DLA Piper Intelligence

Data Protection
Laws of the World

Law

Kuwait
Kuwait

Kuwait does not have a specific personal data protection law. There are no clear legal guidelines to determine how and when personal data may be:

  • Collected
  • Stored
  • Transferred
  • Used, or
  • Otherwise processed

Law No. 20 of 2014 (the E-Commerce Law) requires that client data relating to positional affairs, personal status, health status, certain financial information and other personal information must be retained privately and confidentially by the recipient and its employees. Such data may not be disclosed without client consent or a court order.

Last modified 22 Jan 2021
Law
Kuwait

Kuwait does not have a specific personal data protection law. There are no clear legal guidelines to determine how and when personal data may be:

  • Collected
  • Stored
  • Transferred
  • Used, or
  • Otherwise processed

Law No. 20 of 2014 (the E-Commerce Law) requires that client data relating to positional affairs, personal status, health status, certain financial information and other personal information must be retained privately and confidentially by the recipient and its employees. Such data may not be disclosed without client consent or a court order.

Last modified 22 Jan 2021
Definitions

Definition of personal data

Kuwaiti law does not define personal data. However, personal data is considered to include at least personal information about a person’s:

  • Positional affairs
  • Personal status
  • Health status, or
  • Elements of financial disclosures

These elements are undefined, but broadly construed to encompass any personal information relating to the specified data element.

Definition of sensitive personal data

Kuwaiti law does not define sensitive personal data.

Last modified 22 Jan 2021
Authority

There is no national data protection authority in Kuwait.

Last modified 22 Jan 2021
Registration

Not required.

Last modified 22 Jan 2021
Data Protection Officers

Not required.

Last modified 22 Jan 2021
Collection & Processing

The E-Commerce Law includes a general obligation prohibiting Kuwaiti governmental bodies, agencies, public institutions, companies, non-governmental bodies, or employees thereof from collecting or processing any information in an illegal manner without the consent of the concerned person or his or her representative.

Last modified 22 Jan 2021
Transfer

The E-Commerce Law similarly includes a general obligation prohibiting Kuwaiti governmental bodies from transferring any information in an illegal manner without the consent of the concerned person or his or her representative.

Last modified 22 Jan 2021
Security

No specific provisions.

Last modified 22 Jan 2021
Breach Notification

No specific provisions.

Last modified 22 Jan 2021
Enforcement

Violations of the E-Commerce Law are punishable by a maximum of three years imprisonment, and fines of no less than KWD5,000 (US$17,500) for anyone who discloses personal information without proper consent or a court order. The E-Commerce Law also provides for confiscation of tools, programs or devices used for unauthorized disclosure.

Last modified 22 Jan 2021
Electronic Marketing

No specific provisions.

Last modified 22 Jan 2021
Online Privacy

No specific provisions.

Last modified 22 Jan 2021
Contacts
Kashif Syed
Kashif Syed
Legal Director
NEN International Attorneys & Legal Consultants
T + 965 9696 2117
Last modified 22 Jan 2021