Law: Act No. 1.165 on the Protection of Personal Data (23 December 1993) ('the Act')

Regulator: Monegasque data protection authority ('CCIN')

Summary: Monaco passed its first general data protection law, the Act, in 1993. Since then, the Act has been revised several times, most notably in 2008 to grant the CCIN the status of an independent authority, and in 2015, to create a constitutionally compliant legal framework for the CCIN's investigatory powers. In consideration of the importance of the finance sector (which is officially classified as a 'sector of vital importance' in Monaco), the CCIN works closely with local professional associations such as the Monaco Association for Financial Activities and has issued several recommendations for financial entities on issues such as anti-money laundering and tax transparency obligations.

Notably, on 28 January 2022, the CCIN stated that a bill relating to the protection of personal data (only available in French here), which is intended to replace the Act, was submitted to the Monaco Office of the National Council. In particular, the bill consists of 114 Articles replacing the 26 Articles present in the law and aims to integrate into domestic law international standards resulting from Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data ('Convention 108+') of the Council of Europe and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').