Saudi Arabia and UAE Banner Updates

Recent legislation requires a change to how cookie consent should be managed for users in the United Arab Emirates and Saudi Arabia. To comply with these new regulations, Osano Consent Management Platform (CMP) has updated the banners that are served to users in these regions. To enable the new banners on your site be sure to republish your configuration.  

Saudi Arabia has recently adopted the Personal Data Protection Law (PDPL), which will regulate data transfers and the collection, processing and sharing of personal data of residents and citizens of Saudi Arabia. The PDPL will go into effect on March 23, 2022, although additional regulations are expected. The new law provides rights to data subjects such as the right of access, correction and deletion, as well as the right to claim damages for material and non material harms. The PDPL requires consent for the collection of personal data, imposes data minimization principles and restrictions on retention as well as sharing of personal data. The maximum penalties of a provision of the regulations or rules are up to two years in prison or up to five million rials of fines. (Fines may be doubled if repeated offenses have occurred to up to ten million rials.) The law is clear that it applies to companies outside of Saudi Arabia that collect or process the data of individuals who are citizens or residents within the Kingdom.

Similarly, on Nov.  28, 2021, the UAE also enacted a comprehensive Personal Data Protection Law (PDPL), the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection. The new law applies to the processing of personal data of residents whether or not that processing takes place within the UAE and includes a fairly strict requirement for consent prior to processing personal data. The new law also provides data subject rights such as the right of correction and the right to restrict or stop processing of personal information. In addition, requirements outline the cross-border transfer and sharing of personal data for processing purposes. The law establishes the UAE Data Office, which will be responsible for preparing policies, additional regulation and guidance. The law became effective on Jan. 2, 2022.

To help you comply with this new legislation, Osano’s default banner behavior has been updated to show different banners to users in these regions. Because UAE and Saudi Arabia’s new laws enforce similar user protections as the European Union’s GDPR, these regions will now use the same banner with the ability to accept all, reject all and customize privacy preferences.

Again, to enable the new banners on your site be sure to republish your configuration.  

Why does this matter?

Both Saudi Arabia and the UAE's new laws provide data subjects with more rights than they previously had, and the updated banners ensure you're allowing them to exercise those rights. The banners help you to:

• Comply with both new laws.
• Help data subjects feel empowered.