DATA PROTECTION LAWS OF THE WORLD. Bahrain

Similar documents
Contributed by Djingov, Gouginski, Kyutchukov & Velichkov

Board of Directors Telecommunications Regulatory Authority. The Telecommunications Regulatory Authority (the Authority ) Board of Directors,

DATA PROTECTION LAWS OF THE WORLD. China

Funding University Inc. Terms of Service

Data Breach Notification: what EU law means for your information security strategy

DATA PROTECTION LAWS OF THE WORLD. United States

GDPR: A QUICK OVERVIEW

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

Liechtenstein. General I Data Protection Laws. Contributed by Wanger Advokaturbüro. National Legislation. National Regulatory Authority.

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

UCL Policy on Electronic Mail ( )

Motorola Mobility Binding Corporate Rules (BCRs)

1.3 Please follow the links below for further information. Where relevant, we have made a distinction between different categories of data subjects:

DATA PROTECTION LAWS OF THE WORLD. Germany

Canada s Anti-Spam Law ( CASL ): It s the Law on July 1, 2014 questions for directors to ask

CliniSys Website Privacy Policy

THE CAN-SPAM ACT OF 2003: FREQUENTLY ASKED QUESTIONS EFFECTIVE JANUARY 1, December 29, 2003

Policy on Privacy and Management of Personal Information

American Dental Hygienists Association Privacy Policy

WEBSITE PRIVACY POLICY

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

PRIVACY POLICY. 1. What Information We Collect

Emergency Nurses Association Privacy Policy

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

PRIVACY NOTICE. 1.2 We may obtain or collect your Personal Data from various sources including but not limited to:

Data Processing Agreement

Acceptable Use Policy

Dentons Canada LLP. Understanding CASL. Presented to the Alberta Chambers of. Craig T. McDougall and Thomas A. Sides

Any reference in the Term to you or your means you as a user of the Website.

SIMS TERMS AND CONDITIONS OF USE AGREEMENT

2.1 Website means operated and owned by UCS Technology Services, including any page, part of element thereof;

Policy & Procedure Privacy Policy

UWC International Data Protection Policy

We reserve the right to modify this Privacy Policy at any time without prior notice.

DATA PROCESSING AGREEMENT

MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY

Data Processing Agreement for Oracle Cloud Services

1. Muscat & Co Mortgage Solutions Ltd - Privacy Notice

Mohammed Ahmed Al Amer Chairman of the Board of Directors. Issued on: 16 Rabi' al-awwal 1437 (Arabic calendar) Corresponding to: 27 December 2015

Cognizant Careers Portal Privacy Policy ( Policy )

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Recruitment Privacy Notice

Policy Objectives (the Association) Privacy Act APPs Policy Application ACTU The Police Association Website

Terms and Conditions for MPF e-statement/e-advice Service ( Terms and Conditions )

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd

Privacy Policy. You may exercise your rights by sending a registered mail to the Privacy Data Controller.

Maritime Union of Australia. Privacy Policy 2014

University Policies and Procedures ELECTRONIC MAIL POLICY

Breckenridge Financial Supplies Website Use Policy

Finland. General I Data Protection Laws. Contributed by Hannes Snellman Attorneys Ltd. National Legislation. National Regulatory Authority

Website privacy policy

Canada s Anti-Spam Legislation: What It Means to Hit Send

CALSTRS ONLINE AGREEMENT TERMS AND CONDITIONS

UNOFFICIAL TRANSLATION. The Telecommunication Regulatory Authority s Board of Directors. Resolution No. 2 of 2010

Privacy Law Doing Business In Canada

We collect information from you when You register for an Traders account to use the Services or Exchange and when You use such Services. V.

Privacy Policy. MIPS Website Privacy Policy. Document Information. Contact Details. Version 1.0 Version date March 2018.

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

POLICY BURLINGTON TOWNSHIP BOARD OF EDUCATION. PROGRAM 2361/page 1 of 8 Acceptable Use of Computer Network/Computers and Resources M

You are signing up to use the Middlesex Savings Bank Person to Person Service powered by Acculynk that allows you to send funds to another person.

TELEPHONE AND MOBILE USE POLICY

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

PRIVACY POLICY. Last Updated: 1/17/17

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

CITYTOUCH PRIVACY POLICY

Upcoming PIPEDA Changes What is changing and what to do about it

2. What is Personal Information and Non-Personally Identifiable Information?

Breach Notification Assessment Tool

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group" Notice Whose Personal Data do we collect?

Personal Data & Privacy Policy Statement

VFS GLOBAL PVT LTD PRIVACY DISCLAIMER

INTERNET ACCESS SERVICE AGREEMENT PLEASE READ CAREFULLY

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

Internet Service Provider Agreement

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

2.1 The type of personal information that auda collects about you depends on the type of dealings you have with us. For example, if you:

University Privacy Campaign. Introduction to the Personal Data (Privacy) Ordinance

PTLGateway Acceptable Use Policy

Vodafone Location Services. Privacy Management Code of Practice. Issued Version V1.0

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

Vistra International Expansion Limited PRIVACY NOTICE

Compass Consulting Group Terms of Use & Privacy Policy. Last Updated: 10/1/2018

EU data security and privacy trends

Cell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.

VIACOM INC. PRIVACY SHIELD PRIVACY POLICY

Privacy Policy GENERAL

General Legal Requirements under the Act and Relevant Subsidiary Legislations. Personal data shall only be processed for purpose of the followings:

You may contact The Translation Network by at You may also call The Translation Network at

Site Impact Policies for Website Use

CANADA S ANTI-SPAM LEGISLATION: Getting ready for July 1 st, 2014

LightGig Communications, LLC Privacy Policy

SIX Trade Repository AG

PRIVACY STATEMENT. Effective Date 11/01/17.

Privacy Policy Wealth Elements Pty Ltd

Data Privacy Policy. 1. General

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

Healthfirst Website Privacy Policy

Transcription:

DATA PROTECTION LAWS OF THE WORLD Bahrain Downloaded: 7 April 2018

BAHRAIN Last modified 25 January 2017 LAW There is currently no standalone data protection law in Bahrain. A draft is being reviewed before Parliament but has not yet been officially finalised nor published. Notwithstanding the above, provisions relating to data protection are generally captured in a number of laws in Bahrain and these suggest that consent from data subjects is required to process and transfer their personal data: Constitution of Bahrain 2002 (the Constitution ) protects citizens' rights to privacy as it contains provisions on confidentiality relating to postal, telegraphic, telephonic and electronic communications Amiri Decree No. 15 of 1976 with respect to the Penal Code (the Penal Code ) protects individuals' right to privacy as it contains provisions on the sanctions against those who disclose information without the consent of the concerned person Legislative Decree No. 9 of 1984 with respect to Central Population Register (the Central Population Register Law ) prohibits divulging demographic information and imposes sanctions against those who disclose information without the consent from the concerned person Legislative Decree No. 28 of 2002 with respect to Electronic Transactions (the Electronic Transactions Law ) contains provisions protecting the confidentiality of electronic records Legislative Decree No. 48 of 2002 with respect to the Telecommunications Law (the Telecommunications Law ) prohibits divulging of any confidential information Decree No. 64 of 2006 with respect to the Central Bank of Bahrain and Financial Institutions Law (the CBB Law ) contains provisions relating to confidential information and disclosing such information Resolution No. 8 of 2009 with respect to Licensees to implement Lawful Access (the Lawful Access Regulation ) contains provisions protecting the subscriber's right to privacy in the telecommunications services domain Consumer Protection Guidelines Reference No. CCA/1112/451 (29 December 2011) (the Consumer Protection Guidelines ) contains provisions on consumers' privacy relating to personal information and calling patterns Law No. 35 of 2012 with respect to Consumer Protection (the Consumer Protection Law ) protects consumer's privacy, to maintain personal information and not to exploit it for other purposes Law No. 36 of 2012 with respect to Labour Law in the Private Sector (the Labour Law ) covers generally right to privacy of employee's data 2 Data Protection Laws of the World Bahrain http://www.dlapiperdataprotection.com

Decree No. 16 of 2014 with respect to the Protection of Information and National Documents (the Protection of Information and National Documents Law ) covers the importance of information relating to national security The Resolution No. 3 of 2015 with respect to Bulk Messaging (the Bulk Messaging Regulation ) protects recipients from unsolicited and solicited messages Law No. 60 of 2014 with respect to Information Technology Crimes (the Information Technology Crimes Law ) mentions the penalties of unlawful taping, capturing or intercepting, by technical means, any non-public transmission of information devices data to, from or within an information technology system The Central Bank of Bahrain Rulebook (the CBB Rulebook ) contains provisions relating to customer confidentiality during outsourced services and activities. DEFINITIONS Definition of personal data There is no single definition of personal data under Bahrain laws as each law defines personal data differently. The definition of personal data is captured in the following laws: The Labour Law defines employees' personal data as: The employee s name, age, ID number, marital status, house address, and nationality Job or occupation and qualification and experiences Date of employment, current wage, and all modifications to this wage Leave taken and sanctions imposed The date of termination of service and the reasons thereof Minutes of the investigations conducted with the employee, and Supervisors reports on the level of the employee's performance in accordance with regulations enforce at the place of work together with any other papers related to the employee s service The Central Population Register Law defines demographic information relating to personal data as: Name House address Place and data of birth Gender Religion Marital status Parents' or spouse's ID number Educational qualification, and Occupation. The CBB Law defines personal information as: Name House address Email address, and Phone number Furthermore, the CBB Law defines confidential information as any information relating to private affairs of any licensee's customers. Definition of sensitive personal data 3 Data Protection Laws of the World Bahrain http://www.dlapiperdataprotection.com

There is no specific definition of sensitive personal data. NATIONAL DATA PROTECTION AUTHORITY There is no authority which is specifically responsible for data protection. However, the Information and e-government Authority holds demographic and censors information, facilitates communications between all government entities, and controls these communications. REGISTRATION None. DATA PROTECTION OFFICERS There is no requirement in Bahrain for organisations to appoint data protection officers. COLLECTION & PROCESSING Generally consent is obtained from the individuals when collecting and processing their personal data, in order to avoid any breach of privacy and confidentiality provisions mentioned under Bahrain laws. In certain circumstances, the relevant government authority may waive the requirement for an individual's consent. Subject to the Information and e-government Authority's approval, the Central Population Register Law gives the right for any governmental or non-governmental bodies to obtain demographic information for its interests or for purposes of fulfilling the requirements of its activities. TRANSFER The Electronic Transactions Law states that, as long as consent is obtained from the user or subject, and provided such information does not give rise to civil or criminal liability, a network intermediary has the right to transmit, send, receive, or store an electronic record or provide other services with respect to that electronic record. Except in respect of public bodies, the necessary consent may be implicitly given through a positive action. The Consumer Protection Guidelines states that licensed operators should obtain a subscribers' express permission before publishing the subscribers' information or providing it to another licensed operator. For entities regulated by the CBB, the CBB Rulebook contains provisions on outsourcing activities in the Operational Risk Management section whereby the licensees must ensure that the outsourcing agreements comply with all applicable legal requirements regarding customer confidentiality. SECURITY The data controller must implement adequate security measures in order to ensure national security and to protect the user's or subject's personal data from misuse, modification, or unauthorised access or disclosure. BREACH NOTIFICATION For entities regulated by the CBB, the CBB Rulebook obliges entities to notify the CBB when there is a breach in data protection. For entities regulated by the Electronic Transactions Law, in the event of a data breach, help may be sought from named officers of the Ministry of Industry, Commerce and Tourism in order to gain more protection. Mandatory breach notification There is no mandatory notification required in the event of a data breach. 4 Data Protection Laws of the World Bahrain http://www.dlapiperdataprotection.com

ENFORCEMENT The law is enforced when the affected party submits a claim to the competent court in Bahrain. However, there is no formal reporting of court decisions in Bahrain and courts do not rely on a formal system of precedence. This can lead to an increased level of unpredictability in litigious matters. ELECTRONIC MARKETING Electronic marketing in Bahrain is subject to the Consumer Protection Guidelines, the Lawful Access Regulation and the Bulk Messaging Regulation established by the Telecommunications Regulatory Authority. According to the Consumer Protection Guidelines, licensed operators are expected to protect consumers from unwanted, offensive, unsolicited or illegal electronic solicited messages, including live voice solicitations, artificial pre-recorded voice advertisements, electronic mail, electronic wireless messages (e.g. short text messages and multimedia messages) and facsimile messages. According to the Lawful Access Regulation, a licensee may access the subscriber's information for marketing purposes or to provide value added services to its subscribers only after obtaining consent from the subscriber. The Bulk Messaging Regulation regulates solicited and unsolicited messaging. Opt-out principles are adopted whereby text messages are only sent to recipients who have expressly consented to the receipt of the message. Texts may only be sent between 9 am to 8 pm. Licensed operators will take appropriate measures to reduce the number of unsolicited bulk messages which are sent over their telecommunications networks by non-contracted sources. ONLINE PRIVACY None. KEY CONTACTS Mohamed Toorani Senior Legal Consultant T +973 1755 0896 mohamed.toorani@dlapiper.com Noor Buhusayen Legal Consultant T +973 1755 0893 noor.buhusayen@dlapiper.com Lulwa Alzain Paralegal T +973 1755 0891 lulwa.alzain@dlapiper.com DATA PRIVACY TOOL You may also be interested in our Data Privacy Scorebox to assess your organisation's level of data protection maturity. 5 Data Protection Laws of the World Bahrain http://www.dlapiperdataprotection.com

Disclaimer DLA Piper is a global law firm operating through various separate and distinct legal entities. Further details of these entities can be found at www.dlapiper.com. This publication is intended as a general overview and discussion of the subjects dealt with, and does not create a lawyer-client relationship. It is not intended to be, and should not be used as, a substitute for taking legal advice in any specific situation. DLA Piper will accept no responsibility for any actions taken or not taken on the basis of this publication. This may qualify as 'Lawyer Advertising' requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome. Copyright 2017 DLA Piper. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback