1 / 10

AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC

AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC. NICK O’CONNELL, Senior Associate – TMT. JUNE 2013. DATA PROTECTION QUERIES: TYPICAL SCENARIOS. General compliance with global corporate policies Transfer of employee data to centralised HR/pension function located abroad

Download Presentation

AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC NICK O’CONNELL, Senior Associate – TMT JUNE 2013

  2. DATA PROTECTION QUERIES: TYPICAL SCENARIOS • General compliance with global corporate policies • Transfer of employee data to centralised HR/pension function located abroad • Disclosure of employee information in M&A context • Collection and use of client information for marketing • Release of information in response to requests from authorities (including foreign authorities)

  3. DATA PROTECTION LANDSCAPE IN THE GCC • No pan-GCC laws governing data protection • No national laws specifically focussing on data protection

  4. DATA PROTECTION LANDSCAPE IN THE GCC • Broad provisions protecting privacy generally: • eg. Constitutional protection • eg. Criminal law protection • UAE Penal Code, Article 379: "… any individual who by reason of his profession, craft, situation or art is entrusted with a secret and who discloses it in cases other than those permitted by the law, who uses it for his own advantage or another person's advantage … Shall be punishable by confinement for a minimum period of one year and by a fine of at least twenty thousand dirhams or by one of these two penalties … all this unless the individual to whom the secret pertains has consented that it be disclosed or used.“ • All the GCC countries have provisions of this nature.

  5. DATA PROTECTION QUERIES: TYPICAL SCENARIOS • General compliance with global corporate policies • Transfer of employee data to centralised HR/pension function located abroad • Disclosure of employee information in M&A context • Collection and use of client information for marketing • Release of information in response to requests from authorities (including foreign authorities)

  6. DATA PROTECTION LANDSCAPE IN THE GCC • Specific provisions protecting personal data (or privacy) in certain contexts: • eg. patient data; health insurance information • eg. credit information • eg. telecommunications; spam email • eg. hacking; defamation; breach of privacy • Specific data protection laws/regulations applicable in specific local jurisdictions: • eg. DIFC, DHCC, QFC

  7. Oman: Electronic Transactions Law (Royal Decree 69/2008) • Article 45: • Any person who controls any personal data by virtue of his job in electronic transactions shall, before processing such data, notify the person from whom it is collected by a designated notice of the procedure he is following to protect that data. These procedures shall include an identification of the person responsible for processing the data, the nature of the data, and the purpose, methods and locations of processing and all information necessary to ensure secured data processing • Subsequent provisions of the law provide for: • the data subject to access and update personal information, • a restriction on a data controller’s ability to process personal information if such processing will cause damage to the data subject, • the requirement to consider the security of personal data being transferred outside Oman.

  8. Qatar: Electronic Commerce and Transactions Law (No. 16 of 2010) • Article 59: The service provider shall: • Shall identify, at or before collection of such information, the purposes for which personal information about the customer is collected; • Shall not (except as permitted or required by law, or with the consent of the data subject) collect, use, retain or disclose customer personal information for undisclosed or unauthorised purposes; • Shall be responsible for any records of customer personal information or any records of customer electronic communications, in the custody or control of the service provider or its agents; • Shall take reasonable steps to ensure that the personal information of the customer and related records are protected by security safeguards that are appropriate to their importance.

  9. DATA PROTECTION IN THE GCC: WHAT NEXT? • Qatar – draft Personal Information Privacy Protection Law? • UAE? • Elsewhere in the GCC?

  10. Thank you

More Related