QATAR Law and Practice Contributed by: Alex Saleh, Asad Ahmad, Dean Jaloudi and Jehan Saleh, GLA & Company
1. Legal and Regulatory Framework 1.1 Overview of Data and Privacy- Related Laws Qatar introduced Qatari Law No 13 of 2016 (the “Personal Data Privacy Protection Law”, or PDPPL), which took effect in 2017. Qatar was the first country in the Middle East to introduce a dedicated onshore data protection and privacy law. The PDPPL applies to personal data that is received, collected, extracted and/or processed through electronic or traditional methods. The PDPPL aligns with the universal data protection principles, which were established as the core of the European Union’s General Data Protection Regulation (GDPR). The Compliance and Data Protection Depart - ment (CDPD) attached to the Ministry of Com - munications and Information Technology (MCIT) (previously known as the Ministry of Transport and Communications (MOTC)) published guide - lines concerning the PDPPL (the “Guidelines”) in 2021, with the aim of providing a framework for data protection in Qatar. The fundamental data protection provisions are aligned with: • the Telecommunications Law promulgated by Decree Law No 34 of 2006; • the Electronic Transactions and Commerce Law promulgated by Decree Law No 16 of 2010; • Law No 2 of 2011 on Official Statistics (as amended by Law No 4 of 2015); and • the Cybercrimes Combating Law promulgat - ed by Law No 14 of 2014.
Qatar’s data protection and privacy regime is comprised of provisions related to penalties in other laws, such as: • the Penal Code; • the Trade Secrets Law; • the Qatar Constitution; • the Labour Law; and • the Qatar Banking Regulations issued by the Qatar Central Bank (QCB). While these laws can supplement data protec - tion and privacy laws in Qatar, the PDPPL is the detailed framework for the protection of personal data in Qatar. In addition to the “mainland” or “State” system and the PDPPL described above, there is a separate legal data privacy protection regime in the Qatar Financial Centre (QFC). The QFC is a business and financial hub in Qatar that provides a legal, regulatory and tax environment distinct from “mainland Qatar”. It operates under its own legal framework and has its own independent judiciary. The key data protection legislation for the QFC is the QFC Data Protection Regulations 2021 (the “QFC Regulations”). The Data Protection Office (DPO) is an inde - pendent institution of the QFC. It is charged with administrating the QFC Regulations and all aspects of data protection within the QFC. 1.2 Regulators The CDPD at the MCIT is the key regulator in Qatar, and the National Cyber Security Agency (NCSA) is the competent department for admin - istration and enforcement of the PDPPL. It is the key authority for conducting investigations regarding cybersecurity issues, implementing and examining issues related to national cyber- risks, and conducting fieldwork solidifying resil -
344 CHAMBERS.COM
Powered by FlippingBook