Skip to content
World Watch/Papua New Guinea/Data & Privacy

Data & Privacy ยท Papua New Guinea

Data protection & privacy law in Papua New Guinea (2026)

ProposedNational Data Governance & Data Protection Policy 2024 (DICT) โ€” finalised policy awaiting translation into legislation; no comprehensive Data Protection Act yet in force. Existing protections rest on Constitution s.49 (right to privacy) and the Cybercrime Code Act 2016 (No. 35 of 2016).Country index 51 ยท C

Papua New Guinea shaded by its data & privacy status

Data protection in Papua New Guinea: proposed, under National Data Governance & Data Protection Policy 2024 (DICT) โ€” finalised policy awaiting translation into legislation; no comprehensive Data Protection Act yet in force. Existing protections rest on Constitution s.49 (right to privacy) and the Cybercrime Code Act 2016 (No. 35 of 2016)..

Papua New Guinea has no comprehensive personal data protection law in force as of mid-2026. The Department of Information and Communications Technology (DICT) finalised a National Data Governance & Data Protection Policy in 2024 and is preparing implementing legislation that would create a Data Protection Commission and GDPR-style obligations; in the meantime privacy is grounded in s.49 of the Constitution, the Cybercrime Code Act 2016, and sectoral rules (telecoms via NICTA, banking via the Bank of PNG).

Key points

No comprehensive PDP law yet

PNG lacks an enacted, GDPR-style personal data protection statute. The 2024 National Data Governance & Data Protection Policy was finalised by DICT and progressed for ministerial/cabinet endorsement, but it is a policy instrument, not legislation โ€” the implementing Act remains pending.

Constitutional right to privacy

Section 49 of the Constitution of the Independent State of Papua New Guinea guarantees a qualified right to privacy of person, property, communications and family life, subject to laws reasonably justifiable in a democratic society.

Cybercrime Code Act 2016

Act No. 35 of 2016 criminalises unauthorised access, interception of data, identity theft and computer-related fraud, providing the main statutory protections for the integrity and confidentiality of personal data in the interim.

Lead agency / future supervisory authority

DICT is the policy lead for data governance and protection; the National ICT Authority (NICTA) regulates telecoms-sector data and content. The 2024 policy contemplates a dedicated Data Protection Commission/Office to enforce the future Act, but no independent data-protection authority is yet operational.

Sectoral rules in lieu of general law

Confidentiality and data-handling obligations are dispersed across sectoral instruments โ€” e.g. the National Information and Communications Technology Act 2009 (telecoms), the Banks and Financial Institutions Act 2000 and Bank of PNG prudential standards, and the Cybercrime Code Act 2016 โ€” rather than a unified personal-data regime.

Digital ID & SIM reforms driving privacy build-out

PNG's Cabinet (NEC) endorsed the National Digital Identity Policy 2025; the SevisPass digital ID and SevisDEx data-exchange platform are scheduled for 2026 rollout, with associated privacy/cyber-security regulations cited by DICT as the trigger for finalising the data-protection legal framework.

Papua New Guinea - other topics

Data & Privacy in other countries

Last verified 6/28/2026 ยท Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite ยท Explore the full world map โ†’