Ephemerallaw: Dubai First Arab Nation to Adopt Data Protection Law

Tuesday, June 12, 2007

Dubai First Arab Nation to Adopt Data Protection Law

On May 29, 2007, the Data Protection Commission of Dubai issued an Enforcement and Compliance Notice. It directs all DIFC entities, whether or not regulated by the Dubai Financial Services Authority, to register with the Commissioner of Data Protection by June 30, 2007, and to comply with all aspects of the Dubai Data Protection Law. Companies failing to comply will be subjected to fines and penalties.

In January, 2007, the Data Protection Law 2006 became effective, which applies in the jurisdiction of the Dubai International Financial Center (DIFC). The law regulates and protects individuals’ “personal information,” and will have immediate implications for companies operating in Dubai, especially those companies that transfer data from one office to another in different jurisdictions. “Personal information” is defined broadly as “any information relating to an identifiable natural person.” The law also protects “sensitive data” such as information about a person’s political affiliation or racial identity.

The most significant provisions of the Dubai Data Protection Law concern international transfer of data, governing the transfer of personal information out of the DIFC to other countries. It requires that those recipient countries provide “an adequate level of protection” for the personal information, which is the same as the standard imposed by the EU Data Privacy Directive. Transfers of personal information to countries without such protection (including the United States) are permitted only with the consent of the newly appointed Commissioner of Data Protection. The regulations, which became effective in March, 2007, do not specify which countries qualify as having an “adequate level of protection,” however, although it is anticipated that the DIFC will simply adopt the list of the EU “certified” countries.

The regulations also provide for an application process to obtain a permit to process information out of the DIFC to a country that does not provide an adequate level of protection. There are other stated conditions to the transfer of personal information, such as the written consent of the data subject, or that the transfer is necessary or legally required on grounds important in the interests of the DIFC.

No comments:

Post a Comment

Privacy Statement

The authors value the privacy of their blog viewers. This site does not currently collect personal identifying information ("PID"), except: (1) to the extent that your browser provides PID, like your e-mail address or the site you linked from, to this site's server; (2) to the extent that you provide PID to this site in an e-mail; and (3) to the extent that you provide PID to this site in a CGI form (for example, when you complete a search request on this site’s “Search this Site” search feature. Your PID will be used only for the specific purpose for which you submitted the PID, except that it may be used in an aggregated form to gauge the popularity of this site. "Cookies" are pieces of information that some web sites transfer to the computer that is browsing that web site, and are used for record-keeping purposes at many web sites. Use of Cookies performs certain functions such as saving your passwords, lists of potential purchases, and your personal preferences regarding your use of the particular web site. This site uses Cookies to gather anonymous traffic data. Your browser is probably set to accept Cookies. However, if you would prefer not to receive Cookies, you can alter the configuration of your browser to refuse Cookies. This site contains links to other sites. The authors and their employers do not share your personal information with those sites and are not responsible for their privacy policies. We encourage you to learn about the privacy policies of those entities. Children under 13 years old are not the target audience of this site. To protect their privacy, the authors prohibit the solicitation of personal information from these children. The authors reserve the right to change this Privacy Policy at any time by posting a new privacy policy at this location. You can e-mail any further questions to wmorriss@fbtlaw.com.

Disclaimer

This site is provided for informational purposes only. The views expressed herein are solely those of the authors and should not be attributed to their employer or their clients. These materials do not constitute legal advice and do not create an attorney-client relationship between you and us. Please note that you are not considered a client until you have signed a retainer agreement and your case has been accepted by us. This site should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Got it? THIS SITE IS "AS IS." WE MAKE NO REPRESENTATIONS AS TO THE ACCURACY, TIMELINESS OR COMPLETENESS OF THE STUFF HERE AND YOU SHOULD NOT RELY UPON IT. USE AT YOUR OWN RISK. WE EXPRESSLY DISCLAIM ALL WARRANTIES. This may be an advertisement. Your mileage may vary. Past performance does not guarantee future returns. Do not run with scissors. NOTE: This disclaimer is largely taken from the established and extremely well written blog Patent Baristas.

Ephemerallaw

Tuesday, June 12, 2007

Dubai First Arab Nation to Adopt Data Protection Law

No comments:

Useful Resources

Blog Archive

Contributors

Other Sites

Privacy Statement

Disclaimer