Egypt's New Data Protection Law: Insights and Legal Considerations
Khodeir & Partners
We are your strategic partner, throughout your investment quest in Egypt
Egypt’s New Data Protection Law: Insights and Legal Considerations
This article covers the following:
(1)??The key considerations addressed by the new Data Protection Law (“DPL No. 151 of 2020”);
(2)??The thresholds and guidelines now in place for collecting, processing, and dealing with personal data; and
(3)??The impact of the new DPL on businesses in Egypt.
Scope
The DPL has been legislated to protect individuals from the exploitation of their personal data. It achieves so by establishing the rights of individuals and placing well-defined responsibilities upon organizations handling personal data. The DPL imposes obligations and sanctions on any individual or legal entity which breaches its provisions. The DPL applies to:
(1) Nationals of Egypt living both inside and outside Egypt;
(2) Non-Egyptian Nationals living inside Egypt; and
(3) Non-Egyptian Nationals living outside Egypt where the act performed in violation of the DPL, affects an individual who qualifies under (1) or (2) above, and is “punishable by any means in the country in which the violation took place”.
The DPL extends its scope of application to electronically available personal data relating to individuals (or “Data Subjects”); such as their name, National Identification Number, voice, photo and contact number. The nature of the data covered by the DPL also extends to a Data Subject’s date of birth, gender, extra-curricular activities they are engaged in and any websites they appear on. Moreover, the umbrella protected by the DPL also covers any data that could reveal the Data Subject’s health (physical or psychological), wealth, as well as their cultural and social personas/ID entities.
Main Principles
The DPL covers a wide range of matters by consolidating the general data protection regime in Egypt. For the Data Protection regime to operate effectively, the legislator stipulates various principles that govern its implementation.
To begin with, the minimization principle for data collection (Principle 1) ensures that data is used solely for the purposes expressly consented to by the Data Subject. In addition to the minimization principle, the principles of accuracy and security (Principle 2) ensure that all data collected on a person must be correct, accurate, valid and kept secure from third parties. Moreover, the principle of lawfulness of purpose (Principle 3) ensures that the data is all collected in a legitimate manner and in compliance for the particular purpose it is collected for. Finally, the principle of limiting the storage of data (Principle 4) ensures that where data is kept for a particular purpose, once such purpose expires and/or ceases to be of relevance, the data must be deleted.
The executive regulations of the DPL define the policies, procedures, controls and thresholds for collecting, processing, preserving and insuring such data.
For any processing to take place over personal data to be considered "lawful"; the DPL sets out four (4) categories which such processing must fall under.
These categories are:?
“(1) Personal data processing takes place upon the consent of the Data Subject for the achievement of a certain goal;?????
(2) Personal data processing is crucial for the performance of a contractual obligation or legal action, the execution of an agreement for the benefit of the Data Subject, or the undertaking of any procedure with respect to claiming or defending the Data Subject's legal rights; ?
(3) Personal data processing is necessary for performing a legal obligation or an order issued by the competent investigation authorities or it is based upon a judicial ruling; or
(4) Personal data processing is necessary for enabling the Controller to perform its obligations or any relevant person to practice its legitimate rights unless such processing of personal data contradicts the Data Subject’s fundamental rights and freedom”.
As explained above, for any personal data processing to be done in accordance with the DPL, it must fall under one of these four (4) categories.
Particulars of the DPL: Licensing and Permissions
The DPL stipulates that a new regulatory authority shall be put in place to protect personal data and assist in the implementation of the DPL methodology and regulate its impact (the “Authority”). The Authority is responsible for providing Controllers and Processors with the relevant licenses and permits required for the processing of personal data. In the context of the DPL, Controllers are persons/entitles with the right to obtain personal data and determine the conditions and nature processing. Processors on the other hand, are responsible for processing information for themselves; as well as for the Controllers following receipt of written instructions from the Controller or the Authority.
The costs of the aforementioned licenses reach 2,000,000 EGP (Two Million Egyptian Pounds). Such licenses are required for particular activities, which include:
(1)?Data safeguarding, management and processing functions;
(2)?Electronic marketing and associated procedures;
(3)?The processing of material categorized as sensitive data; and
(4)?Transfers of personal data across borders.
The Authority is, as mentioned, responsible for such licensing procedures as well as for handling any complaints received in relation to the DPL; it is also responsible for sanctioning any violations in accordance with precautionary measures set out in the DPL. In addition to its primary functions set out herein, the Authority also supervises, inspects and monitors the work done by persons or legal entities allocated with the task of handling personal data.
Foreseeable Impact
In anticipation for the impact of the DPL, entities should begin making concessions for the introduction of the DPL including considering potential licenses that may be needed depending on the nature of their businesses and in light of the DPL; as well as regular record-keeping and monitoring for the nature of the personal data held by such entitles, the sources used to attain such data and the ways by which they use it. In addition, the legal representative of the juristic person, with respect to any controller or Processor, shall appoint within its legal entity and its personnel structure, a competent employee to be responsible for the protection of Personal Data, by registering such employee in the record designated for the Data Protection Officers held at the Center, and Natural Persons who are Controllers or Processors who is a natural person, shall be responsible for the application of the provisions of this law. Taking into consideration the appointment methods, hiring criteria, budgeting and Human Resources considerations are all aspects that ought to be considered in preemption for the obligation to hire a Data Protection Officer in accordance with the provisions of the DPL.
?Moreover, there are procedural methodologies and business policy matters to consider while implementing the impacts of the DPL in business structures; these include keeping individuals informed of the data collection and subsequent data protection policies in place, including the purpose, scope and use of such data. In addition, corporate entities must consider setting up a data subject request procedure which helps efficient dealing with data subject requests and responding to them. Finally, businesses need also give due consideration to their methods of detecting violations of the law, breaches in privacy regulations, as well as investigating and reporting any such personal data breaches internally; in order to avoid sanctions which may be fines as high as 5,000,000 EGP (Five Million Egyptian Pounds).
?It would be our pleasure to assist you in finding out more about the impact of the Data Protection Law and what your business needs to do in order to comply with its provisions.
?Finally, our firm will be taking a lead on a campaign to promote awareness about the DPL and its impact on local and foreign business and investors; we look forward to sharing such insights with our clients and followers.
Authors:
-Hanan El Dib, Partner and Head of Corporate Advisory, Khodeir and Partners
-Nour Samy, Associate, Khodeir and Partners
????? ????? ???????? ???????: ???? ???? ????????? ???????
领英推荐
?? ??? ?????? ?????? ??????? ???????:
?
(?) ?????????? ???????? ???? ???? ????? ????? ????? ???????? ??????? ?????? ??? 151 ???? 2020 ("????? ????? ????????")? (?) ???????? ???????? ??????? ????? ????? ???????? ???????? ???????? ?
(?) ????? ????? ????? ???????? ??? ???????.
??? ????? ????? ???????? ??????? ?????? ??????? ?? ??? ??????? ???????? ???????? ???? ?? ???? ????? ???? ???????? ???? ???????? ????? ??????? ????? ???? ??? ???? ?????? ???? ?????? ?? ???????? ???????.
???? ????? ??? ??????? ??? ?? ??:
(?) ???????? ???? ????????? ?? ???????
(?) ??? ???????? ???????? ???? ?????????? ?
(?) ??? ???????? ???? ????????? ??? ???? ??????? "??????? ????? ?? ?????? ???? ??? ???? ???????? ??? ?? ??? ?????? ????? ???????? ??? ??????? ??????? ?? ????? ?????? ???? ?????????".
???? ???? ????? ????? ???????? ?????? ??? ????? ????? ??? ???????? ????? ??????? ?????????? ??????? ????????? ???????? ???? ??? ??????? ?????? ??????? ??????? ???????? ?????? ?????? ???????.
????? ????? ???????? ???? ?????? ????? ????? ???????? ???? ???: ????? ????? ??????? ???????? ??????? ????????? ???????? ?? ?? ????? ????????? ?????? ???. ??? ???? ???? ??????? ???? ?????? ????? ????? ???????? ??????? ???? ??? ???????? ???? ???? ?????? ???????? ?? ??????? ?? ??????????? ?? ????????? ?? ?????????? ??????? ???????.
??????? ????????
???? ????? ????? ???????? ???? ??????? ???? ????? ???? ????? ???????? ????? ?? ???. ???? ???? ??? ?????? ???????? ?? ??? ???? ?????? ??????. ??? ?? ??????? ??? ???? ????? ?????? ?????? ?????? ?????? ?????? ??????? ?? ???? ????????: ?????? ?? ???? ???????? ??????? ?????? ?????? ?????? ?????? ????? ??????? ??????? ?? ???? ???????? ????? ?????? ??????? ??????? ?? ??? ?????? ???????? ?????? ?????? ??????? ??????? ???? ?? ??????? ??? ?????? ??????? ???? ????? ?????????? ????????? ?????? ?????? ?? ??????? ??????????? ?????????? ?????????? ???????? ??????.
?
????? ??????? ????????? ???? ??????? ???????? ?????????? ???????? ????????? ???????? ???? ??????? ???? ?????? ??? ???????? ????? ???????. ? ??? ???????? ??????????? ?????? ???????? ?? ??? ???? ?? ?? ??????? ??????:
(?) ?????? ????? ?????? ????????? ??? ????? ???????? ?? ??? ????? ??? ???? ?? ?????
(?) ?? ???? ?????????? ????? ??????? ???????? ???????? ????????? ?? ???? ???????? ?? ??????? ??? ????? ????? ?????? ?????????? ?? ??????? ?? ?? ??????? ???????? ??????? ????????? ?? ?? ?????? ?????
(?) ?? ???? ?????????? ???? ????? ?????? ????? ??????? ?? ??? ?? ???? ??????? ??????? ?? ????? ??? ??? ?????? ??
(?) ?? ???? ?????????? ?????? ??????? ?? ?????? ?????????? ????????? ?? ?? ?? ??? ?? ?????? ????? ????????? ?? ?? ?????? ??? ?? ?????? ???????? ???????? ????? ?????? ?????????.
???????? ?????????
??? ????? ????? ???????? ??????? ??? ????? ???? ????? ???????? ??????? ("??????"). ???? ?????? ????? ?? ?????? ?? ??????? ??????? ???????? ???????? ????? ???? ?????? ?????? ???????? ????????? ??????? ??????? ???????? ???????.
???? ?????? ?????? ???????? ????????? ??????????? ?????? ???????? ???? ?????? ?????? ???? ?? ??? ????. ??? ?????? ????? ??? ???????? ???? ????? ??? 2,000,000 ???? ????? ?????? ??????? ??? ???????? ??????? ??????:
?
(?) ????? ???????? ?? ???????? ??????? ??????? ?? ??????? ?????? ?????? ??? ????????? ???????? ????? ??????????
(?) ????? ???????? ?? ???????? ??????? ?????? ?????? ??????? ?????????? ????????
(?) ????? ???????? ?? ???????? ??????? ??????? ?? ??????? ???????? ??????? ??? ????????? ???????? ???
(?) ????? ???????? ?? ???????? ??????? ???? ???????? ??????? ??? ?????? ?? ???? ??????.
?
???? ?????? ???? ????? ?? ????? ???????? ?? ??? ?? ????? ?? ???? ?????? ????????? ?? ??????? ?????? ????? ????? ???????? ??????? ???? ????????? ?????????? ???? ?? ????? ??????? ????????? ??? ????? ???????? ??????? ???? ?? ???????? ???? ?????? ???? ??? ????? ???? ???? ?? ??????? ????????? ??????? ????? ??????? ?? ???????? ??????? ??????? ???????? ??? ?? ???? ???????.
?
????? ??????? ??? ???????
??? ??? ??????? ?? ???? ????? ?? ???????? ?? ??? ?????? ??????? ????? ????? ?????? ??????? ?? ?? ???????. ????????? ??? ???? ???? ????? ????? ???????? ??????? ??????? ??? ??????? ?????????? ?????? ???? ????? ????????? ????? ????? ?? ????? ????? ??????? ?????????? ??????? ????? ????? ???????? ???? ??? ??? ??????? ?????? ?????? ??????? ??????? ??????? ?? ??? ????? ????? ?? ?????????? ?? ????? ????????? ???????.
?
????? ??????? ???? ???? ??????? ????????? ?????? ???????? ????? ?????????? ??? ????? ?? ????? ??? ???? ???? ????? ???????? ?????? ???????? ?????? ?????? ??????? ?? ????? ???????? ???????? ???? ????? ?? ??? ?????? ????? ???????? ??????? ???????? ?? ?????? ?????? ??????? ??????? ??????? ?????? ???? ????? ????????.
?
???? ??? ?? ???? ???? ??????? ??? ??? ?????? ??????? ???????? ???????? ?????? ????? ???????? ??????? ??????? ?????????. ????? ??? ????????? ?????: ?????? ?? ?? ???????? ???????? ?? ?????? ??? ??? ??? ?? ???? ??????? ?? ??? ???????? ??? ????? ?? ?????? ?????? ??? ????????? ????? ?????? ?? ??? ???????? ??????? ??????????. ???????? ??? ???? ??? ??? ??????? ?? ???? ?? ?? ??????? ?? ???????? ????? ??????? ?????? ???? ???????? ???? ???????? ????? ?? ??? ???? ???????? ?????????- ??? ??? ???? ???????? ??? 5,000,000 ???? ????.
?????? ?? ????????? ?? ????? ????? ???????? ???????? ????? ??? ????? ???? ?? ???????? ?????? ??????? ????. ???? ?? ???? ???????? ???? ???? ?????? ??????? ??? ???? ????? ????? ?? ????? ????? ??????? ???????.