Data Protection & Cybersecurity Related Laws In The GCC
While cybersecurity or even espionage-related laws have received much attention around the globe in the past years, it is quite recent that GCC states have paid much attention to this matter. This has been reflected by the fact that cybersecurity strategies in the region are barely a decade old, and cybersecurity bodies are still gradually being established. Nonetheless, cybersecurity bears major geopolitical implications for GCC states. It has been stated by cybersecurity experts that due to the geopolitical tensions’ dominant in certain relations, GCC states will be the target of state-sponsored cyberattacks more than other types of attacks. In addition, many of those attacks will be directed to state-dependent supplies such as oil and gas, electro-grids, and due to geopolitical position.
The current laws and policies in place are not sufficient to tackle and criminalize the general conduct of cyber crime due to the absence of comprehensive laws and the massive influence that culture, internal social considerations, and political considerations have on the drafting of regulations. Due to the lack of such comprehensive laws in the GCC, judges will be led to bestowing their individual discretion on related cases. Comprehensive frameworks, as well the inclusion of cooperation provisions in laws are vital in combating and criminalizing the conduct of cyber attacks and cyber espionage, and this will only be accomplished via a consensus between all states.
*This is not an extensive list of data protection and cybersecurity related laws as most GCC States do not have comprehensive data protection and cybersecurity laws.
*There are also sector specific provisions in laws that are not specified.