The factor "Deceased People" refers to the applicability of data protection laws to personal data of individuals who are no longer living. This factor is used to define the scope of data protection laws, often limiting their application to living individuals but sometimes extending protections to deceased persons for a certain period after death or in specific circumstances.

Let's examine how this factor is applied in different jurisdictions:

Kingdom of Saudi Arabia (KSA)

Personal Data Protection Law (PDPL)

Article 2(1) states:

"The Law applies to any Processing of Personal Data related to individuals that takes place in the Kingdom by any means, including the Processing of Personal Data related to individuals residing in the Kingdom by any means from any party outside the Kingdom. This includes the data of the deceased if it would lead to them or a member of their family being identified specifically."

Key points:

• The law extends protection to deceased individuals' data
• Protection applies if the data could lead to identification of the deceased or their family members
• No time limit is specified for this protection

Singapore

Personal Data Protection Act 2012 (PDPA)

Article 4(4b) provides:

"This Act does not apply in respect of — (b) personal data about a deceased individual, except that the provisions relating to the disclosure of personal data and section 24 (protection of personal data) apply in respect of personal data about an individual who has been dead for 10 years or less."

Key points:

• Generally, the Act does not apply to deceased individuals' data
• Limited protection for 10 years after death
• Protection only covers disclosure and security of personal data

European Union

General Data Protection Regulation (GDPR)

Recital 27 states:

"This Regulation does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased persons."

Key points:

• GDPR does not apply to deceased persons' data
• Member States have discretion to implement their own rules
• No EU-wide standardized approach to posthumous data protection

Denmark

Danish Data Protection Act

The Act extends GDPR application to deceased persons' data for 10 years following death.

Key points:

• Protection of deceased persons' data for a limited time
• Aligns with GDPR but extends its scope
• 10-year protection period after death

Portugal

Portuguese Data Protection Law

The law extends GDPR application to deceased persons' data, but only for special categories of personal data or data involving privacy, image, or communications.

Key points:

• Selective protection of deceased persons' data
• Focus on sensitive data and privacy-related information
• No specified time limit for protection