How Is Data Being Protected in UAE?
In late 2019, Telecommunications Regulatory Authority (TRA) of UAE confirmed the issuance of a national cyber security strategy in order to follow the data protection policies under the General Data Protection Regulation (GDPR), Europe. The intention behind promulgation of the new law is to ensure stricter penalties and to curb ever-increasing cyber crime or risks. The upcoming amendment in the cyber law has urged the Lawyer in Dubai to share their valuable thoughts on the concerned subject matter in below paragraphs.
Present Scenario
UAE has not issued any specific data-protection law so far, albeit an interwoven of different laws offering few privacy rights and forbids certain activities, including the divulgence of electronic information illegally. There are specific provisions under different laws regulating right to privacy under specific circumstance, outlined as below:
UAE Constitution: The Constitution of UAE offers the right of freedom to communicate through post; the law shall secure telegraph and other communication means and confidentiality and privacy of the same.
UAE Civil Code: Federal Law number 5 of 1985 confirms and authorized an individual who had suffer wrongful infringement of rights has the right to seek compensation. Additionally, an illegal invasion of right to privacy provided under constitution constitutes a wrongful act allowing the victim to seek damages.
UAE Criminal Code: The law forbids any individual having personal information to reveal it in public domain, even if it is true and failure to abide by this law will invite imprisonment and/or fine. The law further involves corporate entities and their directors or partners can be held responsible for revealing any confidential data.
Cyber-Crime LAW: in 2012 UAE government issued Federal Law number 5 of 2012 to majorly regulate the misuse of any electronic information, including, but not limited to, hacking, personification, fraud, phishing and other internet related crimes.
Apart from the foregoing law, two major financial free zones such as DIFC (Dubai International Financial Centre) and ADGM (Abu Dhabi Global Market) that has their own data protection laws such as DIFC Law number 1 of 2007 as amended by 2012 and Data Protection Regulations 2015 as recently amended by 2018.
To conclude, I believe that the recent amends in the cyber-crime law and the intention of issuing a new data protection law will protect individual interest on an international level. Nevertheless, there are multiple questions in such regards, which can only be answered upon the release of the law and its implementation. In a broader sense, the data law will protect personal information and will allow the release of non-personal information in a legal way.