QATAR Law and Practice Contributed by: Alex Saleh, Asad Ahmad, Dean Jaloudi and Jehan Saleh, GLA & Company
impose additional restrictions on electronic data processing and cybersecurity threats. 3.3 Rights and Obligations Under Applicable Data Regulation The authors are not aware of any legislation in
ognised under the PDPPL and will mostly be deemed as invalidly taken. The following information must be included in all electronically shared communications: • the identity of the sender; • an indication that the message is sent for a purpose of direct marketing; • a reachable and searchable address; and • a communication platform enabling the cus - tomer to request withdrawal of its consent and complete seizure of all upcoming com - munications. 4.3 Employment Privacy Law Currently, there is no freedom of information leg - islation in the State of Qatar – a step being dis - cussed by most practitioners. In the same vein, the focus is on organisations and employers who would need to display that permission was duly received from employees for the assessment and collection of their personal sensitive and classified data. According to the PDPPL, workplace privacy rules strictly provide for a solid framework for protecting an employee’s privacy. Thus, organi - sations must provide proof or evidence that they have a permitted reason as well as an additional condition to process their employees’ personal data (SISCO systems, telephone or PC monitor - ing, GPS). Employers will also need to conduct DPIAs when processing employees’ personal data, as this is considered an example of pro - cessing that “may cause serious damage” by the CDPD. On 24 May 2021, the Ministry of Administra - tive Development, Labour and Social Affairs (MADLSA) launched the first phase of the Unified Platform for Complaints and Whistle-blowers.
Qatar with respect to IOT services. 3.4 Regulators and Enforcement See 1.2 Regulators .
4. Sectoral Issues 4.1 Use of Cookies
According to the Guidelines, controllers may use “cookies” on an individual’s web browser to target direct advertisement messages towards the individual. Such cookies should be deployed only after the individual has “opted in” – ie, has clicked “accept” to allow such direct market - ing cookies to be deployed on the individual’s browser. Controllers may collect individuals’ email addresses on a web page of the controller’s website. The controller must make it clear, on the web page, that if the individual provides their email address in that instance they are providing their consent towards receiving direct marketing emails until they withdraw their consent. 4.2 Personalised Advertising and Other Online Marketing Practices Article 22 of the PDPPL and its Guidelines explicitly prohibit unsolicited direct marketing or marketing communications. Prior consent to send electronic marketing communications is required, including by wired or wireless com - munication. The PDPPL recognises that the consent must be explicit and unambiguous. It is worth noting that implied consent is not rec -
351 CHAMBERS.COM
Powered by FlippingBook