The Need for Personal Data Protection Law
Have you ever noticed the “tick box” before submitting your request while completing an online application? Have you ever tried to read the privacy policies of your service providers? What if any of those data collectors used your data without your clear and affirmative consent? The answer may lie with data protection under Jordanian Law.
Personally, I have never granted any of my personal information except the exact data required to complete a specific and necessary reason. I have also never ticked any privacy boxes or read any privacy policies, as I assume that ignoring these boxes will keep me and my personal data safe. Sometimes this happens unintentionally. Some websites or applications mislead you by treating unticked boxes as giving them the right to use your information (“Negative Consent”). What happens in practice is that these service providers (“Data Controllers”) spread your information (“Data Subject”) to many third parties (“Data Processors”), without your affirmative consent, thereby enabling your data to be used for commercial or improper purposes.
Our personal data is the most valuable intangible asset in our life, because of its sensitivity and confidentiality, providing deep insights into our habits and personality. Because personal data are used every day, in every single transaction, the issue of protection is becoming increasingly vital. The need for a Personal Data Protection Law has emerged from the pressure to balance the need for businesses’ and customers’ data information to flow freely and securely versus the urgent need to protect the rights of individuals as a target for many exploitative entities.
Have you asked yourself: why do I receive random advertisements via emails, SMS or social media channels? How do they reach you? How do they guess your favorite products?
In fact, it is quite likely that you provided this information to someone for a specific reason or task. For instance, perhaps you gave details to the Companies Registrar while you were applying for company registration, or perhaps you used an online delivery which required you to provide personal details like name, age, e-mail address, mobile number or home address. Companies might also have requested special categories of personal data, such as your ethnicity, religious beliefs or even political opinions.
Unfortunately, we do not have a Data Protection Law in Jordan at this time.
Certainly, the absence of a data protection law is an invitation for data controllers to violate your personal rights and to spread your personal data across the world as a commodity. Therefore, Jordan absolutely requires a modern data protection law that is not only a nominal law, but is applicable, up-to-date, easy to understand and enforceable. This is essential to meet the growing desire for Jordanian people to control how their personal data is being used, as well as to foster greater transparency around its processing.
Adding to the above-mentioned reasons, most international regulations are intended to ensure that data controllers around the world provide adequate protection to their citizens. This means that Jordan must satisfy its international counterparts that it operates under the rule of law and respects human rights if it wishes to encourage greater commercial cooperation and participation alongside the most powerful countries in the world. For example, the “EU General Data Protection Regulation” allows transfer of data to third countries under certain circumstances, as long as the European Commission is satisfied that the country offers an adequate level of data protection. This applies to the whole country, a territory or specific sectors within the third country. The transfer of data might not be allowable, due to other laws, treaties, or determinations.
For all of these reasons, the tabled “Jordanian Personal Data Protection Bill” is intended to cover the main rights for the natural person about how data can be transferred, as indicated in the GDPR, including the rights of access, rectification, erasure, restrict processing, data portability, object and the rights related to the automated processing and profiling.
The need for such a bill in Jordan is clear. It must be drafted and carefully revised to enable us to answer the above questions and to meet international standards, providing a cohesive law that streamlines dozens of different data protection laws around the world, including the EU General Data Protection Regulation.
Ma’in S. Nsair