Weaknesses 

The U.S. approach allows for flexibility and innovation, as different sectors can adopt cybersecurity measures that best suit their specific contexts. However, this fragmented framework can lead to regulatory gaps and inconsistencies, creating challenges for businesses that operate across multiple sectors or states. Additionally, the emphasis on voluntary measures and public-private partnerships has been criticized for lacking enforcement mechanisms that ensure uniform compliance.

European Union

The European Union (EU) has taken a more centralized and comprehensive approach to cybersecurity[17], focusing on data protection, incident reporting, and the protection of critical infrastructure.

Key Legislation 

• The General Data Protection Regulation (GDPR)  implemented in 2018, is one of the most influential cybersecurity regulations globally. GDPR sets high standards for data protection and privacy, with significant penalties for non-compliance. It applies to all organizations handling the personal data of EU citizens, regardless of where the organization is based.
• The Network and Information Systems Directive (NISD)[18] establishes security requirements and incident reporting obligations for operators of essential services and digital service providers. The NISD aims to enhance the overall level of cybersecurity in the EU by ensuring that critical infrastructure operators take appropriate security measures.

Strengths and Weaknesses 

The EU’s approach is praised for its strong emphasis on privacy, individual rights, and comprehensive regulatory coverage. GDPR, in particular, has set a global benchmark for data protection, influencing legislation in other regions. However, the challenge lies in harmonizing enforcement across member states, each of which may interpret and apply EU regulations differently. Additionally, the complexity and strictness of EU regulations can impose significant compliance burdens on businesses, particularly small and medium-sized enterprises (SMEs).

Asia-Pacific

The Asia-Pacific region presents a diverse landscape of cybersecurity laws, reflecting varying levels of technological development, regulatory maturity, and political priorities. Countries such as China, Japan, and Australia have adopted distinct approaches to cybersecurity.

China

China’s Cybersecurity Law (2017)[19] is a comprehensive piece of legislation that emphasizes data localization, government oversight, and the protection of critical infrastructure. The law requires that data on Chinese citizens be stored domestically and imposes strict controls on the transfer of data outside the country.

Japan[20]

Japan’s Basic Act on Cybersecurity[21] , first enacted in 2014 and updated in 2021, establishes a framework for public-private cooperation in cybersecurity. The Act designates the National Center of Incident Readiness and Strategy for Cybersecurity (NISC)[22] as the central authority responsible for coordinating cybersecurity efforts across government agencies and critical infrastructure sectors.

Australia

Australia’s Security of Critical Infrastructure Act (SOCI Act)[23] passed in 2018 and updated in 2021, focuses on the protection of critical infrastructure through a combination of regulatory requirements and industry collaboration. The law mandates the reporting of cybersecurity incidents and imposes security obligations on operators of critical infrastructure.

RELEVANT CASE LAWS

These cases illustrate how courts and regulatory bodies have approached key issues related to cybersecurity, data protection, and cybercrime.

United States – FTC v. Wyndham Worldwide Corp. (2015)[24]

The Federal Trade Commission (FTC) brought a case against Wyndham Worldwide Corporation after three data breaches exposed the personal information of over 600,000 customers, leading to over $10 million in fraudulent charges. The FTC argued that Wyndham’s cybersecurity practices were unfair and deceptive under Section 5 of the FTC Act[25]. The Third Circuit Court of Appeals upheld the FTC’s authority to bring enforcement actions against companies for inadequate cybersecurity practices under Section 5. This case set a precedent for the FTC’s role in regulating cybersecurity and enforcing data protection standards in the U.S. The ruling reinforced the importance of maintaining reasonable cybersecurity measures and set a standard for what constitutes “unfair” business practices related to data security in the U.S.

European Union – Schrems II (Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems) (2020)[26]

This case was brought by privacy activist Max Schrems against Facebook, challenging the legality of transferring personal data from the European Union to the United States under the EU-U.S. Privacy Shield framework. The Court of Justice of the European Union (CJEU) invalidated the Privacy Shield agreement, citing concerns over U.S. government surveillance practices and their impact on EU citizens’ data privacy rights. The ruling had significant implications for transatlantic data flows and forced companies to reassess their data transfer mechanisms to ensure compliance with EU data protection laws. It also highlighted the growing importance of data protection in international trade and the legal complexities of cross-border data transfers.

India – Shreya Singhal v. Union of India (2015)[27]

This landmark case challenged the constitutionality of Section 66A of the Information Technology Act, 2000, which criminalized “offensive” online speech. Petitioners argued that the law was vague, overly broad, and infringed on the right to freedom of expression. The Supreme Court of India struck down Section 66A, ruling that it violated the constitutional right to free speech and was not a reasonable restriction under Article 19(2) of the Indian Constitution. The judgment was a significant victory for digital rights in India, reaffirming the importance of protecting free expression in cyberspace. It also set a precedent for challenging overly broad and vague cybersecurity laws that could be used to stifle legitimate online speech.

United Kingdom – R v. Andrew Skelton (2018)[28]

In this case, Morrisons, a UK supermarket chain, was held vicariously liable for the actions of an employee, Andrew Skelton, who leaked the payroll data of almost 100,000 employees. The leak was a retaliatory act against the company. The UK Court of Appeal upheld that Morrisons was vicariously liable for the data breach caused by its employee, despite the fact that the company had adequate data protection measures in place. This case emphasized the potential liability of companies for data breaches caused by their employees, even when the breach is intentional and the company has taken reasonable steps to protect data. It underscored the need for businesses to have robust internal controls and employee monitoring mechanisms in place.

China – Qihoo 360 v. Tencent (2013)[29]

This case involved a dispute between two Chinese internet giants, Qihoo 360 and Tencent, over allegations of unfair competition and abuse of market dominance in the provision of cybersecurity software and online services. The Supreme People’s Court of China ruled in favor of Tencent, stating that its conduct did not constitute abuse of market dominance and that the competition between the companies was lawful. The case highlighted the challenges of regulating competition and cybersecurity in China’s rapidly growing digital economy. It also emphasized the importance of a balanced approach in cybersecurity regulations that protect market competition while ensuring security standards.

CONCLUSION

The analysis of cybersecurity laws across the United States, European Union, and Asia-Pacific regions highlights the diverse and evolving approaches to managing cyber threats. Each region’s legal framework reflects its unique priorities, whether it’s the U.S.’s sector-specific approach, the EU’s emphasis on comprehensive data protection, or the varied strategies seen across the Asia-Pacific. While these frameworks have been successful in addressing specific challenges within their contexts, they also present significant hurdles in terms of global harmonization and consistency.

The primary challenge lies In balancing the need for robust security measures with the protection of individual privacy and the promotion of innovation. The fragmented nature of cybersecurity laws poses compliance challenges for businesses operating internationally and complicates efforts to develop coordinated global responses to cyber threats.

Looking ahead, the future of cybersecurity legislation will likely focus on addressing the risks posed by emerging technologies, enhancing supply chain security, and fostering international cooperation. Policymakers must continue to adapt to the rapidly changing digital landscape, crafting laws that are flexible, forward-looking, and capable of addressing the complex and interconnected nature of modern cyber threats.

To achieve these goals, ongoing dialogue between governments, businesses, and civil society is essential. By working together, stakeholders can develop more effective and harmonized cybersecurity frameworks that not only protect critical infrastructure and personal data but also support innovation and economic growth in the digital age.

REFERENCES

1. Bradford, A. (2020) , The Brussels Effect: How the European Union Rules the World. Oxford University Press.
2. Calo, R. (2017). Artificial Intelligence Policy: A Primer and Roadmap. U.C. Davis Law Review, 51, 399-435.
3. Cave, D. (2021). Australia’s Cybersecurity Strategy: Protecting Critical Infrastructure in an Age of Uncertainty. Australian Strategic Policy Institute.
4. Chertoff, M., & Simon, T. (2015). The Impact of Cybersecurity Information Sharing Act (CISA) on the Private Sector. Journal of National Security Law & Policy, 9(1), 57-87.
5. Creemers, R. (2018). Cyber China: Upgrading Propaganda, Public Opinion Work and Social Management for the Twenty-First Century. Journal of Contemporary China, 27(112), 85-100.
6. DeNardis, L. (2014). The Global War for Internet Governance. Yale University Press.
7. Hathaway, O. A. (2016). The Law of Cyber-Attack. California Law Review, 100(4), 817-885.
8. Hoffman, S. (2017). A Framework for Cybersecurity Law: A Legislative Approach for Managing Risk in Critical Infrastructure. Georgetown Journal of International Affairs, 18(2), 47-58.
9. Johnson, D. R. (2015). Reconceptualizing Cybersecurity Law. Michigan State Law Review, 2015(1), 1-56.
10. Kerr, O. S. (2009). Vagueness Challenges to the Computer Fraud and Abuse Act. Minnesota Law Review, 94, 1561-1586.
11. Kuner, C., Bygrave, L. A., & Docksey, C. (Eds.). (2019). The EU General Data Protection Regulation (GDPR): A Commentary. Oxford University Press.
12. Lewis, J. A. (2020). The Supply Chain and Cybersecurity: Lessons Learned from the Pandemic. Center for Strategic and International Studies.
13. Mueller, M., & Kuehn, A. (2013). Path Dependencies in Internet Regulation: A Comparative Analysis of U.S. and EU Approaches to Protecting Privacy in the Age of Big Data. Review of Policy Research, 30(5), 539-561.
14. Murata, K. (2021). Japan’s Cybersecurity Policy: Legal and Institutional Frameworks. In Global Cybersecurity Law and Policy: Comparative Analysis of Approaches, Cambridge University Press.
15. Nye, J. S. (2020). The Digital Age: Implications for Global Order and Governance. International Security, 44(4), 8-43.
16. Shackelford, S. J. (2012). Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace. Cambridge University Press.
17. Segal, A. (2018). The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age. PublicAffairs.
18. Tsagourias, N. (2018). International Law and Cyber Security: Fault Lines and New Horizons. European Journal of International Law, 29(3), 827-850.

---

[1]Cyber Security Regulations , https://www.bitsight.com/glossary/cyber-security-regulations#:~:text=Cyber%20security%20regulations%20are%20laws,cyber%20threats%20and%20data%20breaches, last visited 10.08.2024.

[2] Shackelford, S., 2020. Inside the Global Drive for Cyber Peace. Available at SSRN 3577161.

[3] Hoffman, S. (2017). A Framework for Cybersecurity Law: A Legislative Approach for Managing Risk in Critical Infrastructure. Georgetown Journal of International Affairs, 18(2), 47-58.

[4] DeNardis, L. (2014). The Global War for Internet Governance. Yale University Press.

[5] Mueller, M., & Kuehn, A. (2013). Path Dependencies in Internet Regulation: A Comparative Analysis of U.S. and EU Approaches to Protecting Privacy in the Age of Big Data. Review of Policy Research, 30(5), 539-561

[6] Segal, A. (2018). The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age. PublicAffairs.

[7] Emerging Cybersecurity Trends, https://www.researchgate.net/publication/377382368_Emerging_Trends_and_Future_Challenges_in_Cybersecurity_A_Comprehensive_Review, last visited 09.08.2024.

[8] Lewis, J. A. (2020). The Supply Chain and Cybersecurity: Lessons Learned from the Pandemic. Center for Strategic and International Studies.

[9] Calo, R. (2017). Artificial Intelligence Policy: A Primer and Roadmap. U.C. Davis Law Review, 51, 399-435.

[10] Nye, J. S. (2020). The Digital Age: Implications for Global Order and Governance. International Security, 44(4), 8-43.

[11] Paris Call for Trust and Security in Cyberspace, 2018, https://pariscall.international/en/.

[12] Global Cybersecurity Compliance, https://www.researchgate.net/publication/342898826_Global_Perspective_Cyberlaw_Regulations_and_Compliance, last visited 07.08.2024.

[13] General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, https://eur-lex.europa.eu/eli/reg/2016/679/oj.

[14] Cybersecurity Information Sharing Act (CISA), 2015, U.S.A.

[15] Creemers, R. (2018). Cyber China: Upgrading Propaganda, Public Opinion Work and Social Management for the Twenty-First Century. Journal of Contemporary China, 27(112), 85-100.

[16] Computer Fraud and Abuse Act (CFAA), 1986, U.S.A.

[17] Global Perspectives on Cybersecurity – https://dl.acm.org/doi/10.1145/3293881.3295778.

[18] Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.

[19] Cybersecurity Law of the People’s Republic of China, 2017, China.

[20] Murata, K. (2021). Japan’s Cybersecurity Policy: Legal and Institutional Frameworks. In Global Cybersecurity Law and Policy: Comparative Analysis of Approaches, Cambridge University Press.

[21] Japan’s Basic Act on Cybersecurity, 2021, Japan.

[22] NISC Japan – https://www.nisc.go.jp/eng/index.html .

[23] Australia’s Security of Critical Infrastructure Act (SOCI Act), 2021 ,  Australia.

[24] United States – FTC v. Wyndham Worldwide Corp. (2015), 799 F.3d 236 (3d Cir. 2015).

[25] The Federal Trade Commission (FTC) Act, 1914, USA.

[26] European Union – Schrems II (Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems) (2020) , CJEU Case C-311/18.

[27] Shreya Singhal v. Union of India, AIR 2015 SC 1523; Writ Petition (Criminal) No. 167 OF 2012.

[28] WM Morrisons Supermarket PLC v Various Claimants [2018] EWCA Civ 2339.

[29] Stanford Law School China Guiding Cases Project, English Guiding Case (EGC78), Apr. 7, 2017 Edition

Disclaimer: The materials provided herein are intended solely for informational purposes. Accessing or using the site or the materials does not establish an attorney-client relationship. The information presented on this site is not to be construed as legal or professional advice, and it should not be relied upon for such purposes or used as a substitute for advice from a licensed attorney in your state. Additionally, the viewpoint presented by the author is personal.