Data & Privacy · Liechtenstein
Data protection & privacy laws in Liechtenstein (2026)
Liechtenstein shaded by its data & privacy status
Liechtenstein has a comprehensive, GDPR-aligned data-protection regime. As an EEA EFTA state it applies the GDPR directly (incorporated by EEA Joint Committee Decision No 154/2018, effective 20 July 2018), and its national Datenschutzgesetz (DSG) of 4 October 2018 entered into force on 1 January 2019 to complement and implement it. The independent Datenschutzstelle is the national supervisory authority.
Key points
Although not an EU member, Liechtenstein is an EEA EFTA state; the GDPR was incorporated into the EEA Agreement by Joint Committee Decision No 154/2018 (6 July 2018), making Regulation (EU) 2016/679 directly applicable.
The Datenschutzgesetz of 4 October 2018 (LR 235.1) was a total revision aligning national law with the GDPR; it entered into force on 1 January 2019 and supplements the directly applicable Regulation.
The Datenschutzstelle (DSS), based in Vaduz, is the independent national data-protection supervisory authority responsible for enforcing the GDPR and DSG.
The GDPR framework grants data subjects rights of access, rectification, erasure, portability and objection, and imposes controller/processor duties such as lawful basis, transparency, breach notification, records of processing and (where required) data protection impact assessments.
Liechtenstein's DSS participates in the European Data Protection Board, but for EEA EFTA states judicial oversight of GDPR matters runs through the EFTA Court rather than the Court of Justice of the EU.
Administrative fines follow the GDPR's two-tier maximums (up to EUR 20 million / EUR 10 million or 2-4% of global annual turnover); the DSS has been a comparatively low-activity enforcer.
Timeline - major decisions & events
The Datenschutzstelle issued its Tätigkeitsbericht 2024, documenting growing caseloads, data-breach notifications and the authority's supervisory and advisory work. It is the most recent official snapshot of how GDPR is being enforced and applied in Liechtenstein.
Datenschutzstelle Liechtenstein ↗The Datenschutzstelle alerted residents that Meta would use public Facebook/Instagram data to train its generative-AI models and explained how to object before 26 May 2025. It marked the regulator's first prominent public stance on AI training and personal data.
Datenschutzstelle Liechtenstein ↗The Datenschutzstelle released its Tätigkeitsbericht 2023, reporting on complaints handled, breach notifications and consultations. The report reflects the authority's pattern of resolving most cases informally rather than through fines.
Datenschutzstelle Liechtenstein ↗Liechtenstein's totally revised Datenschutzgesetz (DSG) and Datenschutzverordnung (DSV) took effect, supplementing the directly applicable GDPR with national rules and confirming the Datenschutzstelle as supervisory authority. This is the backbone of the framework in force today.
Datenschutzstelle Liechtenstein ↗The government issued the Datenschutzverordnung implementing detailed procedural and substantive rules under the new DSG. It operationalised the GDPR's opening clauses in domestic law.
Datenschutzstelle Liechtenstein ↗Following EEA incorporation, the GDPR entered into force for the EEA-EFTA states Liechtenstein, Iceland and Norway and became directly applicable. This extended EU-level data-protection standards and the one-stop-shop system to Liechtenstein.
EUR-Lex (EEA Joint Committee) ↗The EEA Joint Committee adopted Decision No 154/2018, amending Annex XI of the EEA Agreement to incorporate Regulation (EU) 2016/679 (GDPR). This is the legal act that brought the GDPR into the EEA legal order binding Liechtenstein.
EFTA ↗Liechtenstein adopted its first modern Datenschutzgesetz, transposing EU Directive 95/46/EC into national law via the EEA Agreement and establishing a dedicated data-protection authority. It set the template later replaced by the GDPR-era 2018 law.
WIPO Lex ↗Liechtenstein became a member of the EEA, committing it to adopt EU internal-market legislation—including, in time, EU data-protection law—through the EEA Agreement. This membership is the structural reason EU privacy rules apply in the country today.
EFTA ↗Liechtenstein - other topics
Last verified 5/23/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →