UAE Data Law set to be game changer in ensuring customer information is safely used by private firms
Dubai: Most customers using internet are not aware of what happens to their data even as 99 per cent of businesses in the UAE use third-party trackers and advertisement-platforms, a new survey has found.
However, the UAE’s Data Law is on the anvil and is expected to be a game changer in ensuring that customer data will be safely used by private companies, according to a senior executive of a company behind the survey.
Announced as part of the Projects of the 50, the UAE Data Law is the first federal law to be drafted in partnership with major technology companies. The law will empower individuals to control how their personal data is used, stored and shared in a move that aims to protect privacy of individuals and institutions and limit use of personal data by business entities for profit.
Conducted by Centurion Consulting on behalf of Zoho Corp, a global technology company, the survey released in Dubai on Tuesday found that only 68 per cent of respondents have well-defined and documented policies for customer data privacy and a mere eight per cent strictly apply them.
“This rampant use of third-party trackers in the business space has severe ethical and privacy implications because of the enormous amounts of customer data being gathered through them,” said Hyther Nizam, president-MEA, Zoho Corp.
“Most businesses use the same set of third-party trackers, which means the large corporates behind these trackers can combine data collected across different websites and build comprehensive individual profiles for hyper-targeted advertising.”
Adjunct surveillance
He said this practise is called ‘adjunct surveillance’. “When businesses that employ third-party trackers do not adhere to a strict privacy policy for customer data protection, they put their customers’ data at risk. Most internet users are not aware of how much data these trackers are gathering and what is happening with that data,” he explained.
However, this scenario is likely to see major changes when the UAE’s recently-announced Data Law will come into force, said Ali Shabdar, director MEA, Zoho Corp.
“Companies who use technology to mine your data will take what they need as long as they are within the boundaries of the law. But the law has not been keeping up with the speed of technology. Now that the new law is coming up, there will be more clarity on how and what data can be collected and stored by companies and how it can be used,” he told Gulf News.
“When there is a law, people will start talking about it. When there is a lot of conversation around it, there will be better education and awareness about data privacy and protection, which is very important.”
When the law becomes effective, he said, people will start thinking what companies are doing with their data and be more cautious while it will make businesses take data collection seriously.
“They will not be liberal with our data. They will take better care with our personal information. The law will put more responsibility on the companies. I hope there would be some measures for us to go and complain about data protection, the way we deal with consumer protection. I believe we will have a team to address our data complaints under this law. Also, data protection should become part of the online safety education for adults and children to raise awareness about their rights and responsibilities.”
More clarity
Shabdar said the law is expected to require businesses to know what exactly they can do with customers’ data. “We can expect much more clarity and this is what we want now. If a business wants to stay above the water, they have to really comply with at least a set of regulations because any day something could happen. So far, businesses were not clear about the jurisdictions of our data.”
Data privacy policies
The survey revealed that just 24 per cent of the respondents are fully acquainted with regional data protection laws. Interestingly, these are companies with more than 100 employees, it found.
Respondents to the survey, who typically had their business online or were engaged in e-commerce activities that involved payment gateway integration, were found to be well aware of data privacy policies because integration approval could not be gained without a well-documented privacy policy in line with these local regulations.
The UAE does not currently have an overarching federal law in place for regulating data privacy and protection. However, free zones like the DIFC and AGDM have their own data protection regulations while the Federal Decree-Law No (5) of 2012 includes strict mandates to combat cybercrime.
Shabdar pointed out that we have very strong cybercrime laws in the UAE, which protect citizens, residents and businesses. “But, adding personal data protection law will add a new level of safety and security for the country.”
Meanwhile, Nizam said there were 9.84 million internet users in the UAE as of January 2021.
‘Growing privacy consciousness’
“With 99 per cent Internet penetration, it’s clear that digital is the way forward here. The survey shows that most companies targeting the region’s massive online consumer base are not prioritising user privacy because the use of third-party trackers and ad platforms helps their sales,” said Nizam.
“However, consumers are growing more privacy conscious by the day and more countries are implementing stringent laws to protect consumer data and privacy. In the long-run, these businesses will need to rethink their reliance on third-party platforms in order to stay relevant, and gain the trust of their users,” he pointed out.
Third-party vendors
According to the survey conducted among 255 companies spread across the UAE, while 38 per cent were not completely comfortable with the way their customer data was being used by third-party vendors, most businesses said they could not stop using them because the advertisement campaigns were too important for lead and revenue generation (52 per cent), the insights were critical to their ability to understand customers (28 per cent) and using these platforms was the most cost-effective way to do business (16 per cent).
Usage of third-party trackers
According to the survey, the main reasons given by businesses for the use of third-party trackers were: Tracking the effectiveness of an ad-campaign (79 per cent), sharing content on social media (70 per cent) and gathering analytics on website visitors (65 per cent).
Another key finding from the survey was that companies assumed that data collection tools — most respondents use multiple vendors — would inherently abide by strict legal laws and standards and therefore customer data were safe.
The survey showed that bigger the name of the tracking company, the higher the respondents’ confidence that the information would not be misused. This despite several large vendors being recently fined for violating privacy laws in other nations.
Privacy trends in Middle East and North Africa
The study surveyed 1,000 respondents across the UAE, Saudi Arabia, Bahrain and Egypt to gather insight into businesses’ consumer data protection practises, awareness and adherence to local laws and the degree of awareness on data collection and usage by third-party vendors.
As many as 96 per cent of respondents said they were not clearly disclosing their use of third-party trackers on their websites to collect visitors’ data. Furthermore, 98 per cent of the respondents outsourced their website, management and marketing functions and were confident that the regulatory compliances would be followed by the service providers.