Last week, the United Arab Emirates (the UAE) Minister of State for Digital Economy, Artificial Intelligence and Remote Working System (the Minister) announced that the UAE will introduce a new federal data protection law (the New Law). The announcement came as part of the UAE’s golden jubilee event held by the UAE government with the participation of 6 ministers, to announce the first set of 50 projects, following the announcement by His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President, Prime Minister of the UAE and Ruler of Dubai, on social media of the “Projects of the 50’” that aim to bolster the growth of the country and establish a comprehensive development cycle for the next 50 years.
The New Law
The Minister stated that the New Law would take into consideration “every single data law on the planet” and would be the first law of its kind in the UAE. This is because it will be drafted in partnership with major technology companies and is intended to give individuals the freedom to control the way their personal data is used, stored and shared in a way that supports individuals’ and institutions’ privacy in the country, and limits the profit of some entities from circulating this data. He also added that the New Law has the lowest cost of compliance so as not to be a burden on small and medium-sized enterprises (SMEs) or increasing burdens on commercial companies. The New Law would ensure international companies based in the UAE would not be hindered by local concerns in order to ensure a seamless and smooth transfer across borders.
Current Local Data Protection Laws
Currently, there is no unified comprehensive data protection legislation applying onshore in the UAE and there is no single national data protection regulator. An individual’s right to privacy is protected under several onshore laws and the responsibility for managing and enforcing sector-specific laws typically rests with the relevant authority. The UAE, however, has a number of special economic free zones, the Dubai International Financial Center (DIFC), the Abu Dhabi Global Market (ADGM) and the Dubai Healthcare City (DHCC). Each has enacted separate data protection laws applicable to businesses operating in the relevant zone.
Conclusion
The idea of introducing a unified federal data protection law has been proposed at various times over years. This is a unique opportunity for the UAE to build a framework for data protection that fosters an innovative business environment. It is expected that the New Law would provide an adequate level of protection to individuals and institutions and align the UAE’s data protection framework with international data protection regulations, including the EU’s General Data Protection Regulation (GDPR).
THINC is at the forefront of important developments and is well placed to assess its impact on your organisation. We will provide general guidance on the New Law once it is officially released.