News and developments
Data Infringement Alert: Cybercrimes and Penalties in the UAE
Introduction:
The UAE has recently strengthened its stance against cybercrimes with the introduction of Federal Decree-Law No. 34/2021, focusing on combating rumours and cyber offences.
This legislation outlines a comprehensive framework to address various cybercrimes and imposes significant penalties on offenders related to hacking, compromising information systems, breaching personal data, and manipulating electronic documents. Let's delve into some of the key articles and their associated penalties.
Hacking Offenses:
Articles 2 and 3 explain that hacking into websites, electronic information systems, or networks constitutes a serious offence under cyber law. Individuals found guilty of hacking may face detention and fines ranging from AED 100,000 to AED 300,000. Moreover, if the hacking results in damage or disclosure of data, the penalties may increase, with offenders facing imprisonment for up to 5 years and fines ranging from AED 250,000 to AED 1,500,000 for targeting the country’s institutions.
Compromising Information Systems:
According to Articles 4 and 5, if someone intentionally damages or disrupts information systems, they may face detention and fines ranging from AED 500,000 to AED 3,000,000.
Furthermore, compromising the systems of state institutions or critical facilities carries even more penalties, including provisional imprisonment and fines of up to AED 3,000,000, particularly if the offence is committed through a cyber-attack.
Breach of Data and Personal Information:
Unauthorized access, modification, or disclosure of personal data may lead to detention and fines ranging from AED 20,000 to AED 100,000. Breach of confidential government data incurs severe penalties, with offenders facing provisional imprisonment for up to 10 years and fines of up to AED 5,000,000 for compromising state operations or security facilities, as outlined in Articles 6 and 7.
Breach of Data Belonging to Financial, Commercial, and Economic Establishments:
Article 8 addresses breaches of data belonging to financial, commercial, or economic establishments. It specifies that individuals who obtain, modify, disclose, or otherwise interfere with the confidential data of such establishments without authorization through information technology methods may face provisional imprisonment for a minimum of 5 years and/or fines ranging from AED 500,000 to AED 3,000,000.
Unauthorized Obtaining of Third-Party Symbols:
Unauthorised acquisition of secret numbers, codes, or passwords of websites or electronic systems may result in detention and fines ranging from AED 50,000 to AED 100,000. Furthermore, enabling others to access such systems for criminal purposes increases the penalty to a minimum of six months' detention and fines from AED 300,000 to AED 500,000.
Other Cyber Offenses (Articles 8 to 19):
The law also addresses various other cyber offences, including forgery of electronic documents and manipulation of information networks. Article 11 penalises the fabrication of mail, websites, and electronic accounts with detention and fines ranging from AED 50,000 to AED 200,000 for misrepresentation or fraudulent online activities.
Articles 12 to 19 also include offences such as illegal interference and disclosure of information, personal data collection violations, forgery of electronic documents, breach of electronic payment methods, and various forms of electronic system misuse. Offenders may face detention, fines, or both, depending on the gravity of the offence committed.
Conclusion:
The comprehensive framework outlined in the law, targeting various cyber offences and imposing substantial penalties, safeguards digital infrastructure and protects individuals' rights and privacy is imperative for all individuals and entities operating within the UAE to adhere to these regulations to avoid legal consequences and contribute to a safer online ecosystem.