Data Privacy & Consumer Data Rights (PDPL)

Source: Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law — PDPL); Cabinet Decision No. 111 of 2022 (Implementing Regulations)

Written in plain language for general understanding. This is educational content, not legal advice. Based on UAE federal decrees, laws, and ministerial decisions.

UAE Federal Law

What is this right?

The UAE's Personal Data Protection Law (PDPL) gives consumers rights over how their personal data is collected and used:

  • Consent: Businesses must obtain your clear and explicit consent before collecting personal data, and must tell you why they need it.
  • Right to access: You can request a copy of all personal data a company holds about you.
  • Right to correction: You can ask a company to correct inaccurate data about you.
  • Right to deletion: You can request that your data be deleted when it is no longer needed for the purpose it was collected.
  • Data breach notification: Companies must notify the UAE Data Office and affected individuals of data breaches that pose a risk to rights and freedoms.
  • Cross-border transfers: Your personal data cannot be transferred outside the UAE unless the receiving country has adequate data protection or you consent.

When does it apply?

  • A business in the UAE collects, stores, or processes your personal data.
  • This covers data collected online and offline — apps, websites, loyalty programmes, and in-store forms.
  • Some free zones (DIFC, ADGM) have their own data protection laws that may apply instead.

What should you do?

  • Read privacy policies before sharing your personal data with any company.
  • To exercise your rights, send a written request to the company's data protection officer or privacy contact.
  • If the company does not respond within a reasonable time, file a complaint with the UAE Data Office.
  • Revoke consent at any time if you no longer want a company processing your data.

What should you NOT do?

  • Do not share personal data without checking the privacy policy — understand how your data will be used.
  • Do not ignore data breach notifications — change your passwords and monitor your accounts immediately.
  • Do not assume deleting your account deletes all your data — explicitly request data deletion in writing.

More in Consumer Rights

Right to Product Safety & QualityEvery product sold in the UAE must meet safety and quality standards. Businesses are legally responsible for the product...Read more →Warranty & Return RightsUAE law gives consumers the right to return defective products and enforces warranty obligations on sellers:Warranty obl...Read more →Protection from Deceptive PracticesUAE law protects consumers from fraudulent, misleading, and deceptive business practices:False advertising: Businesses c...Read more →

Related Topics

Workers' RightsAnti-Discrimination & Equal PayTax RightsTransfer Pricing Rules
← Browse all Consumer Rights

Legal Resources

We may earn a commission if you use these services — at no extra cost to you. This supports our mission to make legal information free for everyone.

LawDepotSend a formal demand letter to a business or creditor. State-specific financial and consumer documents ready in minutes.Create a Demand LetterCredit KarmaFree credit monitoring, dispute tools, and alerts. Know when your credit report changes.Check Your Credit FreeIdentityGuardIdentity theft protection and monitoring. Get notified if your personal information is misused.Protect Your Identity

You came here to know your rights — help someone else know theirs.

Support This Mission