Privacy Law at Morocco
Morocco's data protection framework is primarily governed by Law No. 09-08, enacted on February 18, 2009, which regulates the processing of personal data and establishes the National Commission for the Control of Personal Data Protection (CNDP) as the supervisory authority.
Legal Framework
*Law No. 09-08 (2009)
This law outlines the conditions under which personal data can be processed, emphasizing principles such a:
Lawfulness and Consent Data must be processed fairly and lawfully, with explicit consent from the data subject unless processing is necessary for contractual obligations or legitimate interest.
Transparency Data controllers must inform individuals about the identity of the data controller, the purposes of data processing, and any recipients of the data.
Data Quality Personal data should be accurate, relevant, and not excessive in relation to the purposes for which it is collected.
Security Appropriate measures must be taken to ensure the security of personal data against unauthorized access or disclosure.
*National Commission for the Control of Personal Data Protection (CNDP)
Established by Law No. 09-08, the CNDP is tasked with overseeing the application of data protection laws in Morocco. Its responsibilities include:
Monitoring Compliance Ensuring that data controllers and processors adhere to legal requirement.
Handling Complaints Addressing grievances from individuals regarding data processing activities.
Issuing Sanctions Imposing penalties for non-compliance, which can include fines and, in severe cases, imprisonment.
⚖️ Enforcement and Penalties
Violations of Law No. 09-08 can result in:
Administrative Fines Ranging from MAD 10,000 to MAD 100,000 for unauthorized data processing activities.
Criminal Penalties Including fines up to MAD 600,000 and imprisonment for intentional violation.
🌐 International Engagement
Morocco is a party to the Council of Europe’s Convention 108 for the protection of individuals with regard to automatic processing of personal data and has participated in efforts to modernize the convention.
The CNDP has also signed cooperation agreements with data protection authorities in other African countries, such as Angola and Niger, to promote data protection standards across the continent.
🧭 Summary
Morocco's data protection landscape is governed by Law No. 09-08, enforced by the CNDP, which ensures that personal data is processed lawfully and transparently. The law aligns with international standards and is actively enforced through penalties for non-compliance. The CNDP also collaborates internationally to enhance data protection practices.
Morocco's data protection framework is primarily governed by Law No. 09-08, enacted on February 18, 2009, which regulates the processing of personal data and establishes the National Commission for the Control of Personal Data Protection (CNDP) as the supervisory authority.
Legal Framework
*Law No. 09-08 (2009)
This law outlines the conditions under which personal data can be processed, emphasizing principles such a:
Lawfulness and Consent Data must be processed fairly and lawfully, with explicit consent from the data subject unless processing is necessary for contractual obligations or legitimate interest.
Transparency Data controllers must inform individuals about the identity of the data controller, the purposes of data processing, and any recipients of the data.
Data Quality Personal data should be accurate, relevant, and not excessive in relation to the purposes for which it is collected.
Security Appropriate measures must be taken to ensure the security of personal data against unauthorized access or disclosure.
*National Commission for the Control of Personal Data Protection (CNDP)
Established by Law No. 09-08, the CNDP is tasked with overseeing the application of data protection laws in Morocco. Its responsibilities include:
Monitoring Compliance Ensuring that data controllers and processors adhere to legal requirement.
Handling Complaints Addressing grievances from individuals regarding data processing activities.
Issuing Sanctions Imposing penalties for non-compliance, which can include fines and, in severe cases, imprisonment.
⚖️ Enforcement and Penalties
Violations of Law No. 09-08 can result i:
Administrative Fines Ranging from MAD 10,000 to MAD 100,000 for unauthorized data processing activities.
Criminal Penalties Including fines up to MAD 600,000 and imprisonment for intentional violation.
🌐 International Engagement
Morocco is a party to the Council of Europe’s Convention 108 for the protection of individuals with regard to automatic processing of personal data and has participated in efforts to modernize the convention.
The CNDP has also signed cooperation agreements with data protection authorities in other African countries, such as Angola and Niger, to promote data protection standards across the continent.
🧭 Summary
Morocco's data protection landscape is governed by Law No. 09-08, enforced by the CNDP, which ensures that personal data is processed lawfully and transparently. The law aligns with international standards and is actively enforced through penalties for non-compliance. The CNDP also collaborates internationally to enhance data protection practices.
RELATED Blog
0 comments