Search for:

UAE: DIFC proposed amendments on data protection regulations

By 2 Mins Read

In brief

On 18 April 2023, the Dubai International Financial Centre (DIFC) launched a 30-day public consultation on the proposed amendments to the Personal Data Protection Regulations to establish additional areas of regulation that would support the strong implementation of the DIFC Data Protection Law No. 5 of 2020 (please view the Consultation Paper No. 2 of 2023 here).

The proposed amendments are aimed at enhancing the current data protection framework in the DIFC and addressing the means for better, safer and more ethical management of personal data processing and operations.

The public consultation will remain open up until 17 May 2023 and all relevant stakeholders are invited to submit their comments through the proper form by that date.

Key takeaways 

The proposed amendments seek to provide clarity on the following key topics:

  • Personal data breach obligations (e.g. actions and remedies required to report and manage such an incident);
  • Use and collection of personal data for electronic marketing and digital communications (e.g. clear collection, use, and lawful basis requirements regarding digital communications and services); and
  • Personal data processed through digital, generative technology systems (e.g. technical, organisational, and ethical obligations around personal data collection and use via platforms built through technological systems such as artificial intelligence).

The key aspects of the proposal include the following:

  • Directions for a DIFC-based entity or landlord to follow to determine whether a personal data breach has been committed, whether by the company itself or by a previous tenant, and if or when to report such breach;
  • Accountability and transparency controls and processes for assuring data subjects’ rights if their personal data is collected and used for digital communications and services by a DIFC-based company;
  • Clarity on the obligations of controllers and processors regarding controls and safeguards to be built into digital enablement technology systems; and
  • Concepts to incorporate privacy by design and the principles of fairness and transparency into generative, machine-learning or similar systems.

The Consultation Paper notes that the DIFC Authority will consider further refinements to its draft publication as a result of the public consultation, therefore, it seems that there is a clear intention to proceed with the changes once they are in a suitable form.

If you would like any assistance in responding to the above consultation or with any data and technology-related matters, or issues generally, please feel free to contact Andrea Mezzetti, Lucrezia Lorenzini and Maher Ghalloussi.

Categories:
Author

Andrea Mezzetti focuses his professional activity in the Information Technology & Communications area, advising domestic and international clients on issues pertaining to information technology and electronic communications, with particular reference to the regulatory aspects of new technologies and the drafting and negotiation of sector specific agreements.

Author

Lucrezia Lorenzini is an associate based in the Dubai office of Baker McKenzie. Lucrezia advises on technology and data protection matters for clients, including national and multinational businesses, based in the UAE and Saudi Arabia.

Author

Maher Ghalloussi is an associate in the Firm's Dubai office. He is qualified in France and has worked in Paris and Dubai.

Related Posts

Write A Comment