Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
DIFC: DIFCA launches public consultation on amendments to Data Protection Regulations 2020
The Dubai International Financial Centre ('DIFC') Director of Data Protection announced, on 18 April 2023, via LinkedIn, that the DIFC Authority ('DIFCA') had launched a public consultation on proposed amendments to the Data Protection Regulations 2020. In particular, the Director stated that the proposed amendments provide means for a better, safer, and more ethical management of data processing, which include:
- regulations to clarify the actions and remedies required to report and manage data breach incidents, including:
- details on when data breach notifications should be made to the Commissioner of Data Protection ('the Commissioner') without undue delay;
- the methods for a notification of a data breach, as well as the circumstances that trigger the requirement to notify the Commissioner and data subjects; and
- an obligation on a person who comes into control or possession of 'inadvertently obtained information' that may contain personal data, to attempt to identify and notify the party or parties that were previously controllers or processors of such data, and request the same to remove or 'accept' such data by a specified future date;
- regulations on the use of personal data for digital communications and services by a DIFC-based company, including:
- an obligation to provide the data subject with an opportunity to refuse or opt out of receiving digital communications and services the first time a controller collects personal data for such purposes;
- requirements regarding the means of selecting privacy preferences made available to a data subject on first use of a platform or application enabling digital communications and services; and
- conditions for consent in this context;
- obligations on controllers and processors regarding controls and safeguards in connection with the use of digital enablement technology systems, such as artificial intelligence ('AI') systems, including transparency and information provision obligations towards data subjects; and
- concepts to incorporate Privacy by Design or by Default into generative, machine learning, or similar systems, which include fairness, ensuring ethical practices, transparency, security, and accountability.
Importantly, the consultation paper notes that the proposed amendments are currently in draft form and that, once comments have been received, the DIFCA will consider whether, if any, further refinements are required to the same. To this end, the consultation paper highlights that, once the DIFCA considers the proposed amendments to be in a suitable form, they will be enacted as new DIFC regulations on a date later specified.
Notably, the consultation paper specifies that comments can be submmited to Chief Legal Officer of the DIFCA, Jacques Visser, at P. O. Box 74777, or emailed to [email protected], until 17 May 2023.
You can read the post here, the consultation paper here, and the proposed amendments here.
UPDATE (1 September 2023)
Amendments to Data Protection Regulations 2020 enter into force
On 1 September 2023, the DIFC published Regulation 10 on Processing Personal Data Through Autonomous and Semi-Autonomous Systems which amends the Data Protection Regulations 2020, entering into force on the same date.
You can read the announcement here and the amended Regulations here.