Support Centre

Kuwait

Summary

Law: There is no general data protection regulation.

Regulator: There is no general data protection authority.

Summary:  Kuwait does not have a specific personal data protection law, but the Kuwait Communication and Information Technology Regulatory Authority (CITRA) released the Data Privacy Protection Regulation, No. 42 of 2021 (the Regulation) in April 2021. The Regulation imposes obligations concerning data protection on telecommunication services providers and related industry sectors who collect, process, or store personal data in whole or in part. The Regulation describes the conditions for collecting and possessing personal data and the obligation of a service provider during and after the end of the provision of the service in relation to the collection and processing of such data.

Moreover, the Constitution of Kuwait 1962 (the Constitution), establishes the right to privacy.

CITRA has also issued the Data Classification Policy (DCP) which entities dealing with large amounts of data can use as guidance for data protection. The DCP classifies data into four separate categories to help with better decision-making regarding data access and processing in line with the data classification levels.

News

Insights

May 2024

Kuwait: CITRA releases Kuwait's latest data privacy protection regulations

In a significant development within the State of Kuwait's regulatory landscape, the Communication and Information Technology Regulatory Authority (CITRA) has taken decisive steps to fortify data protection measures in the realm of telecom and IT services. Under Decision No. 26 of 2024, CITRA introduced a new set of Data Privacy Protection Regulations (the Regulations), effectively replacing the prior regulations. Concurrently, CITRA has repealed its former Data Classification Policy under Decision No. 34 of 2024, signaling a strategic shift towards more comprehensive safeguards for sensitive information.

This proactive update reflects CITRA's recognition of the growing need for strong data security measures as Kuwait's telecom and IT sectors expand. These regulatory changes also match Kuwait's big-picture plan for progress outlined in the New Kuwait 2035 strategy, emphasizing a focused push for better technology resilience and privacy standards in the country's digital world. Asad Ahmad and Salma Farouq, of GLA & Company, discuss the Regulations, highlighting the key provisions that individuals and entities should be aware of.

December 2021

Kuwait: Navigating Kuwait's latest sectoral data protection legislation

The Kuwait Communication & Information Technology Authority ('CITRA') released the Data Privacy Protection Regulation, No.42 of 2021 ('the Regulation') in April 2021, which marked an important milestone in Kuwait's legal landscape. This is primarily because prior to the Regulation there was no dedicated data protection law or regulation, and thus, reliance was placed on limited relevant legal provisions found in different legislations, such as the Constitution of Kuwait 1962 and Law No. 20 of 2014 concerning Electronic Transactions. Ahmed Syed, Senior Consultant at International Legal Group Kuwait, discusses the application of the Regulation and what is required under its provisions.

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.