UAE Moves to Regulate Data Privacy

The United Arab Emirates (UAE) this week announced plans to move forward with a federal data privacy protection law. Aptly titled the Data Protection Law, the proposed legislation is the first of its kind in the UAE, and comes out of a charter of ten strategic principles called the “Principles of 50,” which are designed to guide socioeconomic and political development in the country over the next 50 years.

In a statement to National Law Review, Omar Al Olama, the UAE Minister of State for Digital Economy, AI and Remote Working System, said that the legislation will “guarantee personal privacies and the ability for the private sector to grow, innovate, and prosper. It gives individuals the right to be forgotten, the right of access, the right of correction, and the right to be informed.” Consumers will also gain the right to consent to the ways in which their data is used.

The legislation represents an alignment with data privacy laws in other countries, and will give the UAE more freedom to participate in data transfers with states like the European Union, which has stringent data security standards for exchanging data with “third countries.”

That said, the law–while designed to protect consumer and institutional data and limit profiting from data–is not projected to be as strict as the EU’s General Data Protection Regulation. Al Olama said to The National that “It’s a law that has the lowest cost of compliance – we don’t want to be a burden on SMEs and we don’t want it to be an increased burden on commercial companies.”