QATAR Law and Practice Contributed by: Alex Saleh, Asad Ahmad, Dean Jaloudi and Jehan Saleh, GLA & Company
Through the electronic platform, citizens, expa - triates and establishments can file a complaint against entities subject to the provisions of Qatar Labour Law No 14 of 2004 and the Domestic Workers Law promulgated by Law No 15 of 2017, or against entities with business regulated by the MADLSA. 4.4 Transfer of Personal Data in Asset Deals The PDPPL does not contain explicit provisions regarding data transfers during M&A or asset deals. However, data controllers must comply with the core principles of consent and lawful processing, ensuring that personal data is trans - ferred in line with the PDPPL’s transparency and data minimisation requirements. 5. International Considerations 5.1 Restrictions on International Data Transfers Trans-border data flow is defined under the PDPPL as accessing, viewing, retrieving, using or storing personal data without border con - straints. The PDPPL provides that data control - lers should not take measures or adopt proce - dures that may restrict or prevent trans-border data flow, unless processing such data violates the provisions of the PDPPL or will cause gross damage to the data subject. More specifically, the law reserves the right for governmental bodies to determine that this prin - ciple, among others, does not apply to certain categories of data they process, based on the
• the economic or monetary interests of the State; or • the prevention or investigation of criminal offences. A trans-border data flow may occur where the data exporter is: • performing a task pertaining to the public good; • executing a court order; • protecting the vital interests of the individual; • meeting the objectives of scientific research; or • collecting information to investigate a crime when requested by officials. Qatar is yet to enter into mutual legal assistance treaties (MLATs) or bilateral treaties to ensure appropriate involvement of the authorities in countries where the data is stored. 5.2 Government Notifications and Approvals Situations where a notification or approval would most likely be required to transfer data internationally or to carry out cross-border trans - fer would be in the context of QFC transfers. In principle, the QFC does not maintain a list of “adequate” jurisdictions. However, in certain circumstances, when the recipient in a country is not deemed to have an adequate level of pro - tection for personal data, this would essentially require obtaining a permit for the transfer and the data controller would apply certain safeguards in accordance with Article 10(1)(a) of the QFC Regulations. 5.3 Data Localisation Requirements From an operational perspective, according to the Communications Regulatory Authority (Qatar’s telecommunications and digital services
following grounds: • national security; • international relations;
352 CHAMBERS.COM
Powered by FlippingBook