Data privacy laws are what people generally don’t know most about. And often this negligence costs them more than they can even think of. This is where the authorities have taken advancing steps to ensure strong data privacy laws. This will help regulate the ones collecting them without having any security checks.
Many websites collect the information and data of the users. Sometimes the user submits, or, they naturally collect it using different technologies. Many times the users are not properly aware of.
The need to collect data is an important step for these websites and other platforms. They naturally need this data and information to share with different business owners. Then they will be using it to market their products and services. This is how several businesses are increasing their potential customer base; hence, the business is continuously growing.
Where many users don’t even know that some website is collecting their information. Several exist who know exactly how the sharing and exploitation of data happens at times. The authorities of the UAE passed their first-ever Federal Data Privacy Law in January 2022. The goal is to align this passed law with the global privacy regulation.
PDPL – Personal Data Protection Law, regulates the data protection for websites and companies operating in or serving data subjects. With this law in place, a legal framework ensures the security and privacy of personal information. The fundamental reason for the creation, deployment and implementation of this law is to design and protect the people. While empowering everyone with data privacy rights to reframe the way organizations explain data security and privacy requirements.
5 Things to Know about Data Privacy Law in UAE
Rules and regulations in the UAE are safety and security of the citizens and residents. Having said this, data privacy concerns have been increasingly surging. The best advocates in Dubai will walk you through everything regarding the UAE’s new data privacy law.
Privacy Protection in UAE’s Civil Law
The Civil Code of the UAE, stating it clearly in Federal Law no. 5 of 1985, authenticates that a breach of data privacy entitles the object to seek reimbursement from the company or website under civil law. The victim also has the right to request to cease this deliberate act of violation.
Moreover, the Civil Law also states that if a party’s privacy invasion remains unjustified. It is an ‘unfair act’ under the constitutional placement as per the Civil Code. This may also increase the chances of a common activity for harm. Additionally, the Civil Code also clarifies that any damage to a person from this data breach is illegal. And the company will have to compensate the victim.
Data Privacy Law under UAE’s Penal Code
When we view the data privacy law consideration under UAE’s penal code. The Federal Law no. 4 of 1987, we come to know that serious punishments and penalties are in place. It punishes the ones violating the law and infringe on the privacy by collecting data.
With Article 378 of the UAE’s Penal code, anyone involving an individual or a company that approaches or attempts to invade any other person’s information for publicizing the data will have to bear strict circumstances.
Moreover, the Penal Code also forbids anyone to distribute the exclusive issues of anyone. They do not have permission to give authorization to others to utilize the information. Violation of these set and placed rules will result in hefty fines and detainment.
Privacy of Data under UAE’s Cyber Crime Law
Upon viewing and discussing the Cyber Crime Law on data privacy, Federal Law no 2 of 2018 is in place, also known as the Amending Decree. The law is in place to combat, deal with, and control the violations that are happening in the IT sector. The rule has cleared that strict punishments are in place for preparing, overseeing, running, or distributing the electronic data used for terrorist organizations and illegal activities. This rule also indicates and clears this strict detainment and fines that are for the violators, for example;
• A detainment of 5-year with a fine of 2,000,000 AED.
• A detainment of 10-25 years with a double fine of 4,000,000 AED.
Exemptions on Data Privacy Law
There are some exemptions to the data privacy law that you must keep in mind. In case of these, the data privacy rules do not hold any imposition seriousness. These include;
• For the data in which the data is managed or generated by the Governmental bodies, institutions, and sectors.
• For the governmental bodies and institutions that process of control personal data for use.
• An exemption is also for the companies operating in free-zone that are already subject to data protection legislation.
• It also includes the security and judicial authorities who have access to personal process data.
• The exemption is also for the personal health data already subjected to data protection legislation.
• It also includes the banking and credit personal data subject to legislation regulating data protection and processing of laws.
• It also involves the individuals who process data-related issues for personal purposes.
What are the Options Left for Companies?
Companies collecting the data and information of their users should bring a paradigm shift in their business model to process personal data and impact businesses across industries. Having said this, here are some considerations that companies can get to comply with the laws;
• The new PDPL of January 2022 demands excellent visibility and control of the private and personal data that is being collected. The people managing the information must follow some of the requirements, including privacy notices, maintaining records, and fulfilling a subject request that the user has agreed to.
• Individuals and companies also have to ensure and process legitimate and fair processes.
• Onboarding third parties on your business venture ought to be assessed and redefined. This will make clear that they cannot violate the rules set by PDPL.
• Every business collecting information must have to justify consent from their users as it has been made mandatory for explaining processing activities.
• The new law also demands that businesses report data breaches or violations of information and data that they have of people and how it will impact the security and confidentiality of the people.
The Final Thoughts
The new law in the UAE is to achieve 100% compliance, and all businesses must adhere to the policy and guidelines set. This is how the UAE residents will be completely satisfied that their data and information are always protected and wouldn’t be manipulated for that.
