UAE introduces a New Data Protection Law

On November 27 2021, the President of the United Arab Emirates (“UAE”), His Highness Sheikh Khalifa bin Zayed Al Nahyan approved Federal Decree Law No 45 2021 Pertaining to Data Protection (the “Data Protection Law”) as part of a wide-ranging reform of the country’s legal system. These legislative reforms aim to strengthen commercial, economic and investment opportunities in the UAE. They also aim to maximise security, social stability, and the protection of the rights of institutions and individuals alike.

The Data Protection Law is the first ever comprehensive data privacy and protection law to be issued in the UAE and aims to create a framework that ensures proper governance of data management. This is designed to maintain the confidentiality of information and protect the privacy of community members. Additionally, the Data Protection Law clearly defines the rights and duties of concerned parties. The provisions of the Data Protection Law apply in the UAE and to the processing of personal data outside the country.

Under the Data Protection Law the processing of personal data is prohibited without the consent of its owner. The Law does provide some exceptions to this general rule such as where processing is necessary to enable any legal rights and procedures or where processing is necessary to protect public interest. Furthermore, the requirements for the cross-border sharing and transfer personal data for processing purposes are set out in the Law.

The Law is one of the initiatives to be implemented under the recently published “Principles of the 50”, a charter of 10 strategic principles that will guide the political, economic and social development of the UAE for the next 50 years.