E-COMMERCE AND PRIVACY LAWS IN THE UAE Rindala Beydoun Senior Legal Counsel Al Tamimi & Company

2 THE MIDDLE EAST  Vast majority of ME countries do not have any specific privacy or e- commerce laws

3 UNITED ARAB EMIRATES  No specific privacy or e-commerce laws  No provisions in UAE Civil Code pertaining to privacy. There is no right for a private person to sue and demand compensation  Right to privacy protected under - Constitution - Penal Code

4 UAE CONSTITUTION  Article 31 - Freedom of communication by post, telegraph or other means of communication and the secrecy thereof shall be guaranteed in accordance with law. Al Tamimi & Company

5 UAE PENAL CODE  Article Shall be punishable by confinement for a period not exceeding one year and by a fine not exceeding ten thousand Dirhams in both cases or by one of these two penalties any individual who, through any means of publicity, publishes news, pictures or comments pertaining to the secrets of the people's private or familial lives even if such publications are real and true.  Article Shall be punishable by confinement for a minimum period of one year and by a fine of at least twenty thousand Dirhams or by one of these two penalties any individual who by reason of his profession, craft, situation or art is entrusted with a secret and who discloses it in cases other than those permitted by the law, who uses it for his own advantage or another person’s advantage, all this unless the individual to whom the secret pertains has consented that it be disclosed or used.

6 Article Shall be punishable by a fine of at least three thousand Dirhams any individual who opens a letter or telegram without the consent of the addressee, or he who eavesdrops a telephone conversation. Said offender shall be punished with confinement for a minimum period of three months or with a fine of at least five thousand Dirhams if he discloses the letter telegram or telephone conversation to any person other than the addressee without his consent, whenever such disclosure is susceptible of causing prejudice to third parties. UAE PENAL CODE (cont’d)

7 IMPACT OF THE LEGAL VOID  Under EU Data Protection Directive, no business in European Economic Area can transfer data to ME Business without breaching the Principles of the EU Data Protection Directive, unless there exists a trans- border data flow agreement  ISP’s in ME will be hampered in dealing with EU communications because of the EU Data Protection Directive  Business outside the ME maybe be more reluctant to do business in UAE which could damage the expansion of Dubai Internet City  Individuals in UAE are being denied the right to privacy

8 TEMPORARY LEGAL SOLUTIONS  Privacy policies for use on corporate Internet websites. Five elements - Notice - Choice - Security - Data Integrity - Access

9 TEMPORARY LEGAL SOLUTIONS (cont’d)  Privacy policies for use by corporate human resources departments. Principles: -Company must keep secure all personal data including names, addresses and other details of employees, customers, clients, prospects, suppliers and advisers. - Employees not to disclose personal data unless purpose of disclosure is legitimate and person to whom data is disclosed is legitimate recipient - Clear and detailed standards on use, storage and permitted access to messages  Contracts to safeguard privacy of data disclosed to third parties - Contractual undertakings to safeguard privacy may be added to any contract

10 TEMPORARY LEGAL SOLUTIONS (cont’d) Informed Consents - informing users of how their personal information might be used and obtaining explicit consent to such use in advance

11 CONCLUSION  Self-regulating legal solutions and technical solutions are certainly steps in the right directions  However, specific privacy laws are still needed in order to safeguard the privacy rights of individuals