Law No. (26) of 2015
Regulating
Data Dissemination and Exchange in the Emirate of
Dubai[1]
ـــــــــــــــــــــــــــ
We, Mohammed bin Rashid Al Maktoum, Ruler of Dubai,
After perusal of:
Federal Law No. (3) of 1987 Issuing the
Penal Code and its amendments;
Law No. (3) of 2003 Establishing the
Executive Council of the Emirate of Dubai;
Law No. (9) of 2004 Concerning the Dubai
International Financial Centre and its amendments;
Law No. (11) of 2014 Establishing the
Dubai Electronic Security Centre;
Decree No. (22) of 2009 Concerning Special
Development Zones in the Emirate of Dubai;
Resolution No. (1) of 2014 Forming the
Executive Committee of the Dubai Smart City;
Resolution No. (2) of 2014 Forming the
Open Data Committee of the Emirate of Dubai; and
The legislation establishing and regulating
free zones in the Emirate of Dubai,
Do hereby issue this Law.
This Law will be cited as "Law No. (26) of 2015 Regulating Data Dissemination
and Exchange in the Emirate of Dubai".
The following
words and expressions, wherever mentioned in this Law, will have the meaning
indicated opposite each of them unless the context implies otherwise:
The Emirate of
Dubai. |
Emirate: |
His Highness the
Ruler of Dubai. |
Ruler: |
The Government
of Dubai. |
Government: |
The Dubai
Electronic Security Centre. |
DESC: |
The entity
responsible for supervising the implementation of this Law. |
Competent Entity: |
Any of the
ministries, authorities, public corporations and similar entities affiliated
to the Federal Government. |
Federal Government Entity: |
Any of the
departments, authorities, public corporations, councils, centres, and other
entities affiliated to the Government, including the authorities supervising Special
Development Zones and free zones. |
Local Government Entity: |
A natural
person, or a private legal person including, without limitation, individuals;
sole proprietorships; public-benefit establishments; companies; societies;
and similar entities. |
Person: |
Federal
Government Entities, Local Government Entities, and Persons determined by the
Competent Entity. |
Data Providers: |
A collection of
organised or unorganised information, facts, concepts, instructions,
observations, or measurements, in the form of numbers, alphabets, symbols,
images, or any other form, that are collected, produced, or processed by Data
Providers. This also includes “information” wherever mentioned in this Law. |
Data: |
The Data which
is available to Data Providers
and is related to the Emirate. |
Dubai Data: |
A document which
includes a set of rules, standards, forms, and procedures regulating the dissemination,
exchange, and protection of Dubai Data, and which must be used as a reference
by Data Providers. |
Dubai Data Manual: |
The Dubai Data
which may be disseminated without restrictions or with the relevant minimum
restrictions prescribed by the Competent Entity. |
Open Data: |
The Dubai Data
which are exchanged among Data Providers in accordance with the relevant
conditions and rules determined by the Competent Entity. |
Shared Data: |
An electronic
system composed of hardware; software; networks; storage systems; and a
connectivity and communication site, via which Dubai Data are disseminated
and exchanged. |
Electronic
Platform: |
An electronic or
paper-based system which is used by Data Providers to collect, store, manage,
process, distribute, disseminate, and exchange Dubai Data, and which is
linked to the Electronic Platform. |
Information
Systems: |
The electronic or
paper-based registers, which are determined, organised, and classified by the
Competent Entity to ensure that each register includes a specific and
consistent type of Dubai Data. |
Primary Registers: |
|
|
Scope of Application
Article (3)
The provisions of this
Law will apply to:
1.
Federal Government Entities which have any Data
relating to the Emirate;
2.
Local Government Entities; and
3. Persons who produce,
own, disseminate, or exchange any Data relating to the Emirate, and who are determined
by the Competent Entity whether they are individuals, establishments, or companies
in the Emirate, including Special Development Zones and free zones, such as the
Dubai International Financial Centre.
Objectives of the Law
Article (4)
This Law aims to:
1. enable the fulfilment
of the Emirate’s vision of turning Dubai into a Smart City;
2. manage Dubai Data in accordance
with a clear and specific methodology that is consistent with international
best practices;
3. achieve integration
and synergy of the services provided by Federal Government Entities and Local Government
Entities;
4. optimise the use of
the Data available to Data Providers;
5. enhance transparency
and establish the rules of governance of Data dissemination and exchange;
6. increase the
efficiency of the services provided to customers by Federal Government Entities
and Local Government Entities through improved quality, speedy delivery,
streamlined procedures, and reduced operating costs;
7. increase the
competitiveness of Data Providers, and enhance the competitiveness of the
United Arab Emirates at the international level;
8. support the
decision-making process at Federal Government Entities and Local Government
Entities, and enable them to develop their policies and implement their
strategic plans and initiatives efficiently and effectively;
9. promote a culture
of creativity and contribute to supporting innovative initiatives that may
achieve welfare and boost community success factors;
10. strike a balance
between Data dissemination and exchange and Data confidentiality and privacy;
and
11. provide Data to
non-government entities with a view to supporting the development and economic
plans of the Emirate.
Determining the Competent Entity
Article (5)
The Competent
Entity will be determined by a relevant legislation issued by the Ruler. Such
legislation will also define the nature and extent of the relationship between
the Competent Entity and the DESC and other entities, and will provide for all
the matters related to its administrative and financial organisation to enable
it to implement the provisions of this Law and achieve its objectives.
Functions of the Competent Entity
Article (6)
The Competent
Entity will have the duties and powers to:
1.
supervise the implementation of this Law and the
legislation issued in pursuance hereof;
2.
in coordination with the DESC, prepare, update, and
supervise the implementation of the Government strategy relating to Dubai Data
and the relevant plans and programmes;
3.
propose, in coordination with the DESC, the
legislation and policies related to Data dissemination and exchange in line
with the policies and strategic plans of the Emirate, and submit the same to
the competent authorities for approval;
4.
keep abreast of the international academic and
regulatory best practices, methodologies, and means of Data dissemination and
exchange to benefit from them in achieving the objectives of this Law;
5.
approve the Data classification prepared by Data
Providers in light of the adopted policies and the relevant legislation in
force;
6.
determine Data Providers from among Federal Government
Entities and Persons;
7.
coordinate with Data Providers to ensure the
achievement of the objectives of this Law;
8.
determine the rules of operating the Electronic
Platform, and follow up its operation in accordance with these rules;
9.
determine Primary Registers, and ensure they are maintained,
updated, organised, and classified in a manner that facilitates Data
dissemination and exchange in accordance with the relevant rules adopted by the
Competent Entity;
10.
follow up compliance by Data Providers with the
policies adopted for Data dissemination and exchange at the operational and
technical levels;
11.
standardise Data dissemination and exchange policies
and plans in the Emirate, and support the objectives of the Emirate to turn
Dubai into a Smart City;
12.
perform the procedures required to ensure that Data
Providers make Dubai Data available in a clear and accurate manner, and that such
data is not duplicated or conflicting;
13. approve Data
dissemination and exchange policies, mechanisms, rules, standards, forms, and manuals in
accordance with the legislation in force, in particular:
a.
the policy
for the protection of confidential Data in the possession of Data Providers,
such as Data related to individuals, establishments, and companies;
b.
the policy
for the intellectual property rights associated with Data;
c.
the policy
for Dubai Data classification, dissemination, and exchange;
d.
the policy
for Dubai Data use and reuse;
e.
the
technical standards policy for Dubai Data dissemination and exchange via the
Electronic Platform, which must include:
1. rules and means of
technical protection for Information Systems and computer networks, and of
providing information security for Dubai Data; and
2. a technical manual
which includes standard definitions of the technical and regulatory terms
related to Data dissemination and exchange, the authorisation to access the
Electronic Platform, the objectives of use, means of protection, and standards
of exchange of the Data available on the Electronic Platform;
14.
conclude agreements and memoranda of understanding
with any entity within or outside of the Emirate having Data related to the
Emirate;
15.
hold training courses and specialised workshops on
Data dissemination and exchange;
16.
review the reports submitted to it by Data Providers
on Data dissemination and exchange, and issue, in coordination with the DESC,
the appropriate resolutions on the same;
17.
investigate the complaints and violations related to
Data Providers compliance with the provisions of this Law and the resolutions
issued in pursuance hereof, and take the necessary relevant procedures and
measures;
18.
find appropriate solutions to overcome any obstacles,
difficulties, challenges, or problems facing Data dissemination and exchange;
and
19.
perform any other duties required for the achievement
of the objectives of this Law.
Dubai Data Classification
Article (7)
a. Dubai Data will be
classified into:
1. Open Data; and
2. Shared Data.
b. Data will be classified
in accordance with the Dubai Data Manual adopted by the Competent Entity in
coordination with the DESC.
Dubai Data Dissemination and Exchange Methods
Article (8)
Dubai Data
dissemination and exchange will be done via the Electronic Platform, bulletins,
reports, and any other method determined by the Competent Entity in line with
the policies adopted in this respect.
Data Provision
Article (9)
Data Providers must
make available the Dubai Data they have or which is created or developed by
them, in accordance with the relevant policies adopted by the Competent Entity,
and in particular they must:
1.
disseminate their Open Data in accordance with the
standards and rules adopted by the Competent Entity;
2.
exchange their Shared Data, in accordance with the rules
and conditions adopted by the Competent Entity;
3.
not violate the rules of Data confidentiality or
intellectual property rights associated with Data;
4.
ensure that the Data they produce or process is machine
readable and that it takes various stylistic forms; and
5.
comply with the Data dissemination and exchange
regulations and technical protocols adopted by the Competent Entity.
Infrastructure Provision
Article (10)
Data Providers must
provide the infrastructure determined by the Competent Entity for Dubai Data
dissemination and exchange. This includes, without limitation:
1.
provision, operation, and maintenance of the
appropriate Information Systems, hardware, software, and methods of
connectivity and communication;
2.
provision of programmes for the protection of the Data
they produce, disseminate, or exchange;
3. provision of Data
security programmes; and
4. establishing an
electronic link to the Electronic Platform, and to the databases and programmes
determined by the Competent Entity.
Obligations of Local Government Entities
Article (11)
For purposes of this
Law, Local Government Entities must:
1. classify their Data in
accordance with the Dubai Data Manual;
2. develop a plan for
the dissemination and exchange of their Data, in accordance with specific time-bound
phases, and submit the same to the Competent Entity for approval;
3. modify their
infrastructure including, hardware, Information Systems, software, and other
equipment, so they can electronically disseminate and exchange their Data;
4. perform all the procedures required
for the dissemination of Open Data and exchange of Shared Data, in accordance
with the relevant policies adopted by the Competent Entity;
5. define the
obstacles that hamper the dissemination and exchange of their Data in
accordance with the provisions of this Law, submit details of the same to the
Competent Entity for consideration, and propose appropriate solutions in this
respect;
6. ensure the quality
of their Data and periodically update it;
7. deal with the Data
acquired from other Data Providers in accordance with the relevant policies
adopted by the Competent Entity;
8. provide the
Competent Entity with the information or reports on Data dissemination and
exchange it requires; and
9. comply with the
policies, procedures, manuals, rules, and conditions adopted by the Competent
Entity.
Obligations of Data Providers other than
Federal Government Entities and Local Government Entities
Article (12)
Data Providers other
than Federal Government Entities and Local Government Entities must abide by
all the Data dissemination and exchange policies, mechanisms, manuals,
conditions, and requirements prescribed by the Competent Entity in addition to
the obligations stipulated by this Law and the resolutions issued in pursuance
hereof.
Customer Data Protection
Article (13)
a.
The provisions of this Law are without prejudice to
the rules, scope, and cases of legal protection under the Data legislation in
force, regardless of the type, nature, or form of Data.
b.
Data Providers must, in the course of Data
dissemination and exchange, take all the procedures required for the protection
of the confidentiality and privacy of legally protected customer Data.
Primary Registers
Article (14)
a.
Primary Registers and the entities in charge thereof
will be determined by a resolution of the Competent Entity.
b.
Primary Registers must be used as the sole trusted
source on providing services to others.
Ownership of Dubai Data
Article (15)
Dubai Data is deemed
as an asset owned by the Government, and may only be disposed of by Data
Providers or users in accordance with the provisions of this Law, the
resolutions issued in pursuance hereof, and the legislation in force. Dubai
Data may be used only for its intended purposes.
Penalties
Article (16)
Without prejudice to
any stricter penalty prescribed by any other legislation, any person who violates
the provisions of this Law and the resolutions issued in pursuance hereof will
be punished by the penalties and measures prescribed by a resolution of the
Chairman of the Executive Council.
Law Enforcement
Article (17)
Employees of the
Competent Entity determined by the officer in charge of it will have the
capacity of law enforcement officers to record the acts committed in breach of
the provisions of this Law and the resolutions issued in pursuance hereof. In
this capacity, they may issue the necessary violation reports, and where
necessary, seek the assistance of police personnel.
Transitional Provisions
Article (18)
The Open Data
Committee of the Emirate of Dubai formed pursuant to the above-mentioned
Resolution No. (2) of 2014 will perform the duties and powers of the Competent
Entity under this Law and the resolutions issued in pursuance hereof, until the
Competent Entity is determined and assumes its duties.
Repeals
Article (19)
Any provision in any
other legislation will be repealed to the extent that it contradicts the
provisions of this Law.
Issuing Implementing Resolutions
Article (20)
The Chairman of
the Executive Council will issue the resolutions required for the
implementation of this Law.
Publication and Commencement
Article (21)
This Law will be
published in the Official Gazette and will come into force on the day on which
it is published.
Mohammed
bin Rashid Al Maktoum
Ruler of
Dubai
Issued in Dubai on 16 October 2015
Corresponding to 3 Muharram 1437 A.H.
©2016 The Supreme Legislation Committee in the
Emirate of Dubai
[1] Every effort has been made to produce an accurate and complete English
version of this legislation. However, for the purpose of its interpretation and
application, reference must be made to the original Arabic text. In case of
conflict the Arabic text will prevail.