UAE Law and Practice Contributed by: Saifullah Khan and Saeed Hasan Khan, Bizilance Legal Consultants
Objective/Scope The IOT policy encompasses the following objectives: • ensuring secure IOT services; • addressing reasonable demands for IOT services; • promoting continuous innovation in IOT; • efficiently managing limited resources; • safeguarding the rights and interests of IOT users; and • offering transparency to facilitate IOT market growth. Obligations Any service provider providing IOT is under an obligation to follow UAE telecommunications laws, regulations and the IOT policy. The IOT service provider has to register with the TDRA and obtain an IOT service provider registration certificate. IOT service providers need to have a local pres - ence or must appoint a representative to have a point of contact with the TDRA. Service providers must ensure that the service they provide is adequate and reliable. For personal data processing and storage, the IOT service provider must follow the principles of purpose limitation, data minimisation and stor - age limitation. Secret, sensitive and confidential data of indi - viduals and businesses must be stored within the UAE. However, it can be stored outside the country when such data offers adequate or exceeded security. Secret, sensitive and confidential data of the government will remain in the UAE.
The service provider has to use encryption standards. Data processors/service providers must establish technical measures towards ena - bling inspection of stored data. IOT services in the UAE are also regulated by Federal Decree Law No 3/20023 (the “Telecom - munications Law”), under which different penal - ties apply for contravention of the law. Defiance of or non-compliance with the IOT policy by IOT service providers or users shall be taken as a breach of the UAE Telecommunica - tions Law, and may be penalised by the TDRA. 3.2 Interaction of Data Regulation and Data Protection The UAE has a set of data privacy laws that are applicable in the federal domain and special economic zones (the ADGM and DIFC). Federal Decree Law No 45 of 2021 is applicable in the mainland and derives from general data protection law. The DIFC free zone includes DIFC Data Protec - tion Law No 5 of 2020, which is also in align - ment with the General Data Protection Regula - tion (GDPR). The ADGM free zone includes the ADGM Regu - lations. These data privacy laws are largely in line with global data privacy laws (such as the GDPR) but are also custom-made in accordance with local requirements and traditions. Apart from these dedicated data privacy laws, certain sectoral laws provide protection to con - sumers with respect to data privacy.
500 CHAMBERS.COM
Powered by FlippingBook