Skip to main content

As digital economies continue to expand globally, the protection of personal data has emerged as a critical concern for governments, businesses, and individuals alike. In recognition of the necessity to safeguard personal information, both Lebanon and the United Arab Emirates (UAE) have enacted comprehensive legislation aimed at regulating the collection, processing, and storage of personal data. Although the two jurisdictions operate under distinct regulatory frameworks and economic environments, their respective data protection regimes pursue similar objectives, while reflecting the unique legal and cultural characteristics of each nation.

  • Lebanon

Lebanon’s Law No. 81 of 2018, known as the “Electronic Transactions and Personal Data Protection Law” established a legal framework that governs how businesses and entities manage personal information within Lebanon’s digital spectrum.

Personal data according to the Lebanese Law refers to all types of information related to a natural person that allows for their identification, whether directly or indirectly, including through the comparison or cross-referencing of multiple sources of information.

Article 87 of the Law stipulates that personal data must be collected securely and for legitimate, specific, and clearly defined purposes. The data collected and processed must be relevant, adequate, and not excessive in relation to the purposes for which it is intended.

In several cases, any party intending to collect and process personal data must notify the Ministry of Economy and Trade by obtaining a duly issued permit.

The personal data processing officer shall adopt all necessary measures, considering the nature of the data and the risks associated with its processing, to ensure its integrity and security, and to safeguard it from distortion, damage, or unapproved access.

Every individual shall have the right to request information, access, and object, before the personal data processing officer, to any information and analyses used in the automated processing of their personal data that are referenced in relation to them. The personal data subject, or any of their heirs, may seek recourse before the competent courts, particularly the Judge of Urgent Matters to ensure the enforcement of their rights of access and rectification.

Any personal data processing officer who fails to respond, or who provides an incorrect or incomplete response to the request of the data subject concerning the right of review or correction, and any person who processes personal data without obtaining the required permit or prior license, or in violation of the applicable rules, and any person who, whether negligently or intentionally, discloses personal data under processing to unauthorized persons, shall be subject to a penalty of a fine and/or imprisonment.

  • UAE

The UAE Federal Decree Law No. 45 of 2021 Concerning the Protection of Personal Data defines personal data as any data related to a natural person that can be identified directly or indirectly by linking the data, using identification elements such as name, voice, image, identification number, electronic identifier, geographical location, or physical, physiological, economic, cultural or social characteristics. It includes sensitive personal data and biometric data.

Under the abovementioned law, the processing of personal data is prohibited without the explicit consent of the data subject. The consent form must be presented in a clear, simple, unambiguous, and easily accessible manner, and the data subjects must be explicitly informed of their right to withdraw it easily.

Personal data shall be processed in a lawful manner; for a specific, clear, and legitimate purpose, and shall not be subsequently processed in a manner incompatible with this purpose.

Accordingly, necessary measures shall be taken to ensure that inaccurate or incorrect personal data is deleted or rectified; personal data shall be securely maintained, safeguarding it from any violation, unauthorized access, or unlawful processing through the implementation of appropriate technical and organizational measures in compliance with applicable laws and regulations; personal data shall not be retained once the purpose of its processing has been fulfilled unless the identity of the data subject has been anonymized.

According to the Emirati Law, the controller and processor shall designate a data protection officer possessing the requisite expertise and knowledge of the personal data protection law where the processing entails a high-level risk to the confidentiality and privacy of the data subject’s personal data due to the implementation of new technologies or the volume of data.

The data subject may directly contact the data protection officer or controller regarding any matters pertaining to the processing of their personal data, in order to facilitate the exercise of their rights in accordance with the provisions of this law.

The Law stipulates that personal data may be transferred outside the State with the approval of the UAE Data Bureau, provided that the Destination State or Province to which the personal data is being transferred has legislation in place that addresses and ensures the protection of personal data.

The data subject is entitled to lodge a complaint with the Bureau if they believe that a violation has occurred or that the controller or processor is processing their personal data in contravention of the rules and procedures established by the Bureau in this regard. The Bureau is designated to implement administrative and criminal penalties on parties that violate the provisions of any relevant legislation or decision.

To sum up, Law No. 81 of 2018 in Lebanon and the UAE’s Data Protection Law of 2021 represent significant advancements in data protection regulations. Compliance with these laws is not only a legal requirement for businesses but also a strategic necessity. By prioritizing data protection and transparency, companies can build customer trust, safeguard their reputations, and reduce the risk of penalties. As Lebanon’s digital economy is growing through e-commerce and e-wallets, and the UAE’s digital economy continues to boom, businesses that focus on privacy and security and implement robust cyber security measures will be better equipped to succeed in increasingly competitive, data-driven markets.

Charbel

Author Charbel

More posts by Charbel

Leave a Reply

Close Menu

Aoun Law Firm

Lebanon Office
Badaro Bureaux Building – 5th Floor; Sami El Solh Avenue, Beirut, Lebanon
Tel: + 961 1 381635
Mob: + 961 70 151751
Fax: + 961 1 381635

Dubai Office
Oud Metha, Al Makhawi Building – 2nd floor – Office 215
Tel: + 971 5506110678