Investment and Egyptian Personal Data Protection law 2020
Junior associate lawyer
In 15 July, the Egyptian parliament issued law no. 151/2020 on personal data protection, the government has submitted the draft law in February 2019 to the legislative branch where it had been subject to negotiations, discussions, and extensive engagement between parliament, cabinet and key stakeholders in technology and telecommunication industry whether ministry of telecommunications or private sector.
Generally, the law aimed to attract investment in the telecommunication and technology industry beside providing strong protection to the privacy of individuals.
This law follows the international movements towards the protection of individual privacy in light of technological recent developments. The new law fills a gap in the Egyptian legislation.
In this article, we are shedding light on three important questions; importance of personal data protection, goals of legislation, and types of data has been excluded from law’ scope of application.
First: importance of personal data protection:
Several legislations in many countries have treated the issue of personal data protection and restricted sharing of personal data with jurisdictions that have not proper protection for individual’s privacy.
The Egyptian legislative gap posed a barrier in front of investment in telecommunications and technology industry which stopped Egypt becoming a global hub for telecommunication industry.
Second: objectives of the new issued law:
- ensure a proper legal and technical protection for personal data electronically processed.
- encountering violations against individuals’ privacy by establishing mechanisms to combat risks raised from using of personal data.
- establishing regulatory framework which complies with international legislations in the area of personal data protection.
- putting obligations on both data controller and processor as they are the most important elements in this context
- establishing obligations on entities, and individuals controlling personal data and those who process them to appoint an officer responsible for ensuring individuals’ privacy.
- regulation of using personal data for online-digital marketing and advertising purposes.
- procedural regulation for cross-border data transfers and ensuring citizen’s personal data protection and it would not be shared with countries do not have proper and necessary protection.
- Regulating the electronic processing of personal data, and the necessity of obtaining a license for those who carry it out, especially sensitive personal data (of a private nature).
- Establishing a center for the protection of personal data as a public body that is competent to organize and supervise the implementation of the provisions of this law.
Third: The Law excludes from its scope of protection six types of data as follows:
- (a) personal data held by natural persons for personal purposes.
- (b) data processed for official statistics.
- (c) data processed for media purposes, provided that such data is accurate and valid.
- (d) data obtained for the purpose of investigations and lawsuits.
- (e) personal data held by national security authorities.
- (f) data held by the Central Bank of Egypt and the entities subject to its supervision and control. Money transfer and exchange companies are not, however, excluded from the application of the law.
Finally, this law will significantly contribute to turning Egypt into a global and regional hub influencing the ICT industry.