By Brian Meenagh

On October 26, 2015, Raja Al Mazrouei, the Commissioner for Data Protection for the Dubai International Financial Centre (the DIFC), issued guidance on the adequacy of US Safe Harbor for the purpose of exporting personal data from the DIFC. The guidance is significant for organisations that transfer personal data from the DIFC to the US and such organisations should urgently review the basis upon which they transfer personal data from the DIFC to the US to ensure that they continue to comply with the DIFC Data Protection Law (No 1 of 2007).

The guidance follows the decision of the European Court of Justice (the ECJ) in Case C-362/14 – Maximillian Schrems v Data Protection Commissioner that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from the EU (the Safe Harbor Adequacy Decision), is invalid.

The key message from the guidance is that:

“the invalidation of the Adequacy Decision by the ECJ provides cause for the Commissioner to reconsider the adequacy status previously afforded under the Law to US Safe Harbor Recipients. However, the Commissioner also understands that there are ongoing negotiations between Europe and US authorities towards an improved Safe Harbor framework and that these negotiations are well advanced.

By Justin B. Cornish, Brian A. Meenagh, Alice Marsden and Omar M. Elsayed

Protecting Personal Data

Whilst it is not widely recognized that countries in the Middle East have specific established laws applicable to data protection, privacy and data protection are regulated by other laws in the region.

In Qatar, Saudi Arabia and the United Arab Emirates, the constitutions, together with certain statutes, recognize individual rights to privacy in specific circumstances. In addition, in Saudi Arabia, protection of

By Omar Elsayed

Although some surveys of privacy law suggest otherwise, privacy requirements do in fact exist in the Kingdom of Saudi Arabia (KSA)and are very relevant to companies operating there or seeking to provide services to customers in KSA.

Background

The paramount body of law in KSA is the Sharīʿah. The Sharīʿah is comprised of a collection of fundamental principles derived from a number of different sources, which include the Holy Qu’ran and the Sunnah, which are

iStock_globe.jpgOn 31 January 2011, Israel became the most recent addition to the European Commission’s list of non-EEA countries offering ‘adequate protection of personal data’, joining Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Jersey and Switzerland (and the US’s Safe Harbor regime). The finding of adequacy issued by the Commission is limited to automated data transfers to Israel, and non-automated transfers of data which are then subject to automated processing once in Israel (but may well be expanded to