Personal Data Protection Law
The Personal Data Protection Law, Federal Decree Law No. 45 of 2021 regarding the Protection of Personal Data, constitutes an integrated framework to ensure the confidentiality of information and protect the privacy of individuals in the UAE. It provides a proper governance for data management and protection and defines the rights and duties of all parties concerned.
Provisions of the law
Here are some of the provisions of the law in brief:
- The provisions of the law apply to the processing of personal data, whether in full or part through electronic systems, inside or outside the country.
- The law defines the controls for the processing of personal data and the general obligations of companies that have personal data to secure it and maintain its confidentiality and privacy. It prohibits the processing of personal data without the consent of its owner, except for some cases in which the processing is necessary to protect a public interest or to carry out any of the legal procedures and rights.
- The law gives the owner of the data the right to request for corrections of inaccurate personal data and to restrict or stop the processing of his personal data.
- It sets out the requirements for the cross-border transfer and sharing of personal data for processing purposes.
The Personal Data Protection Law is the first federal law to be drafted in partnership with major technology companies in the private sector. It will come into force on 2 January 2022.
Read about Personal Data Protection Law on this private website.
Data and privacy protection
Other laws related to data protection and privacy include:
Consumer protection law
The Federal Law No. 15 of 2020 on Consumer Protection protects all consumer rights, including the data of the consumers and prohibits suppliers from using it for marketing.
Data Protection Law, DIFC Law No 5 of 2020- Dubai International Financial Centre
Protection of health data and information
Federal Law No. 2 of 2019 Concerning the Use of Information and Communication Technology (ICT) in Health Fields (available in Arabic) regulates the use of information and communication technology (ICT) in the health care sector in the UAE, including its free zones. Read more about the law.
Protecting data and privacy online
- Law on combatting rumours and cybercrimes
Federal Decree Law No. 34 of 2021 on Combatting Rumours and Cybercrimes (available in Arabic only) provides a comprehensive legal framework to address the concerns relating to the misuse and abuse of online technologies. It aims to enhance the level of protection from online crimes committed through the use of information technology, networks and platforms.
- Internet Access Management (IAM) policy
Telecommunications and Digital Government Regulatory Authority (TDRA) implements the Internet Access Management (IAM) policy in the UAE, in coordination with National Media Council and Etisalat and Du, the licensed internet service providers in the UAE. Under this policy, online content that is used for impersonation, fraud and phishing and/or invades privacy can be reported to Etisalat and Du to be taken down.
Read more about UAE laws and resolutions concerning activities conducted online.
Electronic Transactions and Trust Services law
The law regulates the validity of electronic documents and boosts the legal value of digital signature and the level of its security. It provides provisions for eTransactions, the way eDocuments should be stored and saved, and sent and received to be valid. It also sets licensing requirements for trust services providers who are duly licensed to create, validate and preserve eSignatures, eSeals and digital certification.
The UAE’s Constitution
Article 31 of the UAE’s Constitution provides for the freedom of communication by means of post, telegraph or other means of communication and guarantees their confidentiality in accordance with the law.
Protection of copyrights, patents and trade marks
Find out laws that ensure protection of copyrights, patents and trademarks.
Protection of credit information
Federal Law No. 6 of 2010 on Credit Information and its amendments. (Arabic only).
Dubai Data law
The government of Dubai passed the Dubai Data law. One of its aim is data protection and privacy of the individual.
Read more about:
UAE Data Office
The UAE Data Office will act as the federal data regulator in the UAE. The office which is affiliated with the UAE Cabinet will be responsible for:
- preparing policies and legislations related to data protection
- proposing and approving the standards for monitoring Personal Data Protection Law
- preparing systems for complaints and grievances related to data
- issuing guidelines and instructions for the implementation of the law.
- UAE Federal Decree Law No. 44 of 2021 on the establishment of the UAE Data Office.