Personal Data Protection Law

Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data, also known as the Personal Data Protection Law constitutes an integrated framework to ensure the confidentiality of information and protect the privacy of individuals in the UAE. It provides a proper governance for data management and protection and defines the rights and duties of all parties concerned.

Provisions of the law

Here are some of the provisions of the law in brief:

1. The provisions of the law apply to the processing of personal data, whether in full or part through electronic systems, inside or outside the country.

    

2. The law defines the controls for the processing of personal data and the general obligations of companies that have personal data to secure it and maintain its confidentiality and privacy. It prohibits the processing of personal data without the consent of its owner, except for some cases in which the processing is necessary to protect a public interest or to carry out any of the legal procedures and rights.

    

3. The law gives the owner of the data the right to request for corrections of inaccurate personal data and to restrict or stop the processing of his personal data.

    

4. It sets out the requirements for the cross-border transfer and sharing of personal data for processing purposes.

The Personal Data Protection Law is the first federal law to be drafted in partnership with major technology companies in the private sector. It came into force on 2 January 2022.

Related links

• Federal Decree Law No. 45 of 2021 Regarding the Protection of Personal Data - (PDF, 350 KB - available in Arabic only).

Data and privacy protection

Other laws related to data protection and privacy include:

Consumer protection law

The Federal Law No. 15 of 2020 on Consumer Protection protects all consumer rights, including the data of the consumers and prohibits suppliers from using it for marketing. Also, there is Data Protection Law, DIFC Law No 5 of 2020. 

Law about the use of ICT in the health sector 

Federal Law No. 2 of 2019 Concerning the Use of Information and Communication Technology (ICT) in Health Fields regulates the use of information and communication technology (ICT) in the health care sector in the UAE, including its free zones. 

Law on combatting rumours and cybercrimes

Federal Decree Law No. 34 of 2021 on Combatting Rumours and Cybercrimes provides a comprehensive legal framework to address the concerns relating to the misuse and abuse of online technologies. It aims to enhance the level of protection from online crimes committed through the use of information technology, networks and platforms.

Internet Access Management (IAM) policy

Telecommunications and Digital Government Regulatory Authority (TDRA) implements the Internet Access Management (IAM) policy in the UAE, in coordination with National Media Council and Etisalat and Du, the licensed internet service providers in the UAE. Under this policy, online content that is used for impersonation, fraud and phishing and/or invades privacy can be reported to Etisalat and Du to be taken down.

Read more about UAE laws and resolutions concerning activities conducted online.

Electronic Transactions and Trust Services law

The law regulates the validity of electronic documents and boosts the legal value of digital signature and the level of its security. It provides provisions for eTransactions, the way eDocuments should be stored and saved, and sent and received to be valid. It also sets licensing requirements for trust services providers who are duly licensed to create, validate and preserve eSignatures, eSeals and digital certification.

The UAE’s Constitution

Article 31 of the UAE’s Constitution provides for the freedom of communication by means of post, telegraph or other means of communication and guarantees their confidentiality in accordance with the law.

Protection of copyrights, patents and trade marks

Find out laws that ensure protection of copyrights, patents and trademarks. 

Protection of credit information 

Read about the Federal Law No. 6 of 2010 on Credit Information and its amendments (Arabic only).

Dubai Data law

The government of Dubai passed the Dubai Data law. One of its aim is data protection and privacy of the individual.

Read Citizens' right to access government information. 

UAE Data Office

The UAE Data Office will act as the federal data regulator in the UAE. The office which is affiliated with the UAE Cabinet will be responsible for:

• preparing policies and legislations related to data protection
• proposing and approving the standards for monitoring Personal Data Protection Law
• preparing systems for complaints and grievances related to data
• issuing guidelines and instructions for the implementation of the law.

Related links

• UAE Federal Decree Law No. 44 of 2021 on the establishment of the UAE Data Office.