Saudi Arabia’s Personal Data Protection Law came into existence after its cabinet approved it in a meeting chaired by King Salman on September 14, 2021, according to a report in the Saudi Gazette. The Saudi Data and Artificial Intelligence Authority (SDAIA) announced that the new law will be implemented within six months, the report added.
The law defines data to include name, identification number, address, phone number, personal records, banks accounts, credit cards, and images, videos, or any other identifying data. It is said to protect users from the collection and processing of their personal data without consent. The law also reportedly prevents direct or indirect identification of users resulting from any non-consensual collection.
The new data protection law indicates that Saudi Arabia is looking to regulate the sharing of personal data while preventing its abuse. Government officials believe it will provide clarity to the private sector about the prevalent regulatory environment in the country and make it easy to invite foreign investment.
What did the SDAIA head say after the law’s passage?
SDAIA head Abdullah Al-Ghamdi said that the law will streamline disclosure of personal data by offering specific controls to users, the Saudi Gazette stated.
Al-Ghamdi revealed that it will not be permissible to use personal means of communication for the purpose of marketing or awareness materials unless the owner of personal data explicitly consents to it. He added that companies can build a mechanism that enables users to deliver consent over the use of data but awareness materials sent by public authorities do not fall under the ambit of the law.
“The data owner has the right to request restricting the processing of his personal data for cases especially for a limited period of time, bearing in mind that the collection of personal data is limited to the minimum amount of data that enables the achievement of the specified purposes,” Al-Ghamdi was quoted as saying.
The system grants the right to view data and know the purpose of its collection and processing as well as obtain a copy of data collected, Al-Ghamdi said.
Data Protection Laws in 2021
Data has been at the forefront of legislation around the world ever since the General Data Protection Regulation (GDPR) was passed by the European Union in 2018.
- China: China passed the Personal Information Protection Law (PIPL) in August this year, and it is considered to be one of the world’s strictest data privacy laws. The law, which closely resembles Europe’s robust GDPR, is set to go into effect on November 1. PIPL gives the Chinese government broad access to data unlike its European counterpart, which restricts data collection by governments.
- UAE: Omar al Olama, minister of state for artificial intelligence, digital economy and remote work, announced a new Data Law to allow people to control how their personal data is used, stored, and shared by companies. UAE’s law will look to limit entities profiting from personal data. It was launched as a key element in the UAE’s ‘Projects of the 50’ campaign, as per a report in Arabian Business.
- Singapore: The Personal Data Protection Act (PDPA) witnessed its first comprehensive revision since 2012 under the Personal Data Protection (Amendment) Bill which was passed on November 2, 2020. The consequent Amendment Act came into effect in February this year. It added provisions for a mandatory data breach notification which requires organisations that suffer a data breach to notify the PDPC and affected individuals of that data breach. PDPA governs the collection, use, and disclosure of individuals’ personal data by organisations.
- India: The Personal Data Protection (PDP) Bill was first introduced in the Winter Session of 2019 after which it was referred to the Joint Parliamentary Committee which has been reviewing it for two years. The JPC earlier sought an extension till the winter session of the Parliament to present its report on the bill. It was then reported that a new draft of the bill is being prepared by the committee. There is no clarity on when the bill will come into force.
- Parliamentary panel to revisit Personal Data Protection Bill under newly-appointed chairperson
- An Arduous Task Lies Ahead Of India’s Proposed Data Protection Regulator
- #NAMA: Does Artificial Intelligence threaten privacy? Do the government’s data protection laws have adequate safeguards?
Have something to add? Post your comment and gift someone a MediaNama subscription.