ACCORDING to Codamail, the Privacy Law Directory covers 21 country jurisdictions across the United States, the European Union, and international partners as of February 2026.
The directory examines not only data protection legislation but also surveillance laws, intelligence agencies, data broker contracts, Internet exchange point taps, surveillance company contracts, mutual legal assistance treaties (MLATs), data sharing agreements, data retention laws, encryption laws, child protection laws, oversight boards, and enforcement actions, recognising that understanding privacy requires seeing the full picture.
It is organised around the intelligence alliance framework that shapes modern signals intelligence cooperation: the Five Eyes, the Nine Eyes, and the Fourteen Eyes, which determine how intercepted communications and personal data flow between governments. A recurring finding is that privacy laws primarily protect a country’s own citizens and residents, with exemptions permitting intelligence agencies to collect foreign communications with fewer restrictions than domestic targets.
Beyond government surveillance, data collection by commercial actors operates largely outside these laws, with data brokers assembling profiles from public records, app SDKs, advertising exchanges and social media.