Skip to content
World Watch/Palau/Data & Privacy

Data & Privacy · Palau

Data protection & privacy law in Palau (2026)

Sectoral rulesNo comprehensive data-protection statute; privacy is addressed through sector-specific rules (Freedom of Information Act privacy provisions at 6 PNCA §§ 205-206, telecommunications confidentiality rules, banking secrecy) and the constitutional right to privacy (Palau Constitution Art. IV). No dedicated data-protection supervisory authority exists.Country index 54 · C

Palau shaded by its data & privacy status

Data protection in Palau: sectoral rules, under No comprehensive data-protection statute; privacy is addressed through sector-specific rules (Freedom of Information Act privacy provisions at 6 PNCA §§ 205-206, telecommunications confidentiality rules, banking secrecy) and the constitutional right to privacy (Palau Constitution Art. IV). No dedicated data-protection supervisory authority exists..

Palau has not enacted a comprehensive, GDPR-style personal-data protection law and has no dedicated data-protection supervisory authority. Privacy obligations are dispersed across sectoral instruments — government-records privacy provisions in the Freedom of Information Act (6 PNCA), telecommunications confidentiality, banking secrecy, and criminal provisions on non-consensual intimate imagery — while a recently Senate-passed Cybersecurity Act (SB 12-9, October 2025) focuses on cyber-infrastructure rather than personal-data rights and still requires House passage.

Key points

No comprehensive data-protection law

Palau lacks an omnibus personal-data protection statute equivalent to the EU GDPR. Analysts consistently describe the country as having regulatory gaps in data protection, with obligations arising only from scattered sectoral instruments.

Government-records privacy (FOIA)

Title 6 of the Palau National Code (Freedom of Information Act), at §§ 205-206, requires agencies holding personal information to protect it against loss, unauthorized access, modification, disclosure or misuse, and prohibits retention beyond the lawful purpose. These are public-sector rules, not private-sector data-protection rules.

Sectoral confidentiality rules

The Telecommunications Act contains confidentiality obligations for electronic communications and subscriber data, and banking legislation imposes customer-information secrecy — the principal private-sector data-handling obligations in force today are found in these sectoral licensing regimes.

No dedicated supervisory authority

Palau has not established a Data Protection Authority or Privacy Commissioner. Sector regulators (telecommunications, financial supervision) enforce their own confidentiality rules via licence conditions; there is no cross-sectoral privacy regulator or breach-notification regime of general application.

Cybersecurity Act (proposed 2025)

In October 2025 the Palau Senate unanimously passed Senate Bill No. 12-9 SD1, the Cybersecurity Act, which would create a Bureau of Cybersecurity under the Ministry of Public Infrastructure and Industries headed by a CISO. It targets critical-infrastructure security and incident response rather than establishing personal-data rights, and still requires House of Delegates approval.

Digital Residency cyber-security regulation

The Ministry of Finance issued a Cyber Security Regulation for the Palau Digital Residency Program, imposing information-security controls on that specific programme and its operators — an example of Palau's programme-specific rather than economy-wide approach to personal-data protection.

Palau - other topics

Data & Privacy in other countries

Last verified 7/1/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →