New Data Protection Law in the UAE

Answering corporate needs while ensuring individuals’ right to privacy

In the weeks to follow, the UAE will deploy its new Data Law – as part of the country’s ‘Project of the 50’ initiative. The new data law was drafted taking into consideration all other standard data protection regulations including the GDPR, the UK Data Protection Act, the DIFC Data Protection Regulation and its ADGM alternative. It is among the first federal laws to be drafted in partnership with major tech companies.

The law aims to strike a balance between an individual’s right to control the use and dissemination of their personal information, while also enabling private enterprises to monetise such personal information to grow and innovate. Under the new law, individuals have the right to access, the right to be forgotten, the right to correction, and the right to be informed. The law, in recognizing the needs of the private enterprises, also allows for the monetisation of personal data as long as there is consent on the part of the individual.

The Minister of State for Artificial Intelligence, Digital Economy and Remote Work, Omar Al Olama, maintains that the new data protection law will allow for the seamless cross-border transfer of data for international companies in the UAE. By ensuring a low cost of compliance, the law will also ensure that SMEs are not burdened.

The new law comes as part of the UAE’s ‘Projects of the 50’ – which involves a multitude of developmental initiatives aimed at bolstering the country’s growth. Interestingly, the new law will be enacted in time for the upcoming EXPO 2020 which begins in early October. While the EXPO will be a hub for creation and collaboration with the international community, the new law will be able to address the data protection concerns that may follow. With the UAE’s focus on innovation in the digital economy, the new data law is one among a series of digital initiatives created to prepare the UAE for the future. 

If you wish to discuss this new law or the newly launched “10 Principles of the 50” and any other data protection-related matters, please feel free to contact:

Raka Roy
Head of IP and Data protection