Law No. (26) of 2015

Regulating

Data Dissemination and Exchange in the Emirate of Dubai[1]

ـــــــــــــــــــــــــــ

We, Mohammed bin Rashid Al Maktoum, Ruler of Dubai,

After perusal of:

Federal Law No. (3) of 1987 Issuing the Penal Code and its amendments;

Law No. (3) of 2003 Establishing the Executive Council of the Emirate of Dubai;

Law No. (9) of 2004 Concerning the Dubai International Financial Centre and its amendments;

Law No. (11) of 2014 Establishing the Dubai Electronic Security Centre;

Decree No. (22) of 2009 Concerning Special Development Zones in the Emirate of Dubai;

Resolution No. (1) of 2014 Forming the Executive Committee of the Dubai Smart City;

Resolution No. (2) of 2014 Forming the Open Data Committee of the Emirate of Dubai; and

The legislation establishing and regulating free zones in the Emirate of Dubai,

Do hereby issue this Law.

Title of the Law

Article (1)

This Law will be cited as "Law No. (26) of 2015 Regulating Data Dissemination and Exchange in the Emirate of Dubai".

Definitions

Article (2)

The following words and expressions, wherever mentioned in this Law, will have the meaning indicated opposite each of them unless the context implies otherwise:

The Emirate of Dubai.

Emirate:

His Highness the Ruler of Dubai.

Ruler:

The Government of Dubai.

Government:

The Dubai Electronic Security Centre.

DESC:

The entity responsible for supervising the implementation of this Law.

Competent Entity:

Any of the ministries, authorities, public corporations and similar entities affiliated to the Federal Government.

Federal Government Entity:

Any of the departments, authorities, public corporations, councils, centres, and other entities affiliated to the Government, including the authorities supervising Special Development Zones and free zones.

Local Government Entity:

A natural person, or a private legal person including, without limitation, individuals; sole proprietorships; public-benefit establishments; companies; societies; and similar entities.

Person:

Federal Government Entities, Local Government Entities, and Persons determined by the Competent Entity.

Data Providers:

A collection of organised or unorganised information, facts, concepts, instructions, observations, or measurements, in the form of numbers, alphabets, symbols, images, or any other form, that are collected, produced, or processed by Data Providers. This also includes “information” wherever mentioned in this Law.

Data:

The Data which is available to Data Providers and is related to the Emirate.

Dubai Data:

A document which includes a set of rules, standards, forms, and procedures regulating the dissemination, exchange, and protection of Dubai Data, and which must be used as a reference by Data Providers.

Dubai Data Manual:

The Dubai Data which may be disseminated without restrictions or with the relevant minimum restrictions prescribed by the Competent Entity.

Open Data:

The Dubai Data which are exchanged among Data Providers in accordance with the relevant conditions and rules determined by the Competent Entity.

Shared Data:

An electronic system composed of hardware; software; networks; storage systems; and a connectivity and communication site, via which Dubai Data are disseminated and exchanged.

Electronic Platform:

An electronic or paper-based system which is used by Data Providers to collect, store, manage, process, distribute, disseminate, and exchange Dubai Data, and which is linked to the Electronic Platform.

Information Systems:

The electronic or paper-based registers, which are determined, organised, and classified by the Competent Entity to ensure that each register includes a specific and consistent type of Dubai Data.

Primary Registers:

 

 

Scope of Application

Article (3)

The provisions of this Law will apply to:

1.       Federal Government Entities which have any Data relating to the Emirate;

2.       Local Government Entities; and

3.       Persons who produce, own, disseminate, or exchange any Data relating to the Emirate, and who are determined by the Competent Entity whether they are individuals, establishments, or companies in the Emirate, including Special Development Zones and free zones, such as the Dubai International Financial Centre.

Objectives of the Law

Article (4)

This Law aims to:

1.       enable the fulfilment of the Emirate’s vision of turning Dubai into a Smart City;

2.       manage Dubai Data in accordance with a clear and specific methodology that is consistent with international best practices;

3.       achieve integration and synergy of the services provided by Federal Government Entities and Local Government Entities;

4.       optimise the use of the Data available to Data Providers;

5.       enhance transparency and establish the rules of governance of Data dissemination and exchange;

6.       increase the efficiency of the services provided to customers by Federal Government Entities and Local Government Entities through improved quality, speedy delivery, streamlined procedures, and reduced operating costs;

7.       increase the competitiveness of Data Providers, and enhance the competitiveness of the United Arab Emirates at the international level;

8.       support the decision-making process at Federal Government Entities and Local Government Entities, and enable them to develop their policies and implement their strategic plans and initiatives efficiently and effectively;

9.       promote a culture of creativity and contribute to supporting innovative initiatives that may achieve welfare and boost community success factors;

10.   strike a balance between Data dissemination and exchange and Data confidentiality and privacy; and

11.   provide Data to non-government entities with a view to supporting the development and economic plans of the Emirate.

Determining the Competent Entity

Article (5)

The Competent Entity will be determined by a relevant legislation issued by the Ruler. Such legislation will also define the nature and extent of the relationship between the Competent Entity and the DESC and other entities, and will provide for all the matters related to its administrative and financial organisation to enable it to implement the provisions of this Law and achieve its objectives.

Functions of the Competent Entity

Article (6)

The Competent Entity will have the duties and powers to:

1.       supervise the implementation of this Law and the legislation issued in pursuance hereof;

2.       in coordination with the DESC, prepare, update, and supervise the implementation of the Government strategy relating to Dubai Data and the relevant plans and programmes;

3.       propose, in coordination with the DESC, the legislation and policies related to Data dissemination and exchange in line with the policies and strategic plans of the Emirate, and submit the same to the competent authorities for approval;

4.       keep abreast of the international academic and regulatory best practices, methodologies, and means of Data dissemination and exchange to benefit from them in achieving the objectives of this Law;

5.       approve the Data classification prepared by Data Providers in light of the adopted policies and the relevant legislation in force;

6.       determine Data Providers from among Federal Government Entities and Persons;

7.       coordinate with Data Providers to ensure the achievement of the objectives of this Law;

8.       determine the rules of operating the Electronic Platform, and follow up its operation in accordance with these rules;

9.       determine Primary Registers, and ensure they are maintained, updated, organised, and classified in a manner that facilitates Data dissemination and exchange in accordance with the relevant rules adopted by the Competent Entity;

10.   follow up compliance by Data Providers with the policies adopted for Data dissemination and exchange at the operational and technical levels;

11.   standardise Data dissemination and exchange policies and plans in the Emirate, and support the objectives of the Emirate to turn Dubai into a Smart City;

12.   perform the procedures required to ensure that Data Providers make Dubai Data available in a clear and accurate manner, and that such data is not duplicated or conflicting;

13.   approve Data dissemination and exchange policies, mechanisms, rules, standards, forms, and manuals in accordance with the legislation in force, in particular:

a.       the policy for the protection of confidential Data in the possession of Data Providers, such as Data related to individuals, establishments, and companies;

b.       the policy for the intellectual property rights associated with Data;

c.       the policy for Dubai Data classification, dissemination, and exchange;

d.       the policy for Dubai Data use and reuse;

e.       the technical standards policy for Dubai Data dissemination and exchange via the Electronic Platform, which must include:

1.       rules and means of technical protection for Information Systems and computer networks, and of providing information security for Dubai Data; and

2.       a technical manual which includes standard definitions of the technical and regulatory terms related to Data dissemination and exchange, the authorisation to access the Electronic Platform, the objectives of use, means of protection, and standards of exchange of the Data available on the Electronic Platform;

14.   conclude agreements and memoranda of understanding with any entity within or outside of the Emirate having Data related to the Emirate;

15.   hold training courses and specialised workshops on Data dissemination and exchange;

16.   review the reports submitted to it by Data Providers on Data dissemination and exchange, and issue, in coordination with the DESC, the appropriate resolutions on the same;

17.   investigate the complaints and violations related to Data Providers compliance with the provisions of this Law and the resolutions issued in pursuance hereof, and take the necessary relevant procedures and measures;

18.   find appropriate solutions to overcome any obstacles, difficulties, challenges, or problems facing Data dissemination and exchange; and

19.   perform any other duties required for the achievement of the objectives of this Law.

Dubai Data Classification

Article (7)

a.       Dubai Data will be classified into:

1.       Open Data; and

2.       Shared Data.

b.       Data will be classified in accordance with the Dubai Data Manual adopted by the Competent Entity in coordination with the DESC.

Dubai Data Dissemination and Exchange Methods

Article (8)

Dubai Data dissemination and exchange will be done via the Electronic Platform, bulletins, reports, and any other method determined by the Competent Entity in line with the policies adopted in this respect.

Data Provision

Article (9)

Data Providers must make available the Dubai Data they have or which is created or developed by them, in accordance with the relevant policies adopted by the Competent Entity, and in particular they must:

1.       disseminate their Open Data in accordance with the standards and rules adopted by the Competent Entity;

2.       exchange their Shared Data, in accordance with the rules and conditions adopted by the Competent Entity;

3.       not violate the rules of Data confidentiality or intellectual property rights associated with Data;

4.       ensure that the Data they produce or process is machine readable and that it takes various stylistic forms; and

5.       comply with the Data dissemination and exchange regulations and technical protocols adopted by the Competent Entity.

Infrastructure Provision

Article (10)

Data Providers must provide the infrastructure determined by the Competent Entity for Dubai Data dissemination and exchange. This includes, without limitation:

1.       provision, operation, and maintenance of the appropriate Information Systems, hardware, software, and methods of connectivity and communication;

2.       provision of programmes for the protection of the Data they produce, disseminate, or exchange;

3.       provision of Data security programmes; and

4.       establishing an electronic link to the Electronic Platform, and to the databases and programmes determined by the Competent Entity.

Obligations of Local Government Entities

Article (11)

For purposes of this Law, Local Government Entities must:

1.       classify their Data in accordance with the Dubai Data Manual;

2.       develop a plan for the dissemination and exchange of their Data, in accordance with specific time-bound phases, and submit the same to the Competent Entity for approval;

3.       modify their infrastructure including, hardware, Information Systems, software, and other equipment, so they can electronically disseminate and exchange their Data;

4.       perform all the procedures required for the dissemination of Open Data and exchange of Shared Data, in accordance with the relevant policies adopted by the Competent Entity;

5.       define the obstacles that hamper the dissemination and exchange of their Data in accordance with the provisions of this Law, submit details of the same to the Competent Entity for consideration, and propose appropriate solutions in this respect;

6.       ensure the quality of their Data and periodically update it;

7.       deal with the Data acquired from other Data Providers in accordance with the relevant policies adopted by the Competent Entity;

8.       provide the Competent Entity with the information or reports on Data dissemination and exchange it requires; and

9.       comply with the policies, procedures, manuals, rules, and conditions adopted by the Competent Entity.

Obligations of Data Providers other than

Federal Government Entities and Local Government Entities

Article (12)

Data Providers other than Federal Government Entities and Local Government Entities must abide by all the Data dissemination and exchange policies, mechanisms, manuals, conditions, and requirements prescribed by the Competent Entity in addition to the obligations stipulated by this Law and the resolutions issued in pursuance hereof.

Customer Data Protection

Article (13)

a.       The provisions of this Law are without prejudice to the rules, scope, and cases of legal protection under the Data legislation in force, regardless of the type, nature, or form of Data.

b.       Data Providers must, in the course of Data dissemination and exchange, take all the procedures required for the protection of the confidentiality and privacy of legally protected customer Data.

Primary Registers

Article (14)

a.       Primary Registers and the entities in charge thereof will be determined by a resolution of the Competent Entity.

b.       Primary Registers must be used as the sole trusted source on providing services to others.

Ownership of Dubai Data

Article (15)

Dubai Data is deemed as an asset owned by the Government, and may only be disposed of by Data Providers or users in accordance with the provisions of this Law, the resolutions issued in pursuance hereof, and the legislation in force. Dubai Data may be used only for its intended purposes.

Penalties

Article (16)

Without prejudice to any stricter penalty prescribed by any other legislation, any person who violates the provisions of this Law and the resolutions issued in pursuance hereof will be punished by the penalties and measures prescribed by a resolution of the Chairman of the Executive Council.

Law Enforcement

Article (17)

Employees of the Competent Entity determined by the officer in charge of it will have the capacity of law enforcement officers to record the acts committed in breach of the provisions of this Law and the resolutions issued in pursuance hereof. In this capacity, they may issue the necessary violation reports, and where necessary, seek the assistance of police personnel.

Transitional Provisions

Article (18)

The Open Data Committee of the Emirate of Dubai formed pursuant to the above-mentioned Resolution No. (2) of 2014 will perform the duties and powers of the Competent Entity under this Law and the resolutions issued in pursuance hereof, until the Competent Entity is determined and assumes its duties.

Repeals

Article (19)

Any provision in any other legislation will be repealed to the extent that it contradicts the provisions of this Law.

Issuing Implementing Resolutions

Article (20)

The Chairman of the Executive Council will issue the resolutions required for the implementation of this Law.

Publication and Commencement

Article (21)

This Law will be published in the Official Gazette and will come into force on the day on which it is published.

 

Mohammed bin Rashid Al Maktoum

Ruler of Dubai

Issued in Dubai on 16 October 2015

Corresponding to 3 Muharram 1437 A.H.


©2016 The Supreme Legislation Committee in the Emirate of Dubai

[1] Every effort has been made to produce an accurate and complete English version of this legislation. However, for the purpose of its interpretation and application, reference must be made to the original Arabic text. In case of conflict the Arabic text will prevail.