In an article entitled Open Data in Dubai: A New UAE Data Protection Law?, found in Law Update’s October 2015 edition, we discussed Dubai Law No. 26 of 2015 regulating Dissemination and Exchange of Data in the Emirate of Dubai (the “Dubai Data Law”).
The Dubai Data Law is now publicly available and in this article we provide further information on its substance.
The Dubai Data Law is aimed primarily at ensuring that data gathered by Dubai government entities is effectively shared amongst such entities and with the private sector, so as to maximise opportunities to capture the benefit of such data for the emirate’s residents, visitors, and economy.
The aims of the Dubai Data Law include managing data in conformity with international best practices, promoting transparency and establishing rules for data dissemination and exchange, increasing the efficiency of services provided by federal government entities and local government entities, and providing data necessary to non-governmental entities with a view to supporting the development of the Emirate of Dubai.
The Dubai Data Law applies to Data Providers, which include the likes of federal government entities and local government entities that possess data relating to the Emirate of Dubai, individuals, and entities (including sole proprietorships, public interest organisations, companies, associations, etc.) that produce, own, publish or exchange data relating to the Emirate of Dubai, irrespective of whether they are located in ‘onshore’ Dubai or in a free zone (such as the Dubai International Financial Centre).
The Dubai Data Law contemplates two classes of data, collectively referred to as Dubai Data:
The Dubai Data Law provides that Dubai Data shall be published and exchanged via an electronic system, bulletins, reports, and any other means determined by a Competent Authority.
The Competent Authority contemplated under the Dubai Data Law is intended to administer the application of the Dubai Data Law and issue associated administrative and financial regulations. The functions and powers of the Competent Authority include:
Data Providers are generally required to:
Importantly, the Dubai Data Law provides that Data Providers shall take all steps to maintain the confidentiality and privacy of data during dissemination and exchange of such data in accordance with the Dubai Data Law.
Interestingly, Dubai Data is deemed a state-owned asset and may be disposed by the Data Providers only in accordance with the Dubai Data Law, including any resolutions issued under the Dubai Data Law. It will be interesting to observe the practical implications of this provision.
Recently, the Ruler of Dubai, His Highness Sheikh Mohammed bin Rashid Al Maktoum, issued a law establishing the Dubai Data Establishment. We understand from press releases that the Dubai Data Establishment aims to enhance Dubai’s capabilities in the field of publishing and exchanging data, contribute to establishing a knowledge database to serve the public and private sectors, and oversee, regulate, and coordinate between government entities to facilitate the implementation of the law. The Dubai Data Establishment appears to be the Competent Authority referred to in the Dubai Data Law, and if this is the case then the regulations associated with the Dubai Data Law are likely to become available in the near future, providing greater insight into the practical effect of the Dubai Data Law.
Al Tamimi & Company’s Technology, Media & Telecommunications team regularly advises on data-related issues, including big data analytics, open data and data protection related issues. For further information please contact Sana Saleem () or Nick O’Connell.