Data Protection in Laos

Definitions in Laos

Definition of Personal Data

Article 3, Section 12 of the Law on Electronic Data Protection defines “personal data” to mean electronic data of an individual, legal entity, or organization.

Definition of Sensitive Personal Data

The Law on Electronic Data Protection aims to protect any type of electronic data. The law categorizes electronic data roughly into three types: (i) general data, (ii) sensitive data (a literal translation would be “specific data”), and (iii) prohibited data. Depending on its nature, personal data may fall under one of these three categories. Accordingly, there is no “sensitive personal data” so to speak. Given this, personal data may fall under the category of sensitive data.

Sensitive data is information “that an individual, legal entity, or organization cannot access, use, or disclose if [they] have not received consent from the Information Owner, or the relevant organization” (Article 10).

A list of examples of sensitive data is provided in the Instructions on the Implementation of the Law on Electronic Data (2018), which includes “information on customers, financial information, CV, history of medical treatment, race, religion, project plan, budget plan, official secret, etc.” (Section 3). The list is not exhaustive, and there is no official guidance to anticipate what other data may be considered sensitive data apart from these examples.

Back to top