DIFC first in the region to advance position on data protection, regulations, and governance within the Global Forum Assembly (GFA)
In 2022, DIFC Commissioner recognised Cross Border Privacy Rules (CBPR) as an adequate mechanism for free flow of data with trust
As an Associate in the Global CBPR Forum (the Forum), DIFC and the GFA leadership look to further opportunities for regulatory cooperation
GFA’s recognition reinforces DIFC’s regionally pioneering position on data protection, regulations, and governance
Dubai, United Arab Emirates; 27 August 2024: Dubai International Financial Centre (DIFC), the leading global financial centre for the Middle East, Africa, and South Asia (MEASA) region, has been recognised by the GFA as an Associate Member.
The Global CBPR Forum welcomed DIFC, Mauritius and Bermuda as Associates, following the Global Forum Assembly’s endorsement of the Membership Committee’s Recommendation that all three have met the conditions for recognition as an Associate. The full announcement can be found here.
The recognition is the result of DIFC’s active and substantive participation in the development of the Forum since its establishment in April 2022, most recently attending workshops hosted by the Personal Information Protection Commission (PPC) in Tokyo, Japan. As a long-time supporter of alternative, trustworthy data transfer mechanisms, DIFC’s status in the Forum will provide an opportunity to collaborate with other regulatory authorities on the future of secure, international data flows. The CBPRs are a flexible yet robust privacy certification scheme that the Commissioner will adopt in accordance with Article 50(5) of the Data Protection Law, DIFC Law No 5 of 2020 for implementation into the DIFC data protection compliance regime.
Chief Legal Officer of DIFC Authority and DIFC Data Protection Commissioner, Jacques Visser, thanked the GFA leadership, stating, “We are honoured to be recognised by the GFA, especially as DIFC is the first and only jurisdiction in the Middle East to obtain Associate status in the Forum in addition to its acceptance into the Forum’s Global Cooperation Arrangement for Privacy Enforcement (CAPE) in April 2024. This milestone echoes our commitment to uphold the highest standards of privacy and data protection in DIFC. We look forward to collaborating with our international partners on this important initiative. As a jurisdiction serving multi-jurisdictional constituents, ensuring the free flow of data whilst ensuring that importers treat it ethically and with care is of vital importance to us.”
The GFA Membership Committee is comprised of original Asia-Pacific Economic Cooperation (APEC) Member Economies including Japan, Philippines and Singapore. The Chair of the GFA is held by the United States, represented by Shannon Coe, Director of Global Data Policy in the Office of Global Data Policy and Privacy at the U.S. Department of Commerce International Trade Administration. The Chair of the Membership Committee, is held by Japan, represented by Makiko Tsuda, Director for Coordination on International Digital Policy for the Japanese Commerce and Information Policy Bureau, Ministry of Economy, Trade and Industry.
DIFC’s recognition in the above regard also comes in addition to the United Kingdom previously selecting DIFC as one of six global jurisdictions to be a priority partner for creating a “Data Bridge” with for similar purposes. The assessment by the UK’s Department of Science, Innovation and Technology (DSIT) towards this outcome is currently ongoing.
DIFC’s efforts in the above regard is underlined by the importance of International Data Transfers in facilitating modern-day business transactions. Trustworthy data flows help streamline supply chain management and allow for financial inclusion so that businesses, particularly those in the Middle East, Africa, and South Asia (MEASA) region with ties to the UK, can scale and trade globally. There are as many as 5,000 British companies operating in the UAE, many of which depend on safe data transfers that comply with applicable data protection laws and associated policies.