Comparative Guides

Welcome to Mondaq Comparative Guides - your comparative global Q&A guide.

Our Comparative Guides provide an overview of some of the key points of law and practice and allow you to compare regulatory environments and laws across multiple jurisdictions.

Start by selecting your Topic of interest below. Then choose your Regions and finally refine the exact Subjects you are seeking clarity on to view detailed analysis provided by our carefully selected internationally recognised experts.

4. Results: Answers
FinTech
5.
Data security and cybersecurity
5.1
What is the applicable data protection regime in your jurisdiction and what specific implications does this have for fintech companies?
Iraq

Answer ... There is no specific data protection regime in Iraq. Generally, the processing of personal data is governed by the general rules under applicable Iraqi laws, including the Iraqi Constitution of 2005, the Civil Code and the Penal Code.

In general, the Iraqi Constitution protects the right to personal privacy, so long as it does not contradict the rights of others and public morals. It further stipulates that the freedom of communication and correspondence shall be guaranteed and may not be monitored, wiretapped or disclosed, except for legal and security reasons necessitated by judicial decision. Certain criminal acts as defined in the Penal Code may be linked to the improper use of personal data, such as defamation and disclosure of confidential information.

More specifically, certain provisions of several laws and regulations are applicable to data protection in the fintech space. These include the following:

  • The Banking Law (94/2004) requires banks to maintain banking and professional secrecy with regard to accounts, deposits, securities and clients’ deposit boxes. Clients’ data must not be directly or indirectly disclosed without their written consent.
  • Employees of the Iraq Securities Commission, established by virtue of Coalition Provisional Authority Order 74/2004, must not disclose any confidential information that comes to their knowledge in the course of their job, subject to sanctions imposed by the commission. Moreover, brokers must keep investors’ private information confidential.
  • Payment service providers must take the necessary steps to store and protect clients’ data against disclosure, destruction, misuse, loss and theft, and maintain secrecy in banking transactions.

For more information about this answer please contact: Lama Abou Ali from Aljad Law
5.2
What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for fintech companies?
Iraq

Answer ... There is no general cybersecurity regime in Iraq. Draft laws on cybercrimes and telecommunications and information technology have been prepared, but have not yet been enacted, and their content may be subject to review by the Iraqi Parliament before their enactment.

Nevertheless, certain provisions found in several laws and regulations are applicable to cybersecurity in the fintech space. These include the E-signature and E-transactions Law (78/2012), the Electronic Payment Services Regulation (3/2014) and Central Bank of Iraq Decision 14/611 of 2019, which compel banks, financial institutions and other licensed institutions such as payment service providers to implement measures to mitigate cybersecurity risks. These measures include:

  • user identity management systems;
  • identification and protection of personal data and security; and
  • protection systems that prevent hacks and attacks.

For more information about this answer please contact: Lama Abou Ali from Aljad Law
Contributors
Topic
FinTech