UAE Law and Practice Contributed by: Saifullah Khan and Saeed Hasan Khan, Bizilance Legal Consultants
3.4 Regulators and Enforcement Please see 1.2 Regulators .
Financial Sector The Central Bank has issued the following regu - lations: • consumer protection standards, which govern the disclosure of consumers’ data, transpar - ency with respect to consumer’s data collec - tion, and protection of consumer’s data and assets; and • Federal Decree Law No 14 of 2018, concern - ing the Central Bank and the regulation of financial institutions and activities (regulates the protection of customers of licensed finan - cial institutions). Telecommunications Sector The TDRA has issued the Consumer Protection Regulation, which gives protection to the privacy of subscribers’ information. Healthcare Sector In the realm of data privacy, the healthcare sec - tor is governed by Federal Law No 2 of 2019 on the use of information and communications technology (ICT) in health fields. The law ensures the security and safety of health data and infor - mation. Cybersecurity Federal Decree Law No 34 of 2021 on combat - ing rumours and cybercrime integrates data pro - tection measures into cybersecurity frameworks. All these sectoral laws have as a common ele - ment the safeguarding of consumers’ personal data, health data, financial data and subscriber information. 3.3 Rights and Obligations Under Applicable Data Regulation Please see 3.1 Objectives and Scope of Data Regulation .
4. Sectoral Issues 4.1 Use of Cookies
While no specific law regulates the use of cook - ies in the processing of personal data, existing personal data protection laws apply to their collection and use. Consent must be explicitly obtained from data subjects before cookies are utilised, and they must be provided with clear and accessible options to opt out of cookie, usage. 4.2 Personalised Advertising and Other Online Marketing Practices The UAE Law confers on the data subject a “right to stop processing” where personal data is pro - cessed for direct marketing purposes, including profiling to the extent that profiling is related to such direct marketing. The DIFC Law provides that a data subject has the right to be informed before personal data is disclosed for the first time to third parties or used on their behalf for the purposes of direct marketing, and that the data subject be express - ly offered the right to object to direct market - ing. The data subject has the right to object to personal data processing for direct marketing purposes, including profiling to the extent that profiling is related to such direct marketing. The ADGM Regulations carry the same provi - sions as in the DIFC Law regarding direct mar - keting. The ADGM Regulations also provide that, when a data subject objects to direct marketing, personal data must not be processed for direct marketing purposes.
501 CHAMBERS.COM
Powered by FlippingBook