Search for:
Author

Lucrezia Lorenzini

Browsing
Lucrezia Lorenzini is an associate based in the Dubai office of Baker McKenzie. Lucrezia advises on technology and data protection matters for clients, including national and multinational businesses, based in the UAE and Saudi Arabia.

On 14 September 2023, the Personal Data Protection Law (PDPL) promulgated by Royal Decree No. M/19, dated 09/02/1443H, amended pursuant to Royal Decree No. M/148, dated 05/09/1444H, officially entered into force in the Kingdom of Saudi Arabia. While the PDPL came into force on 14 September 2023, organizations were afforded a further 12 Hijri months’ period from the date of entry into force to bring themselves into compliance with the PDPL (i.e., on or around 2 September 2024). There should have been no enforcement action during the intervening period.

On 13 September 2023, the Communication Space & Technology Commission of Saudi Arabia proposed a draft law on Global Digital Content Safe Harbor. The proposed law is aimed at providing a legal framework for intermediary service providers hosting and transiting global digital content in Saudi Arabia in a way that ensures no objection, deletion or modification of content hosted in and accessible within the Kingdom. If adopted, the effect of the draft law may be significant as it seeks to create a more favorable environment for investment in the Kingdom’s digital economy, and it would align the local legal framework with the international best practices.

On 18 April 2023, the Dubai International Financial Centre (DIFC) launched a 30-day public consultation on the proposed amendments to the Personal Data Protection Regulations to establish additional areas of regulation that would support the strong implementation of the DIFC Data Protection Law No. 5 of 2020. The proposed amendments are aimed at enhancing the current data protection framework in the DIFC and addressing the means for better, safer and more ethical management of personal data processing and operations.

The Personal Data Protection Law of Saudi Arabia (“KSA”) was recently amended pursuant to Royal Decree No. M/148, dated 05/09/1444H (corresponding to 27 March 2023G) (“Amended PDPL”). These amendments were preceded by a public consultation launched by the Saudi Data and Artificial Intelligence Authority in late 2022.
The Amended PDPL expands the scope under which Controllers could collect personal data from third parties, and process it for purposes other than that for which it was originally collected. It also provides additional grounds for Controllers to disclose personal data, and introduces an updated regime for personal data transfers outside of KSA.

The Middle East luxury brands industry has rapidly expanded in recent years, driven by rising global consumption and major strides in online retail sales and marketing. These developments have also brought new challenges for the industry as companies face more stringent regulations as well as complex corporate and employment issues as they expand into new markets. As luxury goods companies gather large amounts of customer information, data protection has also become a major concern. Join Baker McKenzie for an update on the employment and data protection laws for luxury brands in the Middle East on 8 February 2023 from 2:00 – 3:00pm GST.

On 30 June 2022, the Government of Abu Dhabi Department of Health (DoH) issued Circular No. 147 of 2022 requiring health and pharmaceutical facilities licensed by the DoH (“Licensed Entities”) to obtain a “secure” or “safe” certificate that certifies they operate in full compliance with the requirements of the Abu Dhabi Standard for Health Information Security and Cyber Security Standards (“Standards”). Licensed Entities have until the end of this year (i.e., by 31 December 2022) to complete an audit process to verify their self-certification with the Standards.
The Circular also states that Licensed Entities are urged to apply stricter cybersecurity controls, including to ensure health data is not transmitted outside of the UAE and to discontinue the use of any cloud-based services that store or utilize health data, irrespective of whether that solution is hosted within or outside the UAE.