Dubai: Don’t check a person’s phone without their permission, even if you know the password. While this may seem like basic etiquette, it is also a legal requirement in the UAE.
On June 14, the UAE Public Prosecution raised awareness about Article 9 of the Federal Decree-Law No. 34 of 2021 for Combatting Electronic Crimes and Rumours, also referred to as the Cybercrimes Law. The Article stipulates penalties that a person faces if he or she obtains a password or passcode without permission. As per the law, a person can face a monetary fine between Dh50,000 and Dh100,000 for accessing any information system by using a password they obtained without permission. The action will be considered an aggravated offence if the password was obtained in an unauthorised manner with the intent to commit a crime.
What does the law say?
Article 9 of Federal Decree-Law No. 32 of 2021 states: “Shall be sentenced to imprisonment and/or fined a monetary penalty and not more than Dh100,000 and not less than Dh50,000 whoever obtains, without a permit or consent from the concerned party a secret number, a passcode, a password or alike as in relation to a website, an electronic information system, a data network, or a means of information technology.
"The penalty shall be imprisonment for a duration of not less than six months and/or a monetary penalty not less than Dh300,000 and not more than Dh500,000 if the one who obtained the secret number, passcode, password or alike without the owner's permit or consent, obtained access or enabled another person to obtain access to the website, the electronic information system, the data network, or the means of information technology, for the purpose of committing a crime."
This offence shall include [actions like] hacking a website or destroying electronic or personal data or accessing hidden information without the consent of the concerned person.
What does it mean?
But how does the law apply to a person’s everyday life? Suneer Kumar, Senior law associate at Al Suwaidi and Company, broke down the various elements of the Article, to understand the different situations in which it may be applicable.
According to Kumar ‘information technology’ would refer to all forms of technology used to create, process, store, exchange and use electronic systems like websites, information networks and more. Also, when it comes to a ‘website’, the term can include online websites, social media websites, online networks and platforms, personal accounts, blogs and electronic services.
“This Article shall be applicable to any person, in whichever capacity, who obtains the said information or code or password without the consent of the concerned person. This offence shall include [actions like] hacking a website or destroying electronic or personal data or accessing hidden information without the consent of the concerned person,” Kumar said.
even a wife or husband can’t use each other’s passwords without permission. The objective of this Article is to protect the privacy of a person, prevent computer fraud, and stop unauthorised access to electronic networks.
Even if you know the password, you need to get express consent
According to Imran Khan, advocate and legal consultant at Bin Eid Advocates, the Article specifies the need for permission to be expressly provided by the owner of the digital account or gadget. Failing to do so can have implications at a personal level, too.
“A person can be prosecuted if he or she uses someone’s password without his or her express permission. So, an unauthorised person cannot access another person’s network, even if they know the passcode or password. If he or she uses the password without valid permission then the violator can be prosecuted under the cybersecurity law and other criminal laws, depending on the action of the person using the password,” Khan said.
He added that the Article would apply to the act of accessing any electronic account, whether email, social media or bank account, or any electronic gadget or network.
“As an example, even a wife or husband can’t use each other’s passwords without permission. The objective of this Article is to protect the privacy of a person, prevent computer fraud, and stop unauthorised access to electronic networks,” he said.