Less than half of businesses in the Middle East and North Africa recognize the value of data security and customer privacy, The FinTech Times reports, citing a joint survey conducted by the Harvard Business Review Analytic Services and Mastercard. With approximately half the populations in both regions under the age of 24, UNICEF estimates consumer trust will rely heavily on companies' ability to implement data security principals catering to younger customers. According to the report, 80% of co... Read More

The Dubai International Financial Centre announced a consultation on proposed amendments to Data Protection Law regulations. The proposed updates aim to "establish additional areas of regulation that support robust implementation" of the DPL. Topics covered within the updates include data breaches, controller and processor obligations in digital enablement technology systems, and incorporating privacy by design or default in artificial intelligence deployments. The public comment deadline is 17 ... Read More

This week, U.S. President Joe Biden is expected to sign an executive order cementing the legal basis for the Trans-Atlantic Data Privacy Framework, aka “Privacy Shield 2.0.” The executive order will likely create a redress mechanism, which will allow European individuals to challenge — or at least gain a modicum of insight into — surveillance practices by U.S. national security agencies. On a smaller scale but in the same vein, the government of Israel issued a draft decision Monday, announcing... Read More

A do not call registry in Israel starts operating early 2023 and joins an already stringent set of consumer privacy protection under Israeli laws. Marketers who call numbers listed in the registry will face significant fines and class actions. Israel joins more than 30 other countries with government-operated opt-out lists for marketing calls. Opt out of marketing calls In December 2020, the Consumer Protection and Fair Trade Authority imposed an NIS 8.3 million (about US$2.5 million) fine on ... Read More

The U.K. government and Dubai International Financial Centre Authority released a joint statement committing to increased facilitation of personal data flows. The two sides called the new agreement "a robust data bridge" that will help realize "the benefits of the important role that the trustworthy use of data across borders play." The U.K. and the DIFC indicated a mutual understanding on "the importance of existing and future regulatory cooperation as a means of enhancing our objectives."Full ... Read More

The Saudi Data and Artificial Intelligence Authority postponed implementation of the Personal Data Protection Law until March 17, 2023, the Saudi Gazette reports. In a press release shared on Twitter, the SDAIA said the postponement follows stakeholder views and responses to a public consultation and was made “in order to achieve the ultimate goal of such a law.” The SDAIA encouraged stakeholders to participate in a second public consultation process to “enhance” the law, which had been set to t... Read More

In September 2021, the Kingdom of Saudi Arabia issued its Personal Data Protection Law to regulate the processing of personal data. The PDPL is the first federal, sector-agnostic data privacy legislation in Saudi Arabia. Organizations will be faced with significant changes to their operations to ensure compliance. The PDPL comes into effect only 180 days after the publication in the Official Gazette, meaning the law will be effective March 23, subject to the passage of the implementing regulati... Read More

Oman's Ministry of Information announced the Law on the Protection of Personal Data was published in the Official Gazette No. 1429. The law provides for various data subject rights while the Ministry of Transport, Communications and Information Technology will have exclusive enforcement powers and be tasked with drawing up regulations. The law becomes effective Feb. 9, 2023.Full Story... Read More

Organizations in the United Arab Emirates are entering a new era of data privacy enforcement. In late November, as part of its 50th anniversary, the UAE federal government issued a sweeping set of legal reforms, which notably included the UAE Federal Decree Law No. 45 for the 2021 Personal Data Protection Law. While this law has been long-awaited by data privacy experts in the region, many organizations are not prepared for the new obligations and controls that pertain to data processing and res... Read More

Gulf News reports United Arab Emirates President Sheikh Khalifa bin Zayed Al Nahyan approved wide-ranging reforms to the country’s legal system, including passage of the Personal Data Protection Law. The legislation includes data subject rights, controls and obligations for data processing activities and strong provisions on user consent. Additionally, a law was passed to create the UAE Data Office, which will provide guidance for and enforcement of the PDPL.Full Story... Read More

In the Middle East and North Africa regions, the business world is just beginning to encounter the regulatory and operational pressures that European and U.S. companies have faced in recent years. Six new data privacy laws have been introduced in the last 18 months and authorities in the Dubai International Financial Centre have already issued 88 fines since the region’s new regulations became effective in late 2020. These new laws come in addition to dozens of existing regulations in Saudi Ara... Read More

The Taliban is believed to have seized the U.S. military’s biometric devices storing iris scans, fingerprints and biographical data. The technology, known as the Handheld Interagency Identity Detection Equipment, was intended to gather biometric data of 25 million people, 80% of the Afghan population. “We processed thousands of locals a day, had to ID, sweep for suicide vests, weapons, intel gathering, etcetera,” a U.S. military contractor explained. “(HIIDE) was used as a biometric ID tool to h... Read More

The Abu Dhabi Global Market’s Office of Data Protection released guidelines aiming to improve compliance with the Data Protection Regulations 2021. The guidance covers eight key areas of the regulations, includes advisory information and provides examples of practical application. ADGM Commissioner of Data Protection Sami Mohammed said the guidance provides “entities and authorities with a robust foundation to update their existing data protection compliance programmes.”Full Story... Read More

China and the League of Arab States signed an agreement on data security, the South China Morning Post reports. Deputy Foreign Minister Ma Zhaoxu said the agreement aims to create an “open, fair, non-discriminative” digital environment. “The prominent risks and challenges on data security posed by personal information infringement and massive cyber-surveillance on other countries have made it urgent [to find] a global solution,” he said.Full Story... Read More

Amid uncertainty around modernizing the timeworn Protection of Privacy Law, the Israeli privacy regulator has emerged as a dominant driving force. In a series of guidelines and recommendations, the Protection of Privacy Authority aims to fill the void with EU General Data Protection Regulation-like concepts and assumes an unprecedented active role in shaping the privacy regime. At the same time, Israeli privacy laws demand more than other data protection laws, especially in relation to cybersec... Read More

Israel is in the midst of a nationwide effort to achieve herd immunity to COVID-19 through an extensive vaccination campaign. In less than a month, Israel has managed to provide the first dose of the Pfizer-BioNTech COVID-19 vaccine to more than 2.5 million residents (approximately 27% of the population) and the second dose to more than 950 thousand residents (approximately 10% of the population). Per a statement of Israeli Prime Minister Benjamin Netanyahu, these efforts rely on an agreement b... Read More

Since launching last May, InCountry has been operating primarily in the tech vendor equivalent of a journalism beat. The company offers services to assist with data localization law compliance, and thus, their business primarily came from areas in which those rules are prevalent, such as the Middle East, Asia and Russia. InCountry CEO Peter Yared said the vendor started to have conversations with a few European Union countries, but its primary focus still centered on the lands where data locali... Read More

An IBM Security report found the average cost of $6.52 million per data breach in the Middle East is higher than the $3.86 million global average, TechRadar reports. The United States tops the average cost at $8.64 million, according to the study of 17 countries from August 2019 to April 2020. In Saudi Arabia and the United Arab Emirates, the cost of data breaches increased by 9.4% in the past year.Full Story... Read More

On 7 Sept., the Saudi Data and Artificial Intelligence Authority formally released the Kingdom of Saudi Arabia Personal Data Protection Law. Enforcement of the law will begin 14 Sept. 2024, which gives organizations one year to prepare for compliance. This law is the first privacy law in the KSA that aligns the kingdom with international privacy laws, in particular, the EU General Data Protection Regulation, along with some localization that addresses the Middle Eastern culture and adopts the l... Read More

Saudi Arabia's Personal Data Protection Law was enacted 16 Sept., the Saudi Gazette reports. The law regulates the collection, processing, disclosure and preservation of data, including a "detailed framework of processing standards, the rights of data subjects, the obligations of relevant bodies when processing, as well as data sovereignty, and penalties in the event of violating the provisions of the law." Full story... Read More

The Dubai International Financial Centre announced a consultation on proposed amendments to Data Protection Law regulations. The proposed updates aim to "establish additional areas of regulation that support robust implementation" of the DPL. Topics covered within the updates include data breaches, controller and processor obligations in digital enablement technology systems, and incorporating privacy by design or default in artificial intelligence deployments. The public comment deadline is 17 ... Read More

This week, U.S. President Joe Biden is expected to sign an executive order cementing the legal basis for the Trans-Atlantic Data Privacy Framework, aka “Privacy Shield 2.0.” The executive order will likely create a redress mechanism, which will allow European individuals to challenge — or at least gain a modicum of insight into — surveillance practices by U.S. national security agencies. On a smaller scale but in the same vein, the government of Israel issued a draft decision Monday, announcing... Read More

A do not call registry in Israel starts operating early 2023 and joins an already stringent set of consumer privacy protection under Israeli laws. Marketers who call numbers listed in the registry will face significant fines and class actions. Israel joins more than 30 other countries with government-operated opt-out lists for marketing calls. Opt out of marketing calls In December 2020, the Consumer Protection and Fair Trade Authority imposed an NIS 8.3 million (about US$2.5 million) fine on ... Read More

The Saudi Data and Artificial Intelligence Authority postponed implementation of the Personal Data Protection Law until March 17, 2023, the Saudi Gazette reports. In a press release shared on Twitter, the SDAIA said the postponement follows stakeholder views and responses to a public consultation and was made “in order to achieve the ultimate goal of such a law.” The SDAIA encouraged stakeholders to participate in a second public consultation process to “enhance” the law, which had been set to t... Read More

In September 2021, the Kingdom of Saudi Arabia issued its Personal Data Protection Law to regulate the processing of personal data. The PDPL is the first federal, sector-agnostic data privacy legislation in Saudi Arabia. Organizations will be faced with significant changes to their operations to ensure compliance. The PDPL comes into effect only 180 days after the publication in the Official Gazette, meaning the law will be effective March 23, subject to the passage of the implementing regulati... Read More

Do Israeli privacy laws mandate the appointment of a data protection officer? The simple answer is that currently, it is not entirely clear. Israel faces significant changes to its privacy laws and the duty to appoint a DPO may either become part of the law or remain a regulatory recommendation only. On Jan. 25, the Protection of Privacy Authority released guidelines on the appointment of data protection officers, their roles and responsibilities. The guidelines set forth recommendations and re... Read More

Oman's Ministry of Information announced the Law on the Protection of Personal Data was published in the Official Gazette No. 1429. The law provides for various data subject rights while the Ministry of Transport, Communications and Information Technology will have exclusive enforcement powers and be tasked with drawing up regulations. The law becomes effective Feb. 9, 2023.Full Story... Read More

Israel is recognized around the world as an important technology hub. It is home to hundreds of large, multinational tech corporations operating substantial local research and development, sales, and management activities. It is the incubator for thousands of startups, dozens of which are publicly traded unicorns. And it boasts an environment where innovation is fostered, growth achieved and the commerce of modern industries flourishes on a global scale. Because data is a core asset in many tec... Read More

The Turkish data protection authority, Kişisel Verileri Koruma Kurumu, has proposed amendments to the most controversial provisions of the Law on Personal Data Protection numbered 6698. The provisions have been heavily criticized by academia and business circles due to their inapplicability and inadequacy to meet needs. The amendments were actually part of the Economic Reforms, and specific tasks were introduced under the Economic Reforms to comply with the EU General Data Protection Regulation.... Read More

The Jerusalem Post reports Facebook, Twitter and LinkedIn moved to increase the privacy of accounts belonging to citizens of Afghanistan to combat potential targeting in the wake of the Taliban seizing control of the country. All three platforms are providing varying levels of increased security, ranging from limiting account searchability to accepting requests to delete archived communications. The moves come after human rights groups voiced concerns about the potential tracking of Afghans' dig... Read More

The Taliban is believed to have seized the U.S. military’s biometric devices storing iris scans, fingerprints and biographical data. The technology, known as the Handheld Interagency Identity Detection Equipment, was intended to gather biometric data of 25 million people, 80% of the Afghan population. “We processed thousands of locals a day, had to ID, sweep for suicide vests, weapons, intel gathering, etcetera,” a U.S. military contractor explained. “(HIIDE) was used as a biometric ID tool to h... Read More

The U.S. Department of Defense's Office of the Inspector General published a management advisory for the military to ensure sensitive data is protected and removed from equipment used in Afghanistan, Nextgov reports. The advisory highlights Army Regulation 735-5 and the 401st Army Field Support Brigade’s standard operating procedures for property accountability, which covers the proper methods for handling inventory devices and items with hard drives.Full Story... Read More

Appointment of a data privacy officer is regulated in detail under the EU General Data Protection Regulation. Mandatory DPO appointment is imposed under certain circumstances, and legal requirements are determined for the DPO role in terms of qualification as well as authorization. Under the Law on Protection of Personal Data numbered 6698 in Turkey, there is no legal requirement to appoint a DPO for data controllers, but there is a role introduced for the purposes of fulfilling the data control... Read More

Amid uncertainty around modernizing the timeworn Protection of Privacy Law, the Israeli privacy regulator has emerged as a dominant driving force. In a series of guidelines and recommendations, the Protection of Privacy Authority aims to fill the void with EU General Data Protection Regulation-like concepts and assumes an unprecedented active role in shaping the privacy regime. At the same time, Israeli privacy laws demand more than other data protection laws, especially in relation to cybersec... Read More

Israel is in the midst of a nationwide effort to achieve herd immunity to COVID-19 through an extensive vaccination campaign. In less than a month, Israel has managed to provide the first dose of the Pfizer-BioNTech COVID-19 vaccine to more than 2.5 million residents (approximately 27% of the population) and the second dose to more than 950 thousand residents (approximately 10% of the population). Per a statement of Israeli Prime Minister Benjamin Netanyahu, these efforts rely on an agreement b... Read More

Pakistani Minister for Science and Technology Chaudhry Fawad Hussain said his ministry is considering a federal privacy law, Dawn.com reports. Hussain's comments came in response to the change in WhatsApp's privacy policy requiring users to share data with Facebook. The minister added WhatsApp should have made the changes to its policy following a period of consultation.Full Story... Read More

Human rights groups are raising privacy concerns as surveillance cameras are planned to be installed around Kabul, Afghanistan, Reuters reports. An Interior Ministry spokesman said the cameras are being installed to “curb criminal and terrorist activities.” Peace and Human Rights Organization's Mohammad Nizam said, “Under current circumstances, honestly, it would be quite difficult for the masses to have full faith and trust that their privacy would not be harmed with the installation of these s... Read More

Egypt’s Personal Data Protection Law will be enforced Oct. 14, bringing a range of new obligations for businesses, PwC Middle East Partner for Assurance Services Nabil Diab wrote in an op-ed for Daily News Egypt. To prepare for enforcement, Diab said businesses should “take a holistic approach.” He outlines 10 “essential” steps, including appointing a data protection officer, establishing a data breach management process and reviewing cross-border data transfer operations.Full Story... Read More

Amendments to Turkish Banking Law No. 5411 in February 2020 introduced important provisions regarding how banks handle confidential customer data. Based on these provisions, the Banking Regulation and Supervision Agency introduced a secondary regulation that was finalized in March, the Regulation on Banks’ Information Technology and Electronic Banking Services. This regulation contains binding provisions related to data processing and transferring of bank customers. Definition of customer confi... Read More

The New York Times reports Facebook, Google and Twitter are among the big tech companies refusing to comply with proposed internet censorship rules in Pakistan. The Asia Internet Coalition wrote a letter to Pakistan Prime Minister Imran Khan regarding the opposition of the companies, which proposed abandoning service in Pakistan entirely if the rules stood. The Pakistani government then eased its position, saying the proposal will be put through an "extensive and broad-based consultation process... Read More

Gulf Daily News reports Bahrain’s Personal Data Protection Law has now gone into effect. Organizations covered by the PDPL are required to obtain user consent in order collect, store, process and use personal information. Any organization found to have violated the law could face a fine between BD1,000 and BD20,000 and up to one year in prison. While the law has been implemented, there has been no announcement regarding the creation of the Personal Data Protection Authority that will enforce the... Read More

Legislators in Egypt have passed the country’s first data protection law, Daily News Egypt reports. The laws will protect the information of Egyptian citizens, as well as European Union citizens who are in the country. Companies are required to obtain consent before any personal data can be collected, processed or disclosed. Any organization found to have violated the rules faces “[no] less than three months” of imprisonment and fines that can range from EGP 100,000 to EGP 1 million. Any entity ... Read More

ZDNet reports the U.S. Department of Homeland Security's cybersecurity agency is alerting online users to the rise in activity for Iranian hackers and urging U.S. companies to take action to protect systems. Cybersecurity and Infrastructure Security Agency Director Christopher Krebs tweeted a statement from the department, warning users to be wary of cyberattacks, such as data-wiping malware, credential stuffing attacks, password spraying and spear-phishing. "In times like these it's important t... Read More