Kuwait
Summary
Law: There is no general data protection regulation.
Regulator: There is no general data protection authority.
Summary: Although there is currently no specific legislation aimed at the protection of personal data in Kuwait, there have been reports that the Government of Kuwait is generally considering the introduction of such a law. At present, there are relevant sectoral requirements, which, alongside provisions in the Constitution of Kuwait 1962 (the Constitution), may be considered as outlining an essential but patchwork basis for the protection of personal data.
In February 2024, the Communication and Information Technology Regulatory Authority (CITRA) released the Data Privacy Protection Regulation No. 26 of 2024 (the Regulation) (only available in Arabic here). The Regulation, repeals and replaces the previous Data Privacy Protection Regulation, No.42 of 2021, and provides guidelines for the collection and processing of personal data by telecommunications and information technology service providers. Moreover, in the financial sector, the Cyber Security Framework for the Kuwaiti Banking Sector establishes several data protection-related obligations. The Labour Law No. 6/2010 for the Private Sector similarly sets out requirements that overlap and impact data protection in relation to employment.