At the end of last year, Qatar became the first Gulf state to
enact a comprehensive privacy law. Until now, the many companies
that market to consumers or have employees based in Gulf
Cooperation Council (GCC) countries have had to determine their
local practices based on the various countries' patchwork of sector-specific laws and
regulations, as well as the differing privacy regimes in force in
the region's business-focused free zones. Now, at least in Qatar, the
Personal Data Privacy Law ostensibly serves as a single law
governing the collection and processing of data subjects'
personal information, and may serve as an exemplar for future GCC
The text of the law does not appear to be available online in
English at present, but the Qatari government has issued a statement summarizing some of the law's
most important points. Although questions remain as to the scope
and meaning of some of the law's provisions, the statement
provides some indication of the types of companies and practices
that will fall within the law's purview.
Prior consent is an important
component of the new law. Data subjects' consent is required
before their personal data may be "used by an
organization." Along those same lines, the law forbids
businesses from sending an individual "direct marketing
messages" without obtaining that individual's consent.
Although the scope of the term "direct marketing
messages" is not apparent from the text of the statement, it
indicates that companies engaged in direct marketing in Qatar
should review their policies and privacy notices to ensure that
they are obtaining the consent of Qatari consumers.
The law imposes certain data
protection-related responsibilities on organizations, including the
responsibility to ensure that "data handlers are properly
trained." Again, although the scope of this requirement is not
entirely clear, companies doing business in Qatar should review
their training policies or consider implementing such policies if
they have not done so already.
Article 17 of the law requires owners
and operators of websites "related to children" (another
term that remains unclear for the time being) must post a policy
explaining how they handle minors' personal information, and
must obtain parental consent in order to process minors'
While this post provides a brief overview of some of the most
important aspects of the law, companies collecting the personal
data of Qatari consumers and/or employees should review the
law's requirements to ensure compliance.
Data security and cyber breaches are becoming an almost daily occurrence, as is widely reflected in increased publicity and media reports, which also demonstrate that data breaches are growing both in frequency and scope each year.
Is it high time for technology-driven regulation? Unmanned areal vehicles become a commodity with an exponential increase in their use for commerce, agriculture, industry, law enforcement and recreation.
The District Court for the Central District of Israel denied a Facebook motion to dismiss a 400 million dollars class action, on grounds of improper venue, lack of jurisdiction and erroneous application of the Israeli law.
It took the Israeli Justice Department almost 7 years to pass the new regulations. For over 30 years, the Israeli market and public authorities were subject to a vague and outdated set of information...
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).