Information on data protection regulations in the Middle East



. Bahrain enacted Law No. 30, 2018, the law protecting personal data (Data Protection Law), which goes into force on August 1, 2019.

Bahrain has several other laws with provisions relating to data protection, including:

Quatar. Qatar implemented Law No. 13, 2016, Promulgating the Protection of the Privacy of Personal Data Law concerning personal data protection (the Data Protection Law).

United Arab Emirates, UAE. The UAE does not have a federal data protection law even though in May 2019, a sector specific law, the UAE Federal Law No. (2), concerning the Use of the Information and Communication Technology in the Areas of Health (the Health Data Protection Law) will come into force.

Until now, one of the most relevant general privacy law is Article 379 of the UAE Penal Code, according to which the publication of personal data relating to individuals’ private or family life is an offence punishable by detention and fine.

The UAE also has several sector-specific areas with their data protection provisions, among which there is the Dubai International Financial Centre (DIFC), the Abu Dhabi Global Market (ADGM) and the Dubai Health Care City (DHCC).

  • DIFC. The Dubai International Financial Centre, implemented DIFC Law No. 1, 2007, the Data Protection Law, amended in 2018 (DPL).
  • ADGM. The Abu Dhabi Global Market implemented the ADGM Data Protection Regulations in 2015 (DPR 2015); amended in 2018. A consolidated version can be accessed here.
  • DHCC. The Dubai Health Care City implemented the DHCC Health Data Protection Regulation No 7 of 2013 (HDPR).


Overall, with the coming into force of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), Saudi Arabia, Jordan, Egypt and Oman are drafting national data privacy legislation to keep up with the international standards of best practice.


For more information on privacy in the world, Francesca Giannoni-Crystal and Federica Romanelli