The law addresses for the first time the processing of personal data via autonomous and semi-autonomous systems
On 18 April 2023, the Dubai International Financial Centre (DIFC) launched a 30-day public consultation on the proposed amendments to the Personal Data Protection Regulations to establish additional areas of regulation that would support the strong implementation of the DIFC Data Protection Law No. 5 of 2020. The proposed amendments are aimed at enhancing the current data protection framework in the DIFC and addressing the means for better, safer and more ethical management of personal data processing and operations.
The Personal Data Protection Law of Saudi Arabia (“KSA”) was recently amended pursuant to Royal Decree No. M/148, dated 05/09/1444H (corresponding to 27 March 2023G) (“Amended PDPL”). These amendments were preceded by a public consultation launched by the Saudi Data and Artificial Intelligence Authority in late 2022.
The Amended PDPL expands the scope under which Controllers could collect personal data from third parties, and process it for purposes other than that for which it was originally collected. It also provides additional grounds for Controllers to disclose personal data, and introduces an updated regime for personal data transfers outside of KSA.
On 30 June 2022, the Government of Abu Dhabi Department of Health (DoH) issued Circular No. 147 of 2022 requiring health and pharmaceutical facilities licensed by the DoH (“Licensed Entities”) to obtain a “secure” or “safe” certificate that certifies they operate in full compliance with the requirements of the Abu Dhabi Standard for Health Information Security and Cyber Security Standards (“Standards”). Licensed Entities have until the end of this year (i.e., by 31 December 2022) to complete an audit process to verify their self-certification with the Standards.
The Circular also states that Licensed Entities are urged to apply stricter cybersecurity controls, including to ensure health data is not transmitted outside of the UAE and to discontinue the use of any cloud-based services that store or utilize health data, irrespective of whether that solution is hosted within or outside the UAE.