Research On Balancing State Security With Personal Data Rights Under Uae Law
Case 1: CCTV Monitoring in a Women’s Service Centre (Abu Dhabi)
Facts:
Three government officials installed CCTV cameras in a women’s customer service centre branch in Al Ain. Female employees claimed that their privacy was violated.Legal Issue:
Whether the installation of CCTV cameras constituted an invasion of privacy, and whether state/organizational security interests justified such monitoring.Outcome:
Initially, the officials were convicted and given suspended jail sentences.
On appeal, they were acquitted because the court recognized the cameras’ purpose as security and operational monitoring.
The Court of Cassation confirmed the acquittal.
Balance Point:
The court prioritized the state/organizational security interest over the individual privacy rights, showing that monitoring may be lawful if justified by legitimate security concerns.Case 2: Unauthorized Recording for Public Reporting (2019)
Facts:
A woman recorded videos of what she believed were unsafe food practices in a supermarket and sent them to municipal authorities.Legal Issue:
Whether recording and sharing videos without consent violated the Cybercrimes Law, or whether public interest justified the act.Outcome:
The Court of Cassation held that because her intention was public interest reporting and not malicious, she was not guilty of invading privacy.Balance Point:
Intent and purpose matter. Even though the law prohibits recording without consent, the public interest (food safety) was a legitimate exception, showing the law balances individual privacy with societal/public safety concerns.Case 3: Social Media Posting Without Consent (Civil Compensation, 2025)
Facts:
A man posted photos and videos of a woman on social media without her consent. The woman sued for damages.Legal Issue:
Determining civil liability for violation of personal data and privacy rights.Outcome:
The civil court awarded Dh20,000 in compensation for emotional distress and reputational harm.Balance Point:
This illustrates that while state security can override privacy in some contexts, individual privacy rights are protected in private settings, and victims can receive compensation for harm caused by unauthorized data sharing.Case 4: Government Agencies Exemption Under PDPL
Facts:
The Personal Data Protection Law (PDPL) explicitly exempts government authorities and security/judicial agencies from certain provisions.Legal Issue:
How do individual privacy rights apply when data is processed by state or security agencies?Outcome:
No court case challenged this directly, but legal interpretation shows that exemptions give broad powers to government agencies for national security and public interest purposes.Balance Point:
Exemptions structurally favor state interests, meaning individual rights can be limited in cases involving security, surveillance, or law enforcement.Case 5: Cross-Border Data Transfer and Security Exception
Facts:
PDPL allows personal data to be transferred outside UAE if the recipient country ensures adequate protection, or if it’s necessary for public interest, legal obligations, or judicial purposes.Legal Issue:
Does state/public interest justify overriding individual consent in cross-border transfers?Outcome:
The law explicitly permits such transfers for public interest or security reasons, highlighting legal recognition that national security can override individual data control.Balance Point:
State interest and public security can supersede individual consent, showing the legal system’s priority for security considerations in certain contexts.Case 6: Private Employee Monitoring in a Bank
Facts:
A bank monitored its employees’ emails and computer usage without their knowledge, citing security and fraud prevention reasons.Legal Issue:
Was monitoring justified under the Cybercrimes Law and privacy protections?Outcome:
The court found that monitoring was lawful because employees were notified in internal policies and the monitoring was necessary for fraud prevention and operational security.Balance Point:
Notification and legitimate security reasons allowed the state/organizational interest to outweigh personal privacy in this workplace scenario.Case 7: Unauthorized Publication of Government Documents
Facts:
An individual leaked government documents online containing sensitive citizen information.Legal Issue:
The conflict between freedom of expression, public interest, and state security/data protection.Outcome:
The court ruled that the leak violated both the Cybercrimes Law and PDPL provisions on confidentiality and unauthorized dissemination of personal data. The individual was criminally liable.Balance Point:
State security and personal data protection were prioritized over the public interest claim of transparency, showing the legal system heavily favors safeguarding sensitive personal and state-related data.Summary of Key Themes Across Cases
State Security Priority: In cases involving government or organizational security, courts often side with the security interest over individual privacy.
Public Interest Exceptions: Legitimate public interest (like reporting unsafe practices) can justify limited privacy infringements.
Private vs State Actors: Individual rights are more strongly enforced against private actors than against state authorities.
Notification & Consent: Courts consider whether the person was informed and whether the action was necessary for security or operational reasons.
Civil Remedies: Courts award compensation for unauthorized data sharing in private contexts.
RELATED Blog
comments