Market Intelligence
Information and Communication Technology Middle East United Arab Emirates Trade Policy and Agreements

United Arab Emirates Data Privacy

The UAE Government is currently developing its new Federal Data Protection Law.  This is a unique opportunity for the country to build a framework that will help it achieve a data privacy law that fosters an innovative business environment.  It is also a unique opportunity for U.S. businesses to provide valuable best practices to the UAE regulators.  

The Current Status of UAE Data Privacy Regulations

The UAE does not have a comprehensive data privacy law at its federal level and there is no single national data privacy regulator.  However, the UAE has a number of special economic or sector free zones, three of which have specific data privacy laws: The Dubai International Financial Center (DIFC), the Abu Dhabi Global Market (ADGM) and the Dubai Healthcare City (DHCC). 

In addition, the UAE has a number of laws to govern privacy and data security in the UAE across public sectors, financial services (Central Bank of the UAE) and in the healthcare sector.  There are also sector-specific data protection provisions in certain laws.  These laws require data subjects to provide consent to the transfer of personal data to third parties inside or outside the UAE, and prohibit the transfer of data to jurisdictions with less stringent requirements. This includes other parts of the UAE outside the respective free zones.  These prohibitions are not generally enforced in practice, but could give rise to a claim by an individual who believes their data has been dealt with in breach of the applicable laws.

The UAE data localization policy is based on assumptions that localizing the data makes it safer and prevents foreign law enforcement from accessing data. It is also seen as a means of attracting and locking ICT investment into the country. 

U.S. Companies’ are challenged by the UAE’s current data privacy requirements with increased cost of doing business, limited access to innovation in cloud computing, and issues relating to cross border data flows and trade. 

Opportunities for U.S. companies in UAE’s evolving data privacy environment center on to sharing best practices for data privacy and certification mechanisms for cross-border transfers of data with U.S. and UAE policymakers. 

If a U.S. company has products or services relevant to the data privacy field or has questions about the UAE’s data privacy laws, they can contact the U.S. Commercial Service in Abu Dhabi at Office.AbuDhabi@trade.gov.