This week the spotlight is on legal and regulatory developments in Egypt, where the Cabinet has approved a draft law to protect personal data, electronically processed in whole or in part by any holder, controller or processor. The law applies to Egyptians inside or outside the country, non-Egyptians living in Egypt and non-Egyptians outside of Egypt who carry out an act punishable in the State where it was signed. The law will impose obligations on controllers and processors with regards to the electronic processing of personal data, to ensure the rights of citizens and compliance with international legislation in this area.
Under the proposed law, personal data may not be collected, processed or disclosed by any means except with the consent of the relevant person or in cases authorised by law. The relevant person will have the right to access and obtain their own personal data. Penalties include jail terms of at least one year and/or a fine of up to 100,000 to 1,000,000 Egyptian Pounds. Those disclosing or making personal data available by any means other than those authorised by law or without the consent of the relevant person will face the same penalties. A Centre for Personal Data Protection in the Information Technology Industry Development Agency will be established and the employees will be appointed by a Ministerial Decision following a proposal from the competent minister. The Centre will formulate and develop policies, strategic plans and programmes to protect data and implement the relevant decisions, controls, measures, procedures and standards for data protection.