The United Arab Emirates has announced that a long-anticipated new data protection law draft will soon be unveiled.

Presently, the UAE does not have a unified set of data protection laws at the federal level. There are, however, a number of both general and sector specific data protection provisions contained in several laws, as well as specific data protection legislation in the Dubai International Financial Centre (DIFC), Abu Dhabi Global Market (ADGM) and the Dubai Healthcare City (DHCC) free zones.

Although the data law has not been officially published yet, Omar Al Olama, the Minister of State for Artificial Intelligence, Digital Economy and Remote Work Applications, has provided some insight into what can be expected while a draft is awaited.

The data law will strike a balance between protecting the privacy of individuals and allowing businesses to extract value from personal data. On the one hand, individuals will have control over how their personal data are processed. They will have the right to obtain information, the right to access their data and the right to have it erased. At the same time, businesses will still be able to use personal data for commercial gain, subject to certain controls.

The data law is said to have a low compliance cost and has been described as a ‘global law’ that will not contain UAE-specific requirements. It will allow international companies based in the UAE to achieve cross-border data transfers.

It is still not known when the new data law will come into force. Nevertheless, businesses performing data processing activities could get a head start by reviewing their data processing functions.