KUWAIT Law and Practice Contributed by: Sam Habbas, Luis Cunha, Hisham Al-Quraan and Mustafa Sayed, ASAR – Al Ruwayeh & Partners
7.5 Others While certain laws protect trade secrets (eg, the Companies Law restricts directors from sharing company secrets), there is no formal registry for such information. While a database can enjoy protection under the Copyright Law, depending on its nature, the authorities have not issued a directive as to the basis on which software is protected. Depending on the type/format of the software, possible argu - ments can be made that it should be protected under copyright or as a patent. In this regard, the Copyright Law expressly provides for the protec - tion of “computer programs” but, as provided in 7.1 Patents , the Patent Law states that patents ”shall be granted in accordance with the provi - sions of this Law for any new invention which is utilisable in industry, whether it concerns a new industrial product, original industrial process and techniques or a new application of know indus - trial process or techniques” (informal translation), and it is conceivable that certain software could also satisfy this language in the Patent Law. Data protection considerations and restrictions are addressed in various laws of Kuwait, includ - ing: • the Kuwaiti Constitution; • the Electronic Transactions Law (the “ET Law”); • Law No 37 of 2014 on the Establishment of the Communications and Information Tech - nology Regulatory Authority (CITRA); • the Evidence Law; • the Right to Access Information Law and its implementing regulations; 8. Data Protection 8.1 Applicable Regulations
• Law No 9 of 2019, Concerning the Exchange of Credit Information and its implementing regulations; • various resolutions/regulations issued by CITRA, such as: (a) CITRA Resolution No 26 of 2024 on the Regulations of Data Privacy Protection (DPR); and (b) the Cloud Computing Regulatory Frame - work (“Cloud Regulations”) issued by CITRA; • Decree No. 37 of 2022 regarding the estab - lishment of the National Cyber Security Center (NCSC); and • various resolutions/regulations issued by the NCSC, such as: (a) Resolution No 7 of 2023, “Concerning the Classification of the Electronic Data”; and (b) Resolution No 35 of 2023, “Concerning the National Framework for Cybersecurity Governance”. With respect to data protection generally, the ET Law applies to all records and information recorded electronically relating to civil, commer - cial and administrative transactions, unless the parties agree otherwise. Regarding the collec - tion, use and disposal of personal information, the ET Law provides that, except as otherwise authorised, all government and private entities may not unduly or illegally disclose any personal data documented in electronic form unless and until it has been agreed to by the data subject. These restrictions on the collection, use and dis - posal of personal data and items that may be considered as personal data are further expand - ed upon in the provisions of the DPR and the Cloud Regulations. However, the DPR and Cloud Regulations are more specific in the application and considered sectoral resolutions that apply only to regulated entities which are operating in
450 CHAMBERS.COM
Powered by FlippingBook