With the increasing dominance of technological giants in the market, such as Google, WhatsApp, etc, the protection of our sensitive personal data has become a critical issue. While surfing through a website or making a payment through an e-commerce platform, our personal data, including contact details, bank account address, etc. are used.As suggested by top lawyers of Dubai, though these websites provide an assurance that our data is protected, this is not always the case in reality. Nowadays, we often come across such incidents wherein our personal information is being stolen and put to some mischief. In order to curb this increasing menace, the UAE government has introduced the Federal Law No. 45 of 2021 relating to the Protection of Personal Data. In this article, we will discuss the major highlights of this new law with the help of the best lawyers of UAE.
Highlights of UAE Data Protection Law
This new law, which came into force on 2nd January, 2022, has various key ingredients to elaborate in detail. These ingredients are explained by taking cues from the top lawyers of USE
1. Extra-Territorial scope
The application of this new law is extended to both the types of companies;
- A registered company of UAE processing Personal data overseas;
- An overseas company processing personal data within UAE
However, the jurisdiction is not accorded by the legislation relating to the government entities, personal data already regulated by Abu Dhabi Global Market (ADGM) or Dubai International Financial Centre (DIFC) data protection laws.
Data processing Controls
In the new law, the processing mechanism of personal data is in line with the best Industrial standard, such as the GDPR in the European Union (EU). While processing, one of the essential conditions is that the process must be fair, transparent, and lawful in nature. The personal data should be taken only to the extent of basic requirements stipulated under the new law. Further, personal data must not be retained after the purpose of processing has been fulfilled, unless it is anonymised
The importance of consent
In the new law, it is explicitly provided that for processing the personal data, the consent of the user must be obtained. For constituting a valid consent, the following elements should be satisfied
- The data controller must be able to prove custom
- The consent must be simple, clear and unambiguous.
- The consent may be either in writing or electronically
Data subjects
The new law conferred various kinds of rights to the data Subjects, such as
- Accessing the personal data from a controller
- Transferring of the data
- Restricting the processing mechanism in certain situation.
- Filing objections to various kinds of data processing
Data transfer
In the new law, a well dedicated mechanism is set up to facilitate the transfer of personal data outside the UAE where the Data Office has approved a country or territory as having specialised personal data protection. However, if it appears that an adequate level of data protection is not available, the transfer would be governed by an agreement having all the necessary provisions.
The penalties for non-compliance with this new law will be in accordance with the Executive Regulations, which are due to be released in March 2022.