Dubai:The latest Data Protection Rules announced by the Dubai International Financial Centre (DIFC) will provide further clarity on personal data breach obligations.
First proposed in April, followed by a 30-day public consultation period, the DIFC said on Thursday that the new amendments have come into effect.
The amendments allow for more ethical management of personal data processing and operations, and offer greater insight into situation such as when a temporary custodian finds personal data that has been inadvertently left behind or lost.
The amendments will also clarify the use and collection of personal data for marketing and communications, particularly regarding appropriate notices when employing systems that may impair individuals’ rights to restrict or remove their personal data.
- DIFC reports strong growth, Tensions rise in Niger, and more, Gulf News Editors comment on August 1 trending news
- Watch: Dubai International Financial Centre witnesses 23% surge in new company registrations in H1-2023
- DIFC Courts see cases with Dh15 billion in claims value in first six months of 2023
- MetaTdex and DIFC forge strategic alliance to accelerate Dubai's AI + Web 3.0 Hub
They also provide guidelines on investigations and enforcement powers of the commissioner when a controller or processor may employ unfair or deceptive practices.
Jacques Visser, DIFC Commissioner of Data Protection, said: “DIFC’s outcomes-based approach vis-a-vis application of the DP Law 2020 obligations to the development and use cases for systems provides a more collaborative, transparent way of creating and maintaining an innovative yet safe autonomous system.”
The financial hub also said it has enacted ‘Regulation 10’, a set of rules addressing how personal data is handled in autonomous systems like AI and machine learning.
One aspect of Regulation 10 is that it allows the DIFC to serve as a platform for making different guidelines for governments and organisations to work together. This ensures that the correct principles are applied for ethical and responsible personal data processing in AI technology development.
Visser said that user cases are expected to be tested through further consultation, inspection or supervision. The DIFC Commissioner’s Office is also considering testing use cases through participation in a regulatory sandbox comprised of technology developers, users, regulators and non-governmental organisations.