Dubai’s California dreamin’: Whitelists for adequacy needed

One-off solutions: Dubai recognises California adequacy, but incentivising ‘Default Whitelists’ could be a more practical solution to data transfers. By Professor Graham Greenleaf.

The Dubai International Financial Centre (DIFC), a self-governing jurisdiction, has a very common problem. Its businesses want to export personal data to the US, including to California (soon to be the world’s fourth largest economy), but the DIFC Data Protection Law (DP Law(1)) requires that personal data is only exported to a place which “ensures an adequate level of data protection”. It provides that “the Commissioner may determine from time to time that a Third Country, a territory or one … or more specified sectors within a Third Country … ensures an adequate level of data protection”.(2)

Continue Reading

International Report subscribers, please login to access the full article


If you wish to subscribe, please see our subscription information.