New updates on cybercrime law in the UAE - taking photos without consent

A recent reminder was issued by the UAE Federal Public Prosecution reminding citizens, residents and visitors in the United Arab Emirates on the country's strict privacy laws. The United Arab Emirates has a very proactive and comprehensive cybersecurity strategy and has developed a strong cybersecurity infrastructure. Cybercrimes in UAE are regulated under Federal degree law number 5 of 2012, and its amendments are commonly referred to as the 'UAE Cybercrime law'.

Pursuant to Article 21 of the UAE cybercrime laws, privacy violation can occur by the following means of interception, recording, eavesdropping, transferring, transmitting or disclosure of conversations or communications, or audio or visual materials. All of which are actionable under the said law. For instance, whoever uses a computer network or any other technology to expose a person and violate their privacy shall face a jail term of at least six months and pay a fine of not less than Dh150,000 and not exceeding Dh500,000, or either of the two penalties. Similarly, a one-year jail term and a fine of Dh250,000 to Dh500,000 can be imposed on whoever uses information systems and tech to alter or process a record, photo or scene to attack, malign or humiliate another person.

In today's times, the advent of social media particularly constitutes a very potent tool that allows sharing of data at an insurmountable pace. This brings in itself advanced challenges, as what is shared on social media is on a wide public platform. Social Media posts should therefore be made with careful consideration of the local and federal laws and regulations in the UAE.

The following point should be practiced in order to avoid potential privacy violations:

  • Photographs: Unlike in many other jurisdictions, you can get into trouble for taking photographs of others in the UAE without their consent. Such instances are considered as a privacy violation and a complaint can be filed against you under the cyber laws in the UAE for breach of privacy.
  • Privacy violation: Sharing personal information of any person online without their consent will be a breach of the UAE privacy laws. 

The UAE ensures adherence to the privacy laws through measures such as online monitoring of data and privacy violations. The Telecommunications and Digital Government Regulatory Authority (TRA) is the federal telecommunications regulatory agency of the UAE that is responsible for these measures. This agency prohibits online content that includes malicious code and other hacking measures. Illegal content is often removed or blocked, and further measures are taken the offenders again. The rule of thumb to be followed here is that taking photographs of anyone without their consent or creating, transferring, disclosing, copying or saving their photos in any form without their express consent is an actionable offence in the UAE. The rules concerning privacy violations are quite different and unique to this jurisdiction and hence can often be overlooked by ex-pats in the region. However, this practice should be avoided as the said laws are strictly applied in the UAE and ignorance of the law is not an excuse.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.