Bhutan

Summary

Bhutan has no dedicated cybercrime statute and no standalone data-protection law as of the as_of_date. Computer-related offences are addressed through the Penal Code of Bhutan (§§472-477, covering tampering with and unlawful possession of computer materials) and the Information, Communications and Media Act 2018 (ICMA), which governs ICT services, e-commerce, and online content through the Bhutan InfoComm and Media Authority (BICMA). The ICMA 2018 (replacing ICMA 2006) includes some privacy provisions (Section 386 on personal data handling and deletion, online privacy, unsolicited email, payment security) but lacks a standalone data protection law or dedicated data protection authority. BICMA is empowered to order blocking of unlawful online content. Chapter 22 of ICMA 2018 covers offences and penalties; Sections 443-444 provide search and seizure powers for cybercrime investigations. A GovTech-led review of the ICMA is underway to address cybercrime, data misuse, and social media issues. The Royal Monetary Authority (RMA) issued Guidelines on Data Privacy and Data Protection 2021 for the financial sector. Bhutan has no TDM copyright exception and no relevant case law on automated web access. The legal framework for web crawling is minimal and unclear; human review required.