An Overview of the LexisNexis Breakfast Seminar-The Personal Data Protection Framework in Bahrain

Overview

Last week, the Zu’bi & Partners legal team attended a breakfast seminar hosted by LexisNexis Middle East on Personal Data Protection in Bahrain. The seminar featured a panel of experts from different backgrounds, each presenting their unique views on this important topic, which is more relevant now than ever in this age of data.

The discussion was led by moderator Jason Taylor (Deputy General Counsel of BAPCO) and took place between the following four experienced speakers who have extensive knowledge on data protection:

Dr Aseel Zimmo (Advisor to Chief Justice of Bahrain, Supreme Judicial Council),

Hussain Ali (Head of Compliance, Zurich Middle East),

Jason Pierre Scerri (General Counsel, TRA Bahrain), and

Jeyapriya Partiban (Partner, Head of Risk Consulting, KPMG).

Together, these panellists provided a comprehensive rundown of the most important provisions of the current data protection law in Bahrain, noting a key difference with regard to the Data Protection Guardian, organisations’ compliance with the law, and the challenges posed by AI in relation to the individual’s right to privacy. This article will highlight the key discussion points as they were presented by the panellists.

Key Takeaways

1. Data Protection Guardians (DPGs) Under the Personal Data Protection Law

The Data Protection Guardian, also referred to as the Data Protection Officer in other jurisdictions, is responsible for overseeing an organisation in order to ensure its compliance with data protection laws in the country. In Bahrain, the law provides that businesses may appoint an internal or external DPG, so it is voluntary for businesses to appoint an external DPG.

It is worth noting that the key difference between Bahrain and other GCC countries is that other jurisdictions have differentiated between categories of business entities, whereby businesses which fall under a specific category are obliged to appoint an external DPG. This imposes more strict regulations to ensure that businesses comply with the law and provides a higher standard for the protection of data. This approach may be taken by Bahrain in the future, as suggested in Resolution No. (46) of 2022, however no steps have been taken yet in this regard.

2. Organisations’ Duty to Protect Personal Data

Organisations have the duty to sufficiently protect the personal data of individuals. As such, organisations should follow the general principles of data protection, including:

1. Lawfulness
2. Fairness
3. Transparency

Organisations may follow such principles through data minimisation and limitation for purpose, accuracy of data, and ensuring security against data attacks by setting out protection measures like assessments for data transfer risk.

3. Data Protection and Data Retention

The Personal Data Protection Law imposes strict rules upon organisations to protect the privacy of individuals by limiting the data being processed to only be used for a specific purpose and disposing of it once the data is no longer needed. However, this may conflict with other laws, such as money laundering laws, which may restrict such disposal. Therefore, the panellists emphasised the importance for organisations to record why data is being retained and when it is deleted. Such measures ensure that the organisation is fully aware of the data at its disposal and is not keeping any unused data, thus promoting a higher standard of data protection within the organisation and in Bahrain.

4. AI Potential Challenges to Data Protection

One of the panellists commented that the world is now a village because of technology. Given the rise of new AI systems and AI tools, concerns have been raised regarding the technology’s susceptibility to unprecedented amounts of data processing and transfers. The technology’s data processing feature has the potential to interfere with individuals’ right to data protection and privacy. As a result, the panellists highlighted the importance for regulators to address such developments to ensure that such fundamental rights are never compromised.

Overall, it was a pleasure to be in the presence of these eminent experts discussing the impact of such new technology on the rights of individuals and the legal sector in Bahrain. We at Zu’bi & Partners look forward to being at the forefront and tackling these important legal developments as they arise.