Data protection & privacy laws in Nauru (2026)

As of May 2026, Nauru has no omnibus data-protection or privacy statute. UNCTAD's global tracker classifies Nauru among jurisdictions without dedicated data-protection legislation.

The Communications and Broadcasting Act 2018, which established the Nauru Communications Authority, includes provisions requiring confidentiality of subscribers' information and communications, providing limited sectoral data-protection in the telecommunications domain.

The Cybercrime Act 2015 criminalises unauthorised access to protected systems, illegal interception of electronic communications, and data interference. It does not establish data-subject rights or processing obligations but indirectly protects personal data by penalising its unlawful acquisition.

Nauru has no dedicated data-protection commissioner or equivalent authority. The Nauru Communications Authority has a narrow mandate limited to the telecommunications sector and does not function as a general data-protection regulator.

The government's official NNDTS 2025–2030, published on nauru.gov.nr, explicitly lists enactment of data-protection and privacy legislation, a national cybersecurity framework, and electronic-transactions law among its priority digital-trust reforms, indicating legislation is planned but not yet in force.

The Government of Nauru's ICT and Email Policy sets internal rules for handling government data and communications, incorporating principles of purpose limitation and security, but this is an administrative policy only and confers no rights on private citizens.