In light of the provisions of Federal Decree-Law No. (34) of 2021

On Countering Rumors and Cybercrimes in the United Arab Emirates

Federal Decree-Law No. 34 of 2021 defines personal data and information as: “Information or data pertaining to natural persons when it is related to their private lives, identifies them, or allows for the direct or indirect identification of a person’s identity.”

This data and information are linked to human privacy and is of paramount importance to every natural person, especially in this realm where most transactions have shifted from traditional paper-based to electronic formats, notably they reflect a person’s character and identity.

Out of concern for the safety of personal data and information, and to protect them from any form of infringement such as deletion, destruction, or disclosure, the UAE legislator, in Article 6 of Federal Decree-Law No. 34 of 2021 on Countering Rumors and Cybercrimes, has prescribed deterrent penalties for such offenses. The aforementioned article stipulates that:

1. 1. Whoever acquires, possesses, modifies, destroys, reveals, leaks, cancels, deletes, copies, disseminates, or re-disseminates any personal electronic data or information using the information technology or any ITE without permission shall be punished with imprisonment for at least (6) six months and/ or a fine of not less than (AED 20,000) twenty thousand dirhams or more than (AED 100,000) one hundred thousand dirhams.
2. 2. If the data or information aforementioned in Clause (1) of this Article are related to examinations, diagnosis, medication, healthcare, medical records, bank accounts, or payment information and data, this shall be deemed an aggravating circumstance.
3. 3. Whoever receives, keeps, or stores the data and information referred to in Clauses (1) and (2) of this Article, or accepts to handle or use them despite knowledge of the illegality of acquiring them shall be punished with imprisonment and/ or a fine.

It is clear from the preceding article that the UAE legislator was keen to ensure that personal information and data are protected from all forms of infringement , so that individuals can rest assured that all information related to their personality, identity, health status, bank accounts, electronic payment methods, and other information is safe from the interference and access of others. This strengthens their confidence and assures them that their electronic transactions are secure and will not pose any threat to their privacy.

Dr. Ghassan Arnous

Legal Consultant at Zayed Al Shamsi Advocates & Legal Consultants