Algeria: Law no. 25-11 on data protection, including cross-border data transfer regulation entered into force

On 24 July 2025, Law no. 25-11 on data protection, including cross-border data transfer regulation entered into force. The Law establishes conditions under which personal data may be transferred to foreign countries or international organisations, requiring that such transfers only occur when the receiving country or organisation provides adequate safeguards for data protection, including compliance with human rights and fundamental freedoms. Transfers are permitted when necessary for crime prevention, criminal investigations, prosecution, or enforcement of penalties, when authorised by a competent authority for specified legal purposes, or when considering the severity of the offense, the level of data protection, and the capacity of the receiving country to enforce protective rules. In cases where adequate safeguards are lacking, the competent authority may permit transfer only when necessary to protect vital interests, legitimate interests, or security needs of individuals or the state, provided that the receiving authority is notified and the transfer duration is limited to what is necessary for the stated purpose.