In March of this year, the UAE issued Law No. 2 of 2019 Concerning the Use of Information and Communication Technology in the Area of Health (the Healthcare Data Law), which governs the use of health data and information generated in the UAE. The law takes effect three months after issuance.
The United Arab Emirates Penal Code was amended with effect from October 29, 2016 to outlaw the copying, distribution or disclosure of information that a person obtains in the course of their employment. This new offence will target company insiders (or service providers) unlawfully dealing in personal data. Other changes to the Penal Code will increase the maximum penalty payable by organisations for criminal acts committed by their representatives.
A recently-reported court case in the United Arab Emirates has highlighted the importance of establishing and implementing good privacy practices, even in the absence of specific data protection legislation.
In late 2014, the UAE public prosecutor charged three officials from
Dubai has issued a new law regulating the dissemination and exchange of data in the Emirate. This is one of the first open data initiatives in the Middle East and is being promoted by the Prime Minister’s office as a significant step forward in Dubai’s cyber legislation and smart city ambitions.
While the Duke of Cambridge’s request for global media to respect the privacy of his son, Prince George, has started a debate over the extent to which individuals in the UK can rely on legal measures to prevent the publication of intrusive photographs, the position is somewhat clearer in the United Arab Emirates with specific provisions of the UAE Copyright Law granting protection to persons who appear in photographs.
Omnibus data privacy laws are few and far between in the Middle East. None of the six states of the Gulf Co-Operation Council (GCC)—which comprises Saudi Arabia, Kuwait, Oman, Qatar, Bahrain and the United Arab Emirates—have issued national privacy legislation, although several have draft regulations under consideration.
By contrast, the financial “free zone” jurisdictions of Dubai International Financial Centre (DIFC) and Qatar Financial Centre (QFC) have both adopted European-style data protection regulations.
Abu Dhabi Global Market (ADGM) is the proposed new financial services free zone on Al Maryah Island in the UAE’s capital city of Abu Dhabi. Like DIFC and QFC, it will have independent courts of first instance and appeal to oversee the jurisdiction of the free zone.
Unlike its more established neighbours, though, ADGM has decided not to introduce general legislation regulating the handling and processing of personal data in the first wave of draft regulations issued for public consultation this month.
There are, however, proposals to place certain limited obligations on employers operating in ADGM in relation to personal data relating to their employees.