Access Alert | Kuwait’s First Comprehensive Data Privacy Protection Regulation  

Access Alert | Kuwait’s First Comprehensive Data Privacy Protection Regulation  

Kuwait’s Communication and Information Technology Regulatory Authority (CITRA) has recently drafted Kuwait’s first comprehensive Data Privacy Protection Regulation (the Regulation). This new Regulation seeks to address an important regulatory gap in Kuwait and will apply to both public and private sector entities processing personal data of Kuwaiti citizens and domestic and overseas residents of Kuwait. Through new regulatory tools, CITRA aspires to develop a robust ICT industry that will serve as a foundation for the New Kuwait 2035 vision.

All service providers who provide communication and information technology in the State of Kuwait are therefore concerned, particularly services which rely heavily on transborder transfer of data such as public telecommunications networks, website operators, digital applications, or cloud computing services. While conducting these services, providers must comply with the following conditions: a) provide users with user-friendly access to their data policies and protections; b) maintain a clear purpose for data collection (purpose limitation) and how the data will be used; c) an obligation to legally protect the data; and d) ensure appropriate processing and encryption of personal data as per Kuwait’s Data Classification Policy (available only in Arabic).

In terms of the rights afforded to data subjects, individuals will be able to: a) withdraw consent; b) request data access, rectification and deletion; and c) receive a notification from a service provider if they intend to transfer any personal data beyond the borders of Kuwait (which will be in accordance with a Data Classification policy issued by CITRA). The outcomes of the regulatory text could have a significant impact on existing tech companies operating in the country. Therefore, early engagement with the CITRA is highly recommended at this stage.

Access Partnership is closely monitoring all developments regarding legal frameworks on the matter in the region. For more information regarding this topic, please contact Nada Ihab.

Related Articles

The Practical Path Forward: Why Data Regulations 2.0 Must Be Built for Emerging Tech – And Fast

The Practical Path Forward: Why Data Regulations 2.0 Must Be Built for Emerging Tech – And Fast

This article is part of Access Partnership’s series ‘The New Privacy Playbook: Adapting to a Shifting Global Landscape’, which explores...

17 Jun 2025 Opinion
The Power of Light: Optical Links For Satellite Communications

The Power of Light: Optical Links For Satellite Communications

Making big waves in satellite communications, optical links, also known as Free-Space Optical (FSO) communication or laser communication, are transforming...

13 Jun 2025 Opinion
What Vietnam’s Political Transformation Means for Business Leaders

What Vietnam’s Political Transformation Means for Business Leaders

Vietnamese Communist Party General Secretary Tô Lâm and his administration are leading a streamlining of government that will fundamentally change the...

13 Jun 2025 Opinion
Access Alert: Ireland Launches SMS Sender ID Registry to Tackle Text Scams

Access Alert: Ireland Launches SMS Sender ID Registry to Tackle Text Scams

In 2022, Ireland recorded an alarming average of 1,000 fraud cases per day linked to scam calls and texts, with...

12 Jun 2025 Opinion