DLA Piper Intelligence

Data Protection
Laws of the World

Law

Egypt
Egypt

Egypt does not have a law which regulates protection of personal data. However, there are some piecemeal provisions in connection with data protection in different laws and regulations in Egypt. Further, a draft law regulating the freedom of data exchange and data protection was drafted, but it has not yet been approved or published. It is expected to be discussed before the Egyptian parliament.

Constitutional principles concerning individuals’ right to privacy under the Egyptian Constitution as well as general principles on compensation for unlawful acts under the Egyptian Civil Code govern the collection, use and processing of personal data.

In addition, the Egyptian Penal Code no. 58/1937 imposes criminal punishment for unlawful collection of images or recordings for individuals in private places. Some other laws provide for protection and confidentiality on certain data, such as the Egyptian Labour Law no. 12/2003 (confidentiality of the employee’s file information including punishment and assessment) and the Egyptian Banking Law no. 88/2003 (confidentiality of client and account information). Egyptian Civil Status Law no. 143/1994 provides for the confidentiality of citizens’ civil status data. The Executive Regulations of Mortgage Finance Law no. 148/2001 issued by virtue of Cabinet Decree no. 1/2001 as amended by Prime Minister Decree no. 465/2005 has a similar clause which provides for the confidentiality of the data of the clients of mortgage finance companies. The Egyptian Telecommunications Law no. 10/2003 provides for the privacy of telecommunications and imposes penalties which account to imprisonment in some cases on the unauthorized violation of such privacy. Egyptian Penal Code no. 58/1937 and Physicians Code of Ethics provide for the privacy of the patient’s information and prohibition to disclose it without the patient’s prior consent. The violation of such prohibition could be penalized by imprisonment and/or minimal fines.

Article 57 of the Egyptian Constitution promulgated in January 2014 provides for the protection of privacy and secrecy of, inter alia, mails, phone conversations and other methods of communication. The aforementioned shall not be monitored, inspected or confiscated unless by virtue of a prior court order and for a limited period of time as regulated by the law.

The Egyptian Constitution has not defined data protection. However, it refers to the legislative authority to regulate the communication of data in a manner that does not encroach upon the privacy of citizens, their rights and National Security.

Last modified 26 Jan 2017
Law
Egypt

Egypt does not have a law which regulates protection of personal data. However, there are some piecemeal provisions in connection with data protection in different laws and regulations in Egypt. Further, a draft law regulating the freedom of data exchange and data protection was drafted, but it has not yet been approved or published. It is expected to be discussed before the Egyptian parliament.

Constitutional principles concerning individuals’ right to privacy under the Egyptian Constitution as well as general principles on compensation for unlawful acts under the Egyptian Civil Code govern the collection, use and processing of personal data.

In addition, the Egyptian Penal Code no. 58/1937 imposes criminal punishment for unlawful collection of images or recordings for individuals in private places. Some other laws provide for protection and confidentiality on certain data, such as the Egyptian Labour Law no. 12/2003 (confidentiality of the employee’s file information including punishment and assessment) and the Egyptian Banking Law no. 88/2003 (confidentiality of client and account information). Egyptian Civil Status Law no. 143/1994 provides for the confidentiality of citizens’ civil status data. The Executive Regulations of Mortgage Finance Law no. 148/2001 issued by virtue of Cabinet Decree no. 1/2001 as amended by Prime Minister Decree no. 465/2005 has a similar clause which provides for the confidentiality of the data of the clients of mortgage finance companies. The Egyptian Telecommunications Law no. 10/2003 provides for the privacy of telecommunications and imposes penalties which account to imprisonment in some cases on the unauthorized violation of such privacy. Egyptian Penal Code no. 58/1937 and Physicians Code of Ethics provide for the privacy of the patient’s information and prohibition to disclose it without the patient’s prior consent. The violation of such prohibition could be penalized by imprisonment and/or minimal fines.

Article 57 of the Egyptian Constitution promulgated in January 2014 provides for the protection of privacy and secrecy of, inter alia, mails, phone conversations and other methods of communication. The aforementioned shall not be monitored, inspected or confiscated unless by virtue of a prior court order and for a limited period of time as regulated by the law.

The Egyptian Constitution has not defined data protection. However, it refers to the legislative authority to regulate the communication of data in a manner that does not encroach upon the privacy of citizens, their rights and National Security.

Last modified 26 Jan 2017
Definitions

Definition of personal data

There is no definition of personal data or private life under Egyptian law or the Constitution. However, Egyptian laws provide examples of the personal data that are protected such as the Labour Law. Article 77 of the Labour Law provides that the employees’ files that must be kept by the employer (as mentioned below) includes the employee’s personal data such as his name, job, professional skills when he joined the workplace, domicile, marital status, salary, starting date of his work, the holiday leave he takes, punishments imposed on him and the reports of his superiors on his work.

Definition of sensitive personal data

There is no definition of sensitive personal data under Egyptian law.

Last modified 26 Jan 2017
Authority

There is no national authority responsible for data protection in Egypt.

Last modified 26 Jan 2017
Registration

There is no requirement or facility to register data in a specific register.

Last modified 26 Jan 2017
Data Protection Officers

There is no requirement in Egypt for organisations to appoint a data protection officer.

Last modified 26 Jan 2017
Collection & Processing

According to the principles of the Egyptian Civil Code, the collection, use or processing of personal data is prohibited in case it violates the individual right to privacy and provided that such collection, use or processing constitutes a fault pursuant to the Egyptian Civil Code. A fault is defined by the judiciary as an act or omission that violates an obligation imposed by the law or assumed caution and care of the average man.

Only data which is considered pertinent to the data subject’s private life requires the consent of the data subject. The competent courts will determine whether specific data is considered pertinent to the private life of the data subject or not and whether the collection or processing of such data violates an obligation imposed by the law or assumed caution and care of the average man.

Collecting data about the employee is required by law (Article 77 of the Egyptian Labour Law) which provides that each employer must keep a file for each employee which includes their personal data. Only certain persons are authorised by the law to have access to such data.

Last modified 26 Jan 2017
Transfer

The same general principles applicable to data collection and processing mentioned above apply to the transfer of data. The data controller may not transfer data pertinent to the private life of the data subject except after obtaining the consent of the data subject, unless otherwise permitted by the law.

Last modified 26 Jan 2017
Security

Other than client and account data in banks, personal data controllers are not required by law to take specific measures against unauthorised or unlawful processing, accidental loss or destruction of, or damage to, personal data. The data controllers will be held liable according to the average man standard if their acts or omissions cause the processing, loss, destruction or damage to such personal data and this in turn results in damage being caused to the data subject.

Last modified 26 Jan 2017
Breach Notification

There is no mandatory legal requirement in the Egyptian law to report data security breaches or losses to the authorities or to data subjects.

Last modified 26 Jan 2017
Enforcement

As a general rule, civil liability may be raised in connection with violations against the individuals’ right to privacy. The prejudiced data subject should establish to the competent court the unlawful act, the damage occurred to them and the causation relationship between the unlawful act and the damage. Compensation is calculated on an 'actual damages' basis and is not punitive. Moral damages are also compensated.

Civil liability for data privacy infringement has not been frequently claimed before Egyptian courts.

Last modified 26 Jan 2017
Electronic Marketing

Egyptian law does not have any specific provisions which regulate Electronic Marketing.

Last modified 26 Jan 2017
Online Privacy

The Egyptian Constitution issued in 2014 provides that internet security is considered an essential part of the economic institution and national security and that the state is responsible for taking any required measures to maintain said security as regulated by the law. However, Egyptian law does not have any specific provisions which regulate online privacy.

There are number of draft legislations that are expected to be promulgated by Parliament in the coming period on state surveillance and the transfer and processing of data, including (i) draft law regarding the combat of the electronic and information crimes; and (ii) draft law regarding cyber security.

Also, please note that the Egyptian Computer Emergency Response Team, which is affiliated to the Ministry of Communication and Information Technology, has been established since April 2009 and is responsible for, inter alia, providing support to entities, banking and government sectors to tackle cyber security threats.

Further, Article 64 of the Telecommunication Law no. 10/2003 provides that the services provider or processor of telecommunications services must maintain, at its sole expense, all the technical capability which will allow the armed forces and the national security authorities to perform its competences within the limit of the law, without prejudice to the protection of private life of the individuals. This provision might be interpreted by the authorities to give them the right to have access to or surveillance on the data and information transferred or processed through telecommunication services in Egypt.

Last modified 26 Jan 2017
Contacts
Tamer EL Hennawy
Tamer EL Hennawy
Managing Partner
T T +(202) 2795 4228/8179 (ext. 104)
Mohamed Fathy
Mohamed Fathy
Senior Associate
T +(202) 2795 4228/8179 (ext. 122)
Yara Ghoneim
Yara Ghoneim
Junior Associate
T T +(202) 2795 4228/8179 (ext. 330)
Last modified 26 Jan 2017