A New Legal Basis for Cybersecurity in the Middle East

A New Legal Basis for Cybersecurity in the Middle East

Saudi Arabia’s Anti-Cybercrime Law is a cybersecurity law that was passed in 2007. While Saudi Arabia has yet to pass a national comprehensive data protection law, the country does have a robust legal framework as it relates to cybersecurity. To this end, the Anti-Cybercrime Law was passed to help both combat and identify cybersecurity threats within Saudi Arabia, as well as impose penalties and punishments for individuals who are found to have violated the law. As such, the Anti-Cybercrime Law ensured that information security within Saudi Arabia was enhanced, the rights of Saudi Arabian citizens were protected as it pertains to the legitimate use of information and computer networks, the public interests, morals, and common values of the Saudi Arabian populace were protected, and the national economy of Saudi Arabia was protected.

How does the Anti-Cybercrime Law define information systems and networks?

Under the Anti-Cybercrime Law, an information system is defined as “a set of programs and devices designed for managing and processing data, including computers”. Alternatively, the law defines an information network as “an interconnection of more than one computer or information system to obtain and exchange data, e.g. Local Area Network (LAN), Wide Area Network (WAN), and World Wide Web (Internet)”. Moreover, the law defines cybercrime as “any action which involves the use of computers or computer networks, in violation of the provisions of the law”. Additionally, the law defines a person as “any natural or corporate person, whether public or private”.

Conversely, the law defines data to mean “information, commands, messages, voices, or images which are prepared or have been prepared for use in computers. This includes data that can be saved, processed, transmitted, or constructed by computers, such as numbers, letters, codes, etc.”. What’s more, the law defines a computer as “any electronic device whether movable or fixed, wired or wireless, which is equipped with a system to process, store, transmit, receive or browse data and perform specific functions according to programs and commands”, while unauthorized access is defined as the “the deliberate, unauthorized access by any person to computers, websites, information systems, or computers networks”.

What are the provisions of the Anti-Cybercrime Law?

Saudi Arabia’s Anti-Cybercrime Law established several regulations and provisions as it relates to cybersecurity in the country. Some of these regulations and provisions include:

What are the penalties for violating the Anti-Cybercrime Law?

As stated above, individuals who are found to be in violation of the Anti-Cybercrime Law are subject to a range of monetary penalties, as well as criminal liability. However, article 8 of the law also stipulates that the term of imprisonment or monetary fine imposed may not be less than half of the maximum should the violation of the law be coupled with one of the following circumstances:

Much like the Chinese Cybersecurity Law, Saudi Arabia’s Anti-Cybercrime Law was passed specifically for the purpose of tackling cybercrimes within Saudi Arabia. As China has also passed other legislation in recent years that pertain to data protection and privacy, including the Personal Information Security Specification, Saudi Arabia could seek to take a similar approach in the future. However, despite the fact that Saudi Arabia does not have a national data protection law, the Anti-Cybercrime Law does stand as a major deterrent to individuals who look to misuse the personal data of Saudi Arabian citizens for nefarious purposes or means, as the punishments that can be imposed as a result of failing to comply with the law can be extremely steep.

Related Reads