Social media has given us the opportunity to communicate and to interact without the need for physical meetings. It has enabled the business meetings, social interaction and the accelerated information sharing online with a click of a button.

This continuous development in the recent years has given the ability to businesses to utilize new and innovative systems. In the meantime, many apps have raised a huge argument on data privacy as it had eased the process of data collection. Everything you post publicly and, in some cases, privately are being collected, stored and analyzed by a third party. It has been reported that in 2022 there has been 56% of the 22 billion data breaches and leaks all over the world.

What is the UAE Data Protection Law?

The United Arab Emirates (UAE) has implemented several laws and regulations to protect the personal data of its citizens and residents. The law governing data privacy in the UAE is Federal Law No. 2 of 2019 on the Protection of Personal Data (the "Data Protection Law").

The UAE Data Protection Law in Article 2 has defined the personal data as "any information that relates to an individual and by which that individual can be identified, directly or indirectly, including, but not limited to, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual". This definition is similar to the one determined by the EU GDPR which serves as a model for many data protection laws around the world. The aforementioned law applies to any entity that processes personal data, including government bodies, companies, and individuals. It covers the collection, use, storage, and transfer of personal data.

One of the main objectives of the UAE Data Protection Law is to assure that personal data are being collected and processed in a lawful and fair manner, additionally to maintain the right of individuals to be informed of how their data will be used, as the UAE Data Protection Law includes provisions for the rights of individuals alerting them to their personal data, such as the right to access, correct, and delete their data.

How to Comply with the Law?

The UAE Data Protection Law requires entities that process personal data to appoint a data protection officer and implement appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, or destruction.

The Businesses operators in the UAE are obligated to comply with the Data Protection Law and other regulations to ensure they are processing personal data in a lawful and fair manner, and to protect individuals' rights with regards to their personal data.

It is important to highlight that the aforementioned law has given the individuals the control over their personal data allowing them to take steps to ensure that their data is accurate and up to date represented specifically in Article 6, which establishes the rights of data subjects, including the right to access, correct, and delete their personal data, as well as the right to object to the processing of their personal data.

Lastly, it is worth mentioning that the Jurisdiction of the said law is not limited to the businesses located in the UAE. Article 2 from the Federal Law No. 02 for the year 2019 defines the scope of the law and states that it applies to all natural and legal persons that process personal data, whether they are located inside or outside the UAE, as long as the data relates to an identified or identifiable natural person who is present in the UAE, this highlights the jurisdiction of the law and the fact that it can apply to entities not based in UAE but handling data of UAE citizens or residents.

UAE Data Protection Law Compared to EU GDPR and U.S Data Protection Laws

The UAE Data Protection Law, Federal Law No. 2 of 2019 on the Protection of Personal Data has similarities with the European Union's General Data Protection Regulation (GDPR) in terms of the protection of personal data and the rights of individuals with regards to their personal data. Both laws have provisions for the collection, use, storage, and transfer of personal data, as well as provisions for the rights of individuals such as the right to access, correct, and delete their data. Both laws also require entities that process personal data to appoint a data protection officer and implement appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, or destruction.

Additionally, the EU GDPR applies to all data controllers, meanwhile the UAE Data Protection Law applies to both data controllers and data processors.

In general, the UAE Data Protection Law is similar in many ways to the GDPR but there are some differences in scope and application.

The (UAE) Data Protection Law and the United States (U.S) data privacy laws have similarities and differences in terms of protecting personal data and the rights of individuals with regards to their personal data which mainly are presented as follows:

Similarities:

  • Both laws have provisions for the collection, use, storage, and transfer of personal data.
  • Both laws also require entities that process personal data to implement appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, or destruction.
  • Both laws have provisions for the rights of individuals such as the right to access, correct, and delete their data.

Differences:

  • The U.S does not have a federal data protection law, instead it has a sectoral approach with different laws for different sectors such as health, finance, and education, also there are state laws that regulate data protection.
  • The UAE Data Protection Law applies to entities that process personal data of UAE citizens and residents, regardless of where the entity is located, while the U.S laws apply only to US citizens and some specific sectors.
  • The UAE Data Protection Law has a higher level of fines and penalties for non-compliance than the U.S laws.

In summary, the UAE Data Protection Law guarantees a higher level of security with a lower cost, and sustainable value. Its also a key for scaling guidelines by regulating penalties, punishments and precautionary measures on data processors.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.