UAE Trends and Developments Contributed by: Kokila Alagh and Akshata Namjoshi, Karm Legal Consultants
KARM Legal Consultants Floor 14
WeWork Hub71 Al Khatem Tower ADGM Square Al Maryah Island Abu Dhabi
United Arab Emirates Tel: +971 55 369 2517 Email: karmadmin@karmadv.com Web: www.karmadv.com
UAE Data Protection Law Framework: Mainland, DIFC and ADGM Overview This article provides a comprehensive sum - mary of the data protection frameworks across distinct UAE jurisdictions – the UAE mainland, the Abu Dhabi Global Market (ADGM) and the Dubai International Financial Centre (DIFC). It also explores how these regimes interact in the realm of personal data protection. UAE The UAE introduced its first Federal Data Pro - tection statute on 20 September 2021 – Federal Decree-Law No 45 of 2021 on the Protection of Personal Data (PDPL) – which officially came into force on 2 January 2022. A key feature of the PDPL is the establishment of the UAE Data Office, the central authority tasked with manag - ing data subject complaints, issuing guidance and enforcing the law. The PDPL mandates that the UAE Data Office shall issue Executive Regu - lations to define detailed standards and controls for implementation. Enforcement of the PDPL was scheduled to commence six months after these regulations were formally adopted.
Prior to the PDPL, personal data protection and confidentiality were addressed through a variety of legal instruments, including: • the UAE Constitution, which upholds commu - nication freedom and confidentiality; • Federal Law No 15 of 2020 on Consumer Protection, granting consumers rights over their data and its usage; • Federal Law No 2 of 2019 on the Use of Infor - mation and Communication Technology (ICT) in Health Fields, which safeguards the confi - dentiality and security of health data; and • Federal Decree Law No 34 of 2021 on Com - bating Rumours and Cybercrimes, establish - ing penalties for unauthorised data handling, especially when it involves sensitive sectors such as government, banking, media, health and scientific entities. DIFC The DIFC Data Protection Law (Law No 5 of 2020), governs personal data in the DIFC, align - ing with GDPR and UK standards. Supported by the DIFC Data Protection Regulations (the “DIFC DP Regulation”), effective 1 July 2020, it applies to DIFC-based entities and any controller or pro - cessor handling personal data within the DIFC,
505 CHAMBERS.COM
Powered by FlippingBook