Credit information and data protection in the UAE

Nick O’Connell - Partner, Head of Digital & Data - Saudi Arabia - Digital & Data / Intellectual Property

Sana Saleem - Associate - Digital & Data

June 2014

In this article, we provide some further background to the role of the Credit Bureau, and comment on some of the data protection considerations addressed in the related law and regulations.

Al Etihad Credit Bureau was established in 2010 pursuant to Federal Law No. 6 of 2010 (Credit Information Law). The recent approval of Cabinet Resolution No. 16 of 2014 (Regulations) provides greater visibility of some of the operational aspects of the Credit Bureau.

The Credit Bureau was established to provide a single source of reliable data regarding credit information relating to natural and legal persons in the UAE. The basic intention is to enable lenders to better assess the credit-worthiness of prospective borrowers, and to provide a mechanism for limiting the ability of borrowers to take on unserviceable levels of debt.

Commercial banks and financial institutions in the UAE are required to provide the Credit Bureau with the credit information it requests. The Credit Bureau is entitled to specify the form in which such data is to be provided. The release of such information to the Credit Bureau in accordance with the Credit Information Law and Regulations will not be considered a breach of confidentiality.

Credit information reports issued by the Credit Bureau will include financial details of the concerned person (including details of any assets burdened with any types of pledge or guarantee), information on the concerned person’s failure to pay any amount to the information provider, and court decisions involving the concerned person. Reports will not include the likes of the value of mortgaged assets, details of the concerned person’s investments or amounts deposited with the information provider, or the information provider’s credit rating assessment of the concerned person.

The gathering of credit information raises a number of concerns from a data protection perspective. The Credit Information Law and its Regulations seek to address these in a number of ways, examples of which include:

  • a prohibition on the collection and circulation of data or details that relate to a person’s private life, opinions, beliefs or health condition;
  • a requirement to obtain the consent of the data subject before issuing any credit information reports relating to such person;
  • a requirement to use information gathered only for the purposes for which it has been provided;
  • an obligation on recipients of credit information to keep such information confidential;
  • an obligation on the Credit Bureau to use modern systems to maintain credit information, and to implement suitable security and information security mechanisms, and
  • the right of the data subject to request the correction of errors relating to his or her credit information.

Pursuant to the Credit Information Law, the Credit Bureau has an exclusive right to request, collect, keep, analyse, classify, use and circulate financial data relating to the financial obligations of any person. There is a prohibition on any other person or entity conducting such operations. On its face, this provision will ensure that credit information collection and reporting is centralised with a single entity; in a small country such as the UAE this approach seems practical.

The Credit Information Law penalises a number of offences. These include penalties of up to two years’ imprisonment, a fine of AED 50,000, or both, for anyone who reveals credit information other than as authorised by the Credit Information Law or its Regulations, and the same penalty for anyone who obtains credit information without obtaining the approvals required pursuant to the Credit Information Law or Regulations, or by using fraudulent methods or incorrect information. Violation of any provision of the Credit Information Law, where a specific penalty is not provided, is also an offence attracting imprisonment, a fine of AED 10,000, or both.

With the cooperation of commercial banks and financial institutions, the Credit Bureau is expected to fulfil an important function in the UAE economy, by providing a means by which lenders can manage their risk, and by reducing the number of borrowers over-exposed to unserviceable levels of debt.

Al Tamimi & Company’s Technology, Media & Telecommunications team regularly advises on data protection issues, including in the context of financial services. For further information about these matters, please contact Nick O’Connell –

back Chat with us

Disclaimer: This chat service should not be relied upon as a substitute for professional advice which takes account of your specific circumstances and any changes in the law and practice. No warranty is made as to the accuracy or completeness of the information provided via this service and no liability is accepted by Al Tamimi & Company Limited, its affiliates, partners or employees for any loss arising as a result of reliance upon the information provided.

I Agree   

Kindly accept the disclaimer to proceed to a live chat.

Please choose one of the following options below:

Thank you for your inquiry. We will connect you to one of our agents now.

Thank you. Which service are you looking for?

Thank you for your interest in working with Al Tamimi & Company. Please click here to view our latest job openings.

Please click here leave a message and we will get back to you shortly.