Saudi Arabia: Implemented Amended User Protection Regulations (Resolution 552/1445) including data protection regulation

On 8 May 2024, the Saudi Communications and Information Technology Commission (CITC) Amended User Protection Regulations (Resolution 552/1445) entered into force. The updated regulations follow the "Regulations for the Protection of the Rights of Users of ICT Services and Conditions for Providing Services" as per CITC Resolution No. 423/1441. The regulations mandate greater transparency from service providers regarding their services, including clear information about terms of service, pricing, and any data collection practices. The regulations strengthen the mechanisms for handling and resolving user complaints, ensuring users have a clear and effective avenue to report issues and receive timely resolutions. Users are granted control over their personal data, including rights to access, rectify, and delete their information, reinforcing the notion of informed consent and privacy by design. Furthermore, users are granted the right to be informed about data breaches that could potentially affect their privacy or security.