UAE Law and Practice Contributed by: Saifullah Khan and Saeed Hasan Khan, Bizilance Legal Consultants
2.2 Recent Case Law Okadoc Technologies Limited (21 May 2024) The violation involved failure to comply with a data subject’s access request, breaching indi - vidual rights. The penalty was a USD20,000 fine under the ADGM Regulations. Adequate pro - cesses were lacking for identifying, facilitating and fulfilling the access request. VentureRock Global Limited (23 June 2023) The violation involved deficiencies in data secu - rity, policies and procedures. The ADGM Com - missioner of Data Protection found that poor cybersecurity practices due to human error, inadequate training, and lack of proper policies and procedures contributed to the violation. 2.3 Collective Redress Mechanisms Collective redress, as defined and practised in the EU and other jurisdictions, is not as clearly outlined or widely implemented in the UAE with respect to personal data privacy. 3. Data Regulation on IoT Providers, Data Holders and Data Processing Services 3.1 Objectives and Scope of Data Regulation The TDRA has issued a regulatory policy on the Internet of Things (IOT). This policy shall be applicable to all persons connected with IOT within the UAE, including but not limited to: • licensees; • IOT service providers; and • IOT service users, including individuals, busi - nesses and the government.
Although neither the ADGM nor the DIFC has enacted laws specifically dedicated to AI, both have incorporated AI-related considerations into their existing data protection and govern - ance frameworks. These provisions ensure that AI applications in financial services are used responsibly, ethically and in accordance with data protection standards. 1.6 Interplay Between AI and Data Protection Regulations AI regulation in the UAE has a significant impact on data protection, with the introduction of guidelines and safeguards that ensure the ethi - cal and secure use of personal data. The inter - play between AI-specific initiatives and general data protection laws creates a robust framework for addressing the challenges posed by AI tech - nologies. AI technologies often involve automated deci - sions and profiling, which can significantly impact on individuals. The UAE’s Federal Decree Law No 45 of 2021 on personal data protection requires explicit consent for such processing. Individuals have the right to contest decisions made solely through automated means, enhanc - ing data subjects’ rights.
2. Privacy Litigation 2.1 General Overview
As discussed in 4. Sectoral Issues , the ADGM Commissioner of Data Protection has issued a direction in two different cases with respect to contravention of the ADGM Regulations, though in this regard no active litigation occurred with respect to privacy.
499 CHAMBERS.COM
Powered by FlippingBook