Are Data protection laws really helpful in assuring data privacy in UAE?
In the era where data has been deemed as more precious than gold and crude oil, data privacy and security have become the topmost priority of every institution of every country. If this data falls into wrong hands, it could be highly misused causing irreparable damage to the brand value or even lead to the shutdown of the business. With UAE being one of the prominent business hubs of the world, emphasis on Data Protection becomes quintessential. Encouragement in this domain is reflected by the UAE joining MENA for legislating data privacy. But with long-time and current allegations on the UAE government for misutilization of the data for citizen surveillance has raised the eyebrows of many firms and businesses. Thus a quick inspection of the complex and current rules and regulations is required which is given below:
Laws in the Free Zone:
DIFC or Dubai International Financial Center and ADGM (Abu Dhabi Global Market) both have laws for Data Protection which are marked as generally consistent compared to developing jurisdictions by GSMA. In July 2019, some elements of the European Union GDPR and California Consumer Privacy Act, i.e. CCPA was planned to be integrated. ADGM made similar amendments in their policy to enforce data protection through increasing fines and putting stricter requirements for reporting of a breach.
Due to the absence of any predominant data privacy laws in place, the situation turns a bit gloomy for business, but laws governing several sectors are in place providing much respite. As per statements issued by govt. ministers a law similar to GDPR is underway from which more than half will be implemented in the coming three years. The rules will provide data protection in the field of health, agriculture, and utilities. In continuation of these efforts, the health data law was passed in 2019 which resembled GDPR with noted deviations. The law emphasized data retention, localization, processing, security, and centralization.
Extension to that an IoT regulatory framework has also been launched by the UAE govt., informed by GDPR. This framework focuses on purpose limitation, minimization, and storage limitation. Such firms are also required to register with the government.
With the newly introduced rules and regulations, the UAE govt. has shown sufficient resolution that they are working to rope in data protection, but the present situation makes a fair assessment of data protection impossible. News and cases of abuse of data privacy of people have been one of the major reasons for strong dissent. A few notable mentions include Project Raven, administered by ex-NASA employees for spying, and ToTok (Messaging app) used for spying on conversations, sounds, images, and much more.
Influence in Business:
In the region where the data privacy of citizens is a big concern, businesses surely feel unsafe in terms of data protection. Businesses have to ensure compliance, be prepared for the upgrades, and learn to carry full-fledged precautions where data can be easily misused.
The biggest concern regarding the data is that law forces businesses to access local servers and store data on them for long periods. In terms of security, the UAE govt. emphasizes access management and identity platform which ensures sensitive data is restricted to the right people only. Data collection policies of the business should thoroughly be inspected for any leaks, endangering users. For conducting business in UAE firms have to make laws, politics, and threats into consideration, which can be tiresome and complex. So that firms adhere to the best practices and implement them, guidance, or services from an IT consulting expert/s in the domain can be sought. If the firm wants to seek information about the laws they can refer to Data and privacy protection in the UAE - The Official Portal of the UAE Government, but IT consulting firms like NSKT can be a more reliable option.