The Dubai International Financial Centre (DIFC), a prominent global financial hub in the Middle East, Africa and South Asia (MEASA) region, has introduced amendments to its Data Protection Regulations.
Notably, Regulation 10 is groundbreaking as it marks the first set of regulations in MEASA concerning the handling of personal data through autonomous and semi-autonomous systems like artificial intelligence (AI) and generative machine learning technology.
Regulation 10 stands out because it enables DIFC to serve as a platform for harmonizing various guidelines and principles issued by both governmental and non-governmental entities. This creates a flexible framework for applying the most suitable principles to the development of AI technology, ensuring responsible and ethical processing of personal data in such systems.
Commenting on Regulation 10, Jacques Visser, DIFC Commissioner of Data Protection, said: “DIFC’s outcomes-based approach vis-à-vis application of the DP Law 2020 obligations to the development and use cases for systems provides a more collaborative, transparent way of creating and maintaining an innovative yet safe autonomous system.”
In addition to Regulation 10, there are other amendments to the data protection regulations aimed at improving the ethical handling of personal data. The updated regulations offer clarity on several aspects:
- Regulation 8 addresses personal data breach assessment and reporting obligations.
- Regulation 9 focuses on the use and collection of personal data for marketing and communications.
- Regulation 6.2 defines the investigative and enforcement powers of the commissioner when unfair or deceptive practices are employed by controllers or processors.
Furthermore, the commissioner's office is exploring the possibility of testing these regulations through participation in a regulatory sandbox. This sandbox would involve technology developers, users, regulators and non-governmental or quasi-governmental organizations, all of whom share an interest in ensuring the safety and practicality of digital systems in the modern age.
Read Further: Data Privacy: A Matter of Ethics and Security
