United Arab Emirates

With the exception of certain free zones, there is no comprehensive legislation in the UAE specifically designed to regulate the collection, processing, transfer and/or use of personal data. Personal information relating to an individual is protected under provisions of laws, not specifically focused on the issue of data protection.
Additionally, a variety of laws relating to matters such as health insurance, patient confidentiality, and credit worthiness contain specific data protection and privacy -related provisions.
The DIFC Data Protection Law of 2007 regulates the processing of personal data by data controllers located in DIFC.
The ADGM Data Protection Regulations 2015 regulates the processing of personal data by data controllers located in the Abu Dhabi Global Markets (a financial services free zone in Abu Dhabi).
The DHCC Data Protection Regulations 2013 regulates the processing of personal data by entities licensed in Dubai Healthcare City (another free zone). Dubai Healthcare City Governing Regulation No. 7 of 2008 regulates the use and disclosure of “Patient Health Information” (including personal information and medical information relating to a patient’s physical or mental health) by entities licensed in the Dubai Healthcare City – a healthcare-related free zone in the Emirate of Dubai.