Kuwait’s Communication and Information Technology Regulatory Authority (CITRA) has recently drafted Kuwait’s first comprehensive Data Privacy Protection Regulation (the Regulation). This new Regulation seeks to address an important regulatory gap in Kuwait and will apply to both public and private sector entities processing personal data of Kuwaiti citizens and domestic and overseas residents of Kuwait. Through new regulatory tools, CITRA aspires to develop a robust ICT industry that will serve as a foundation for the New Kuwait 2035 vision.
All service providers who provide communication and information technology in the State of Kuwait are therefore concerned, particularly services which rely heavily on transborder transfer of data such as public telecommunications networks, website operators, digital applications, or cloud computing services. While conducting these services, providers must comply with the following conditions: a) provide users with user-friendly access to their data policies and protections; b) maintain a clear purpose for data collection (purpose limitation) and how the data will be used; c) an obligation to legally protect the data; and d) ensure appropriate processing and encryption of personal data as per Kuwait’s Data Classification Policy (available only in Arabic).
In terms of the rights afforded to data subjects, individuals will be able to: a) withdraw consent; b) request data access, rectification and deletion; and c) receive a notification from a service provider if they intend to transfer any personal data beyond the borders of Kuwait (which will be in accordance with a Data Classification policy issued by CITRA). The outcomes of the regulatory text could have a significant impact on existing tech companies operating in the country. Therefore, early engagement with the CITRA is highly recommended at this stage.
Access Partnership is closely monitoring all developments regarding legal frameworks on the matter in the region. For more information regarding this topic, please contact Nada Ihab.
