This is the third article published by Clyde & Co's Commercial Group relating to data protection and privacy in the Middle East. 

Data protection and privacy are important considerations for all businesses.  Failing to treat personal information in accordance with legislative requirements and best practice can have an adverse effect on a company's reputation, its employees and its customers.

Specific data protection regimes are now in place in many jurisdictions.  Awareness of the implications of data protection and privacy issues is increasing around the globe, including in the Middle East, where there have been a number of developments in recent months.

This article provides a brief overview of data protection and privacy in the State of Qatar (Qatar).

Qatar currently does not have a specific body of legislation addressing matters of data protection and privacy.  Instead, Qatar's data protection and privacy regime is comprised of a variety of provisions found in other laws including the Qatari Penal Code, the Qatari Trade Secrets Law, the Qatari Constitution, the Qatari Telecommunications Law, the Qatari Labour Law, the banking regulations issued by the Qatar Central Bank (QCB), and most recently the Qatari E-Commerce Law.

While compliance with the various data protection and privacy requirements presents a challenge in the absence of a single unified body of legislation, non-compliance can result in fines being imposed and, in extreme cases, the imprisonment of those individuals in breach of the requirements.

The following are examples of the various legislative sources relating to data protection and privacy in Qatar.   

The Qatari Constitution provides that an individual's privacy must be respected.  Furthermore, it provides that an individual may not have his or her privacy, family affairs, residence, correspondence, honour or reputation interfered with unless that interference is permitted under Qatari law.

The provisions of the Qatari Penal Code make it an offence for an individual to disclose secret or confidential information entrusted to him or her by virtue of his or her position or job.  Although the terms 'secret' and 'confidential' are not specifically defined, it is likely that information acquired by virtue of an individual's role or position within a company and to which a person would not normally be privy, would constitute such information.

The Qatari Trade Secrets Law gives certain rights to the owner of a 'Trade Secret', such as the right to dispose, protect, and prohibit any third party from misusing that 'Trade Secret' .  According to the Qatari Trade Secrets Law, a 'Trade Secret' will include information which derives its commercial value because it is secret:

Qatari banking regulations provide that customer information held by banks, financial institutions and investment companies is to be treated as confidential, and that such information should not be disclosed to third parties without the agreement of the customer to which the information relates.

The Qatari Labour Law provides that an employee has an obligation to keep confidential information and secrets relating to his or her employer confidential. In accordance with the Qatari Labour Law, an employer may dismiss an employee without notice and without payment of end of service gratuity if that employee discloses confidential information or secrets relating to his employer.

The Qatari Telecoms Law requires service providers to operate their telecommunications networks, facilities and related systems with due regard for the privacy rights of their customers, and holds the service providers responsible for protecting customer data in their custody.  The law also prohibits service providers from collecting, using, retaining or advertising any customer information unless the approval of the customer to whom the information relates has been obtained.  

As with the Qatari Telecoms Law, the recent Qatari E-Commerce Law requires service providers to specify the purpose for collecting customer data, and prohibits those providers from collecting, using, retaining, or disclosing their customer personal information unless they have the consent of each of the customer to whom the information relates, or in accordance with the Qatari law. 

Clyde & Co will be publishing a bulletin on data breaches in the Qatar Financial Centre in the near future. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.