The UAE’s national cybercrime legislation was last amended in 2012, but as part of the nation’s legislative reform agenda, Federal Decree-Law No. 34 of 2021 Concerning the Fight Against Rumors and Cybercrime has since been repealed and replaced (the New Cybercrimes Law). In this Al Kassadi article, we offer perspective on several significant revisions and newly added offenses made by the New Cybercrimes Law.
The New Cybercrimes Law went into effect on January 2, 2022, and was published in the Official Gazette on September 26, 2021. The New Cybercrimes Law’s application has widened to cover cybercrimes that are prepared, planned, supervised, or funded in the UAE or that are in any other way thought to jeopardize the interests of the UAE or its nationals.
Most offenses under the old legislation have been copied in identical terms, although others have been reintroduced with a particular focus on certain areas or are noticeably broader (such as banking, media, and healthcare).
Concerns about the liability of intermediaries are raised by the expansion of some offenses, which might potentially include internet service providers. It appears that additional offenses, including those related to the spread of false information and fake news, have been imposed to further govern social media use in the United Arab Emirates.
Specific Sector Prohibition
The New Cybercrimes Law outlines offenses that are particular to industries that are thought to be crucial to the nation, such as banking, media, health care, and academic institutions.
Additionally, there are some heightened penalties for crimes involving government information and institutions.
Before, more general offenses dealt with hacking and unauthorized access to systems and data. Now, there are more specific offenses that deal with these issues.
In addition to the potential for jail, penalties for hacking into a system at a banking, scientific, or media organization can range from AED 500,000 to AED 3,000,000.
A prison sentence of at least 10 years and a fine of up to AED 20,000 could be imposed for the offense of improperly accessing or altering official data.
Infringement of data privacy
Collecting, storing, or processing personal data of UAE nationals or residents in contravention of other laws is illegal under a section of the New Cybercrimes Law. Even though the same set of legal reforms included the passage of the UAE’s data protection law, which separately governs the handling of personal data in the UAE. It would appear that any consequences outlined in the data protection law or other equivalent legislation, in addition to the criminal penalties introduced by the New Cybercrimes Law, would be relevant.
A six-month prison sentence and a fine of between 20,000 and 100,000 AED are possible penalties for the unauthorized sharing of personal information.
The New Cybercrimes Law also makes it illegal to track, share, or retain a person’s location information without that person’s permission. In addition to previously existing situations like the unauthorized interception of communications, capturing images, and disseminating information that could harm a person, this is a new type of privacy breach that is for the first time stated in UAE law.
False and defamatory information
Under the New Cybercrimes Statute, spreading false information is now a considerably more serious offense than it was under the old law. It is not restricted to information that is untrue or damaging to the government. On social media, there seems to be a particular emphasis on false information and fake news.
Users are accountable for the internet content they produce and publish. They are probably going to be the focus of any criminal actions taken against them by the appropriate authorities. The statute does not explicitly establish a safe harbor defense for social media sites or internet service providers. A minimum one-year prison term and a fine of up to 200,000 AED are required for the offense.
Compliance with the law
The New Cybercrimes Law includes a section that specifically punishes a person in charge of a firm, albeit it is necessary to demonstrate that they were aware of the violation and that it contributed to the crime’s conduct.
A new enforcement authority also permits the seizure of money made as a result of using intermediaries to access illegal information. Additionally, if the owner of a website or electronic account where the offense was committed refuses to take down the illegal content, blocks access to it, or defies a directive from the regulator or appropriate authorities without a valid defense, they risk the punishment of up to AED 10,000,000.
What actions should businesses take?
Organizations should examine IT usage rules and reinforce messages to staff and contractors about the proper use of email, websites, and electronic communications in light of the New Cybercrimes Law’s spectrum of expanded offenses and penalties.
To guarantee that marketing teams’ and social media managers’ communications and advertisements do not violate the new rule, they should get familiar with the UAE’s content regulations.
- References for the information provided can be accessed here.
- As stated Al Tamimi & co. also enlisted and elaborated cyber laws enforcement rules in their article which might be very helpful and can be accessed here.