LEGAL SAFEGUARDS FOR E-COMMERCE CUSTOMER DATA UNDER UAE LAW: A DOCTRINAL ANALYSIS OF FEDERAL DECREE-LAW NO. 45 OF 2021

Abstract

This research takes an in-depth evaluation of the law protecting data of the customer's e-commerce activities in the UAE, with particular emphasis on Federal Decree-Law No. 45 2021 concerning the protection of personal data. The study adopts a doctrinal analytical methodology, whereby the researcher investigates obligations concerning digital platforms that must be fulfilled by law, such as requirements of consent, data-minimization, breach notifications, and rights of data access, rectification, and erasure. The analysis also raises key questions as to the legislation's alignment with supranational standards such as the level set out in the General Data Protection Regulation (GDPR), enforceability of the practical rights of data subjects, and compliance obligations of e-commerce operators. The results suggest that the UAE legislation has taken a robust stand with regards to the privacy of digital dealings; however, a certain degree of ambiguity remains with regard to the procedural conditions of implementing such laws, enforcement mechanisms, and cross-border data handling. This works further adds to the discourse on middle-eastern data protection regimes by wholesale portraying the UAE as a possible model of balancing technological advancement with individual privacy rights within the wider context of digital economy.