Make an Enquiry

Dubai has issued new data policies

Have you heard of the Dubai Data initiative? The DDE or Dubai Data Establishment is leading this program, which is under the Smart Dubai Office and is believed to be one of the most ambitious and broad data initiative ever done. This is really a huge step by DDE, done towards smart transformation. The Dubai Data Policies were kick-started in February this year to put guidelines around sharing or usage of “Dubai Data”. So let’s see how this is going to affect both the public and private enterprises in Dubai.

Dubai Data Policies

Smart Dubai’s Resolution No. 2 passed last year in accordance with the Dubai Data Law (of October 2017). It had approved some policies and was applicable to governmental agencies. It was concerning the rules and processes regulating various types of data classification, distribution, exchange and also its protection. It also gives DDE the powers to supervise the execution of these policies.

As a pre-requisite, the government agencies have to be ready with a list of all the data about the Emirate of Dubai, along with any Dubai Data that is produced by them or in their control. This is applicable to local government agencies in Dubai like the government authorities, departments, and councils. For example, the free zone regulatory authorities and agencies of UAE Federal Government that handle the data related to Dubai.

Data Classification Policy

All government agencies must make sure that the distribution or exchange of any data should be according to an agenda of priority marked in the Dubai Data Manual and in the DDE published Policies. Before putting the data on a dedicated Dubai Data platform, government agencies would be required to classify the data in the following manner:

  • Open Data: Any data that could be disclosed to any individuals or organisations for use or sharing
  • Shared Data: The data owned by government entities and which is available for sharing or reuse; but is subject to further classification such as:


  1. Confidential: The data that can be shared between government entities only. For example, any information, which if disclosed to public or any other unauthorised party, would lead to some damage.
  2. Sensitive: Any data that could be shared within some specified groups while exercising rigorous controls. For example, any information, which if disclosed to public or any other unauthorised party, could lead to major damage or harm to some public/personal interest, like a threat to life to someone, or freedom or safety.
  3. Secret: Any data that can be shared in a very limited manner, and only between some individuals and is subject to severe controls. For example, some information, which if disclosed would involve illegal action and would also cause intense damage to either nation’s security or public/personal interests.


Policy on Data Protection and IP or Intellectual Property Rights

The provisions of data protection clarify that any personal data or information, which is sensitive in a commercial sense for a private sector organisation, should not be circulated as an open data. Care should be taken that this information is completely removed from any Dubai Data, so that it cannot be released as open data anywhere. You have to take care of these provisions if you have a company setup in Dubai

Likewise, any Dubai Data where third parties would have IPR or intellectual property rights, is not permitted to be circulated or exchanged as open data. For this, first the IPR owner’s consent is required.

Government agencies also need to get the permission of any individuals or private sector companies for using or sharing any personal or other commercial data with any other government agencies. By obtaining the permission, the government agencies can pool data, whereby reducing the requirement for government departments to ask for the same information again and again from the citizens and companies. The Policies also need the government agencies to allow individuals or private sector agencies to change/update data they have and accordingly cancel the consents.

All the government entities should follow the principles related to transparency, proportionality and clarity while dealing with any personal or private sector data.

Policy on using and reusing any Dubai Data

Any open data which is accessed on the government platform has to comply with the licence terms, issued by DDE. As per the policies, open data could be sold only in exceptional cases, like in case of collection, availability or processing could lead to extra costs on that government agency or DDE. The price of this data is decided by DDE along with that government agency.

DDE could also sell any value-added services, which might supporting public interest and also Dubai’s goals of smart transformation.

The government agencies are also mandated to conclude any current arrangements for selling, providing or sharing data as soon as possible or allow the same to lapse. It also mandates not entering into any new contracts related to data, which are outside Dubai Data Law’s scope, without DDE’s permission.

Policy for Technical Standards

The Dubai Data Manual is expected to include various guidelines about governance frameworks, steps around data dissemination or exchange, and other technical standards while dealing with such data. This may also include any mandatory obligations and DDE’s recommendations.

These new data policies ease Dubai company formation in times to come.