SAUDI ARABIA Law and Practice Contributed by: Alex Saleh, Asad Ahmad, Shahad Al Humaidani and Khaled Al Khashab, GLA & Company
1.6 Interplay Between AI and Data Protection Regulations Please see 1.5 AI Regulation .
regulate data processing and the security of data transfers internationally. In addition, KSA’s Anti-Cybercrime Law, enacted in 2007, plays a significant role in privacy pro - tection. Recent trends under this law highlight an increased focus on privacy protection in the digital space. This includes heightened penal - ties for privacy violations, and the law continues to evolve in line with technological advance - ments. In 2024, the government enhanced its monitoring of online platforms, with an increas - ing number of cases involving cybercrime, such as hacking, illegal data interception and online harassment. 2.2 Recent Case Law Since the PDPL was enacted in 2023, there has not yet been a significant body of related case law in KSA. Data privacy litigation remains relatively sparse at this stage. The SDAIA has primarily been handling regulatory enforcement, such as investigations and fines related to data breaches and violations of consent. As a result, administrative actions have been the dominant approach to addressing privacy violations, rath - er than court rulings. However, as businesses fall under more scrutiny for data protection compliance and data sub - ject rights, it is expected that privacy-related lawsuits will increase. This could mirror trends seen in the EU with the GDPR, where Articles 82 and 83 have shaped jurisprudence concern - ing compensation for violations. As more cases are brought before the courts in KSA, a similar approach to compensation and penalties may be seen, particularly in relation to data subject harm. For now, regulatory bodies such as the SDAIA and NDMO continue to enforce the law, and
2. Privacy Litigation 2.1 General Overview
As of January 2025, privacy-related litigation in KSA is still in its infancy. There have been no notable lawsuits related to the PDPL. However, complaints and regulatory actions related to data breaches or violations of consent are start - ing to emerge. Currently, most actions related to privacy protec - tion are managed by the SDAIA and the NDMO, which investigate complaints and enforce com - pliance with the PDPL. Instead of litigation, reg - ulatory fines and investigations have been the primary mechanisms used to address violations. As data protection awareness continues to rise and the enforcement of the PDPL strengthens, it is likely that litigation will increase. Businesses are expected to face greater scrutiny regarding data breaches and violations of data subject rights, which may lead to more litigation related to compensation or damage claims in the future. The SDAIA handles all complaints related to the PDPL, and its role will be critical in shaping the future of privacy-related litigation in KSA. The PDPL aligns with global privacy standards, particularly the GDPR, ensuring protection for cross-border data transfers. KSA’s data pro - tection framework reflects international norms, ensuring that data processed within and outside KSA is appropriately safeguarded. The influence of the GDPR can be seen in how Saudi laws
360 CHAMBERS.COM
Powered by FlippingBook