Egypt’s Law on the Protection of Personal Data

Egypt’s Law on the Protection of Personal Data

Egypt’s Law on the Protection of Personal Data, also known as the Data Protection Law for short, is an Egyptian data privacy law that was passed in July of 2020. The Data Protection Law reflects many of the principles and provisions laid down by the EU’s General Data Protection Regulation or GDPR, as it pertains to the protection of personal data and in turn, privacy. As a result, the Data Protection Law “aims to establish various standards and rules which safeguard the rights of individuals in Egypt regarding their personal data”. Accordingly, the Data Protection Law outlines the legal framework through which personal data must be processed within Egypt.

What is the scope and application of Egypt’s Data Protection Law?

As it pertains to the personal scope of the law, the Data Protection Law is applicable to “any natural persons regarding the processing, controlling, or handling of personal data”. In terms of the material scope of the law, the Data Protection Law is also applicable to “any personal data that is subject to any electronic processing whether partially or entirely”. Alternatively, the territorial scope of the law applies to any person who processes personal data, permitting they:

What are the obligations of data controllers and processors under the Data Protection Law?

In regards to the obligations of data controllers and processors as it pertains to the protection of personal data, Egypt’s Data Protection Law sets four data protection principles. These data protection principles include:

Furthermore, the Data Protection Law also places other common responsibilities on data controllers and processors, in accordance with the EU’s GDPR Law. These responsibilities include undertaking data protection impact assessments or DPIA’s, and ensuring that the collection, storage, transfer, and processing of the personal data of children is not conducted without first obtaining parental consent. Data controllers and processors are also required to appoint a data protection officer or DPO, as well as maintain detailed data processing records.

What are the rights of data subjects under Egypt’s Data Protection Law?

Egyptian citizens are guaranteed the following rights as it pertains to the protection of their personal and in turn their privacy:

In terms of punishment in relation to the violation of the law, data controllers and processors who are found to be non-compliant are subject to a variety of monetary fines and criminal penalties. For example, “any data holder, the data controller, or data processor who collects, processes, discloses, makes available, or circulates personal data by any means other than in the cases authorized by law or without the consent of the data subject, noting that this penalty shall incur imprisonment for a period not less than six months and a fine not less than EGP 200,000 ($12,324) and not more than EGP 2 million ($123,222) provided that the act was committed in exchange for a financial or moral benefit or with the intent of endangering the data subject”

As it pertains to data protection officers or DPOs, “a fine of not less than EGP 200,000 ($12,322) and not more than EGP 2 million ($123,216) shall be imposed on any legal representative of a juristic person who did not appoint within the legal representative thereof a dedicated DPO”. What’s more, in terms of extraterritorial application of the law, a penalty of imprisonment of not less than three months and/or a fine of not less than EGP 500,000 ($30,801) and not more than EGP 5 million ($308,127) shall be imposed on any person who transfers personal data to any country that does not have any data protection laws or to a country with a data protection law that has a protection level that is less than the protection level of the Data Protection Law”.

With the passing of the Data Protection Law in 2020, Egyptian citizens can guarantee that their personal data privacy rights are protected at all times. Moreover, the penalties for non-compliance under the law are far steeper than many other privacy policies around the world, in terms of both scope and jurisdiction. As a result, the Egyptian government has succeeded in providing citizens of their country with a similar level of protection as is offered to citizens of EU member states under the General Data Protection Regulation or GDPR.

Related Reads