As the U.A.E. becomes one of the world’s most technologically-advanced societies, the country has undertaken a review of data privacy regulations implemented around the world in preparation for the issuance of new regulations of its own that seek to strike a balance between promoting innovation and ensuring security. One key aspect of these regulations concerns data localization requirements, or the requirements that data about the U.A.E.’s citizens or residents be collected, processed, and/or stored inside the country.
In May of 2019, U.A.E. authorities put in place one of the country’s first data privacy regulations, the Information and Communication Technology (ICT) Health Law, with the objectives of ensuring safety and security of health data and information. The law prohibits the transfer, storage, generation, or processing of data related to the provision of health services in the U.A.E. to countries outside the U.A.E.
In the coming years, the U.A.E. will likely continue to unroll new laws governing the use of data in various critical industries as well as nationwide. These regulations can protect consumers and the privacy of personal information, but they also risk impeding the free flow of critical data across borders.
As the U.A.E. considers the means by which it will implement additional cyber security and privacy measures, businesses operating in the region have called for the country to provide a clear regulatory framework allowing for the free flow of information across borders. Stringent data localization laws, they argue, would hinder the ability of existing companies to continue doing business in the U.A.E. while discouraging other companies from investing in the country. This, in turn, could hinder the U.A.E.’s ambitions to become an innovation hub for the latest AI, IoT, and cloud technologies.
The U.S.-U.A.E. Business Council has been an active supporter of robust discussion surrounding data localization and privacy issues. In line with these objectives, the Business Council launched a Digital Domain Task Force in 2021, which has allowed member companies to raise concerns and best practices with U.S. and U.A.E. policymakers.
This Task Force builds on the Business Council’s history of opening doors for vital communication on data privacy issues through discussion platforms and advocacy.