DLA Piper Intelligence

Data Protection
Laws of the World

Law

Kuwait
Kuwait

Kuwait does not have a specific personal data protection law. There are no clear legal guidelines to determine how and when personal data may be:

  • Collected
  • Stored
  • Transferred
  • Used, or
  • Otherwise processed

Law No. 20 of 2014 (the E-Commerce Law) requires that client data relating to positional affairs, personal status, health status, certain financial information and other personal information must be retained privately and confidentially by the recipient and its employees. Such data may not be disclosed without client consent or a court order.

Last modified 29 Jan 2019
Law
Kuwait

Kuwait does not have a specific personal data protection law. There are no clear legal guidelines to determine how and when personal data may be:

  • Collected
  • Stored
  • Transferred
  • Used, or
  • Otherwise processed

Law No. 20 of 2014 (the E-Commerce Law) requires that client data relating to positional affairs, personal status, health status, certain financial information and other personal information must be retained privately and confidentially by the recipient and its employees. Such data may not be disclosed without client consent or a court order.

Last modified 29 Jan 2019
Definitions

Definition of personal data

Kuwaiti law does not define personal data. However, personal data is considered to include at least personal information about a person’s:

  • Positional affairs
  • Personal status
  • Health status, or
  • Elements of financial disclosures

These elements are undefined, but broadly construed to encompass any personal information relating to the specified data element.

Definition of sensitive personal data

Kuwaiti law does not define sensitive personal data.

Last modified 29 Jan 2019
Authority

There is no national data protection authority in Kuwait.

Last modified 29 Jan 2019
Registration

Not required.

Last modified 29 Jan 2019
Data Protection Officers

Not required.

Last modified 29 Jan 2019
Collection & Processing

The E-Commerce Law includes a general obligation prohibiting Kuwaiti governmental bodies from collecting or processing any information in an illegal manner without the consent of the concerned person or his or her representative.

Last modified 29 Jan 2019
Transfer

The E-Commerce Law similarly includes a general obligation prohibiting Kuwaiti governmental bodies from transferring any information in an illegal manner without the consent of the concerned person or his or her representative.

Last modified 29 Jan 2019
Security

No specific provisions.

Last modified 29 Jan 2019
Breach Notification

No specific provisions.

Last modified 29 Jan 2019
Enforcement

Violations of the E-Commerce Law are punishable by a maximum of three years imprisonment, and fines of no less than KWD5,000 (US$17,500) for anyone who discloses personal information without proper consent or a court order. The E-Commerce Law also provides for confiscation of tools, programs or devices used for unauthorized disclosure.

Last modified 29 Jan 2019
Electronic Marketing

No specific provisions.

Last modified 29 Jan 2019
Online Privacy

No specific provisions.

Last modified 29 Jan 2019
Contacts
Kashif Syed
Kashif Syed
Senior Legal Consultant
DLA Piper
T +965 2291 5800
Last modified 29 Jan 2019