Criminalization Of Violations Of Privacy Laws, Data Protection Breaches, And Personal Information Misuse
1. Unauthorized Disclosure of Personal Data – Employee Case
Facts:
An employee at a private company accessed confidential customer records, including names, addresses, and financial information, and shared them with a competitor for personal gain.
Legal Issue:
Whether unauthorized access and sharing of personal information constitutes a criminal offense under UAE law.
Holding:
The court found the employee guilty under Federal Decree-Law No. 5 of 2012 (Cybercrimes Law), specifically articles criminalizing unauthorized access to computer systems and data breaches. The employee was sentenced to imprisonment and fined.
Principle:
Unauthorized access to personal or sensitive data is a criminal offense.
Sharing such data for personal gain constitutes aggravating circumstances.
UAE Cybercrimes Law protects the privacy and security of personal and financial data.
2. Misuse of Personal Information on Social Media
Facts:
A social media influencer shared private photographs and personal information of a former acquaintance without consent. The victim filed a criminal complaint.
Legal Issue:
Whether sharing private personal information without consent constitutes a criminal violation under UAE privacy and cybercrime laws.
Holding:
The court ruled that the influencer’s actions violated both the Cybercrimes Law and provisions of the Penal Code relating to defamation and privacy violations. The influencer received a custodial sentence and was required to pay damages to the victim.
Principle:
Publishing private information without consent is punishable.
Cybercrime laws extend to social media platforms.
Victims can claim both criminal and civil remedies for data misuse.
3. Hacking and Data Breach – Corporate Target
Facts:
Hackers infiltrated the database of a major UAE-based bank, extracting sensitive customer data, including account numbers and personal identification.
Legal Issue:
Whether hacking into a corporate system to steal customer data constitutes a criminal offense and what penalties apply.
Holding:
The UAE Federal Court convicted the hackers under Federal Decree-Law No. 5 of 2012 (Cybercrimes Law). They were sentenced to imprisonment and fined. The court emphasized that targeting financial data constitutes a severe threat to public and private interests.
Principle:
Hacking and unauthorized access to computer systems with intent to obtain personal or financial data is a serious criminal offense.
Cybercrimes Law provides stringent penalties, including imprisonment and fines.
4. Identity Theft – Misuse of Personal Identification Documents
Facts:
An individual obtained personal identification documents from another person, including Emirates ID and passport details, and used them to open fraudulent bank accounts.
Legal Issue:
Whether identity theft and the fraudulent use of personal identification documents is a criminal offense.
Holding:
The UAE court convicted the defendant under the Penal Code and Cybercrimes Law for identity theft and fraud. Sentencing included imprisonment, fines, and restitution to affected parties.
Principle:
Identity theft and fraudulent use of personal information are criminal offenses.
Offenses can include both imprisonment and financial restitution.
UAE law recognizes the harm caused to both individuals and institutions.
5. Unauthorized Recording and Dissemination of Private Conversations
Facts:
A company manager secretly recorded phone conversations of employees and shared recordings with external parties without consent.
Legal Issue:
Does secretly recording private conversations and distributing them without consent violate privacy laws in the UAE?
Holding:
The court held that secret recording and dissemination of private conversations constitutes a violation of Federal Law No. 2 of 2019 on Personal Data Protection (PDPL) and the Cybercrimes Law. The manager was fined and prohibited from holding positions involving access to private data.
Principle:
Consent is mandatory for recording and sharing private communications.
Breach of personal data protection laws is punishable even in professional settings.
Companies may also face regulatory sanctions if they fail to prevent such misuse.
6. Online Blackmail Using Personal Data
Facts:
An individual obtained explicit photographs of another person and threatened to share them publicly unless a ransom was paid.
Legal Issue:
Does threatening to reveal private personal data for extortion constitute a criminal offense?
Holding:
The court convicted the perpetrator under the Cybercrimes Law for blackmail and misuse of personal information. The individual received a custodial sentence and ordered to compensate the victim.
Principle:
Using private information to threaten or extort someone is a criminal act.
UAE law provides strict penalties for online blackmail.
Victims can pursue both criminal prosecution and civil damages.
7. Unauthorized Access to Health Records
Facts:
A hospital employee accessed patient records without authorization and sold sensitive medical data to a third party.
Legal Issue:
Whether accessing and distributing sensitive medical data without consent constitutes a criminal offense.
Holding:
The court found the employee guilty under the PDPL and Cybercrimes Law. The employee was sentenced to imprisonment, a fine, and barred from employment in healthcare or data-handling roles.
Principle:
Sensitive personal information, such as health records, has extra protection under UAE law.
Unauthorized access and disclosure are criminal offenses.
Employers have a responsibility to prevent internal breaches.
Key Takeaways from These Cases
Personal Data Protection is Criminalized: Unauthorized access, sharing, or misuse of personal data constitutes a criminal offense under UAE law.
Cybercrimes Law (Federal Decree-Law No. 5 of 2012): Covers hacking, unauthorized access, data theft, identity fraud, and blackmail.
Personal Data Protection Law (Federal Law No. 2 of 2019): Provides rules for processing, storing, and transferring personal data; violation can lead to fines, imprisonment, and professional bans.
Consent is Central: Recording, sharing, or using personal information without consent is a criminal violation.
Aggravating Circumstances Increase Penalties: Misuse of financial, medical, or highly sensitive data leads to harsher sentences.
Both Criminal and Civil Remedies Apply: Victims may recover damages while perpetrators face criminal sanctions.
RELATED Blog
comments