Law: DIFC Data Protection Law No. 5 of 2020 (the Data Protection Law)
Regulator: The Commissioner of Data Protection
Summary: On May 21, 2020, the DIFC Data Protection Law No. 5 of 2020 (the Law) was enacted in the Dubai International Financial Centre (DIFC). The Law came into effect on July 1, 2020. The DFIC is a financial free zone in the UAE, which itself is a federation composed of seven emirates. Being a financial free zone means that UAE federal, civil, and commercial law does not apply and the DIFC can create its own legal and regulatory framework for all civil and commercial matters.
The Law introduces requirements for data protection officer appointments, Data Protection Impact Assessments (DPIAs), and the right to data portability. As such, the Law will move the DIFC into closer alignment with the EU's GDPR. The Law became enforceable on October 1, 2020.
Notably, the DIFC Authority (DIFCA) launched a public consultation on proposed amendments to the Law, ending on May 17, 2023, aiming to provide means for a better, safer, and more ethical management of data processing. In particular, the proposed amendments provide for new provisions regarding:
The Data Protection Regulations 2020 (the 2020 Regulations) came into effect on the same day as the Law on July 1, 2020. On September 1, 2023, the DIFC announced the enactment of the amendments to the Data Protection Regulations 2020 through Regulation 10 on Processing Personal Data Through Autonomous and Semi-Autonomous Systems which amends the Data Protection Regulations 2020. Notably, the DIFC highlighted that the Data Protection Regulations were the first enacted regulation in the Middle East, Africa, and Southern Asia (MEASA) region on the processing of personal data via autonomous and semi-autonomous systems such as AI or generative machine learning technology.
JURISDICTIONS
Gain access to unlimited articles with 7 day access to all features, no credit card required.
Other options:
There are no articles.