Skip to main content
NOPE
In Effect Law Data Protection Context Relevance

Tunisia Organic Law 2004-63

Organic Law 2004-63 on the Protection of Personal Data

Tunisia's data protection law requiring prior authorization for personal data processing and restricting cross-border transfers.

Jurisdiction

Tunisia

TN

Enacted

Jul 27, 2004

Effective

Jul 27, 2004

Enforcement

Instance Nationale de Protection des Données Personnelles (INPDP)

Who Must Comply

This law applies to:

  • Data controllers and processors in Tunisia
  • Entities processing data of Tunisian residents
  • Cross-border data transfers from Tunisia

Capability triggers:

dataProcessing (required)
Required Increases applicability

Who bears obligations:

Data Controller

Safety Provisions

  • Prior authorization required for processing personal data
  • Cross-border transfer restrictions
  • Security measures required
  • Right to access and correction
  • Data controller registration

Enforcement

Enforced by

Instance Nationale de Protection des Données Personnelles (INPDP)

Penalties

criminal liability

Criminal liability

Fines and imprisonment for violations

Quick Facts

Binding
Yes
Mental Health Focus
No
Child Safety Focus
No
Algorithmic Scope
No

Why It Matters

Tunisia's prior authorization requirement creates operational friction for new AI chatbot deployments serving Tunisian users.

Cite This

APA

Tunisia. (2004). Organic Law 2004-63 on the Protection of Personal Data. Retrieved from https://nope.net/regs/tn-organic-law-2004

BibTeX

@misc{tn_organic_law_2004,
  title = {Organic Law 2004-63 on the Protection of Personal Data},
  author = {Tunisia},
  year = {2004},
  url = {https://nope.net/regs/tn-organic-law-2004}
}

Related Regulations

In Effect ZM Data Protection

Zambia DPA

Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.

In Effect BW Data Protection

Botswana DPA

Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.

In Effect SC Data Protection

Seychelles DPA

Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.

In Effect RW AI Safety

Rwanda AI Policy

First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.

In Effect INTL Child Protection

UNICEF AI for Children

Most specific international guidance on children and AI. Ten requirements for child-centered AI including development/wellbeing support, data/privacy protection, and safety.

In Effect NP AI Safety

Nepal AI Policy

Nepal national AI policy establishing governance framework and development priorities. Creates AI Governance Council (chaired by Minister for Communications and IT), AI Regulation Council, National AI Centre, and AI Regulatory Authority. Six pillars including ethics, human resource development, and sectoral application.

Back to all regulations Check if this applies to you