The United Arab Emirates (UAE) has become a major financial hub of the world where multinational corporations are establishing their base. The large-scale digitization of the economy post-Covid-19 generated massive quantities of data which the corporations used for improving their businesses. The ability of data to generate wealth makes it the ‘new oil’. However, data is even better than oil as it never exactly depletes or gets destroyed.
It is this indestructible feature of data that has made nations across the world develop data protection laws for protecting the interests of their citizens. European Union’s General Data protection law is one such law that has emerged as an ideal regulation for nations across the world. The UAE does not have a comprehensive data protection law and is in the process of making one.
At the federal level, the Constitution of the UAE provides the right to freedom and secrecy of communication by post, telegraph, or other means of communication. The Penal Code has criminalized the publication of personal data of an individual relating to his private or family life (Article 378 as amended). The Cyber Crimes law prohibits privacy invasion of another through technological means. Further, there is a federal ICT Health Law of 2019, which prohibits the storage or transfer of health data outside of the UAE. The law was aimed at establishing a central electronic system of medical records of the UAE for use within the health industry.
The emirate of Dubai in 2015 developed the first of its kind Data Dissemination and Exchange law with an aim to, optimize the use of Dubai-related data available with data providers and establish rules of governance for data dissemination. The law classifies data into open and shared data where the former could be shared without restriction and the latter only in accordance with the rules determined by the Competent Entity.
In addition, the free zones like Abu Dhabi Global Market (ADGM) and Dubai International Financial Centre (DIFC) have formulated their data protection regulations which are consistent with the European GDPR which ensure a fair balance between the legitimate needs of the businesses along with the individual’s right to privacy. The regulations in ADGM provide for a fine of up to USD 28 million for violations of the regulations.
The Data Protection Law is set to go into force at the beginning of 2022, and is being designed keeping in view the objective of protecting the privacy of the people and institutions and limiting the private companies from generating profits out of personal data.
All firms operating in the UAE, along with those firms outside of the UAE processing personal data of the UAE residents, will need to evaluate their activities and make changes to comply with the new Data Protection Law.
For more information, please contact: