As the world progressed data has gained significant traction in different sectors for its benefits it can offer. You fill in a form, you register for yourself, make an account on social media or you want any technological device, data revolves around everything from your name to many personal details.
Data holds the paramount importance and with this digital influence and vulnerabilities, it is imperative to protect your data and the organisations holding your data to keep it intact from any kind of security breach.
To resolve these severe issues and addressing to the public serious reservation, data protection has evolved into a field called Cyber Security. We will dive into the case of UAE and discuss it in the light of modern day technology, the cyber security. We will discuss policies, laws and regulations in Dubai, UAE and the vicinity with the same administration.
Before indulging into the policies, we need to understand what is privacy and why and how Data is protected and what are the possible challenges one has to counter to undermine security risks.
Data Protection and Data Privacy
The term data protection and privacy have the important difference between the two, but they are often used interchangeably. Privacy with respect to data means to keep the data safe from the possible threat or avoid the vulnerabilities, we can say that who has the access of the data and to how much extent. It involves controlling how data is collected, used, shared, and stored, with a focus on ensuring that individuals have control over their own information. On the other hand data protection refers to the measures and practices implemented to safeguard data from unauthorized access, alteration, destruction, or disclosure. It involves ensuring the confidentiality, integrity, and availability of data, particularly sensitive or personal information.. So this combination of privacy and protection creates an amalgam which is taken as a complexity, so our next step is to learn about the complexities that revolves around data and mainly the data protection.
Complexities of data protection
Data is the foundation of information; information leads to knowledge and knowledge leads to intelligence and intelligence is power. There is little disagreement that data has value. In fact, digital data seems to be the new world currency. Therefore, protecting valuable data assets is a central concern for business continuity management. (Industrial Distribution, 2012).
Information misfortune, information inaccessibility and information defilement all monetarily affect the association. In addition to the fact that we really want to guarantee that information/data is usable and accessible, we likewise need to guarantee that sensitive information/data is shielded from unauthorized or wrongful use.
Safeguarding computerized information doesn’t sound especially testing, as it regularly starts with a basic undertaking: make an additional duplicate. Making and dealing with these additional duplicates, be that as it may, stays one of the most widely recognized problem areas for any association.
Understanding the complexities of data protection requires a holistic approach, covering legal beside with technical and organizational aspects to ensure the responsible handling of data throughout its life cycle. Regular updates on evolving regulations and technologies are essential to maintaining an effective data protection strategy.
General policies and the UAE laws for Data protection
The United Arab Emirates has taken steps to safeguard personal information through the implementation of data protection laws. Notably, the “Federal Decree-Law №45 of 2021 on the Processing of Personal Data,” often referred to as the UAE Privacy Law, serves as the cornerstone of data protection legislation in the country.
Here are key aspects of data protection in the UAE:
Scope and Applicability:
The UAE Privacy Law applies to the processing of personal data within the UAE, whether conducted by government entities or private organizations.
Definitions:
The law defines terms such as “personal data,” “processing,” and “consent” to provide clarity on its scope and application.
Data Protection Principles:
The law incorporates principles similar to those found in other global data protection regulations, emphasizing fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and security. (Federal Decree-Law №45 of 2021)
Lawful Basis for Processing:
Organizations must have a legal basis for processing personal data. Consent, contractual necessity, legal obligations, vital interests, public interest, and legitimate interests are among the lawful grounds for processing. (Federal Decree-Law №45 of 2021)
Data Subject Rights:
The UAE Privacy Law grants individuals’ various rights, including the right to access their data, rectify inaccuracies, object to processing, and request erasure under certain circumstances. (Federal Decree-Law №45 of 2021)
Data Processing Records:
Controllers and processors are required to maintain records of data processing activities and make them available to relevant authorities upon request. (Federal Decree-Law №45 of 2021)
Data Breach Notification:[NI1]
Organizations are obligated to report data breaches to the UAE’s Telecommunications Regulatory Authority (TRA) and affected data subjects when a breach poses a risk to their rights and freedoms.
Cross-Border Data Transfers:[NI2]
The law addresses the transfer of personal data outside the UAE, imposing restrictions and conditions on such transfers to ensure an adequate level of protection. (Federal Decree-Law №45 of 2021)
Data Protection Officer (DPO):
Certain entities may be required to appoint a Data Protection Officer responsible for overseeing compliance with the UAE Privacy Law. (Federal Decree-Law №45 of 2021)
The TRA plays a significant role in regulating and enforcing data protection laws in the UAE. The authority is responsible for issuing guidelines, conducting audits, and ensuring compliance. (Federal Decree-Law №45 of 2021)
Penalties for Non-Compliance:
Non-compliance with the UAE Privacy Law may result in fines and other penalties. The severity of penalties depends on the nature and gravity of the violation. (Federal Decree-Law №45 of 2021). For tailored support navigating these complexities, explore our Legal Integrity services for PDPL compliance and legal risk management.
To study in detail, you can see their official website for all types of laws, rules and regulations. The link to the page is attached herewith. https://shorturl.at/jCJO2
Criminal Laws
Here’s a closer look at UAE criminal law related to data protection and privacy:
Core Legislation:
Federal Law No. 3/1987 (UAE Penal Code) with Amendments:
Article 431: Protects privacy and family life. Criminalizes activities like eavesdropping, recording private conversations, or taking pictures without consent. Penalties include imprisonment and fines.
Articles 378 & 379 (as amended): Focus on unauthorized disclosure of private information:
Article 378: Publicizing someone’s personal data related to their private or family life is a crime (unless authorized by law or with consent).
Article 379: Expands on this, criminalizing the divulging of “secrets” obtained by virtue of profession, position, or similar means. This can be interpreted broadly to include unauthorized disclosure of personal data. Penalties include imprisonment and fines, potentially harsher for public officials.
Federal Decree-Law No. 34 of 2021 on Countering Rumors and Cybercrimes: Makes collecting and processing personal data in violation of the law a criminal offense. This strengthens the enforcement of data protection regulations.
These laws together establish a framework for criminal prosecution in cases of data breaches, unauthorized access, and misuse of personal information.
It’s essential for organization’s operating in the UAE to stay informed about updates and changes to data protection regulations. They should implement robust data protection practices, conduct privacy impact assessments, and establish mechanisms for ongoing compliance with the law to protect the privacy rights of individuals and avoid legal consequences.
Data protection is a complex task, with the importance the data owns, it needs to be handled with care. To unleash the potential which data can offer would have serious challenges which needs a more detail article which we will discuss in our upcoming publications.
References:
- https://www.lexology.com/library/detail.aspx?g=2598bd6c-f645-4b27-a99e-20be4d31c32e#:~:text=31%2F2021%20on%20the%20Issuance,in%20jail%20terms%20and%20fines.
- https://u.ae/en/about-the-uae/digital-uae/data/data-protection-laws
- https://iclg.com/practice-areas/data-protection-laws-and-regulations/united-arab-emirates
- https://www.planetcrust.com/navigating-the-complexities-of-data-privacy-and-compliance-in-low-code-platforms?utm_campaign=blog
- https://www.linkedin.com/pulse/navigating-complexities-global-data-protection-5hfie/?trk=article-ssr-frontend-pulse_more-articles_related-content-card