Saudi Arabia: Adopted E-Commerce Law including data protection regulation

On 9 July 2019, the E-Commerce law was adopted through a Council of Ministers decision. The law applies to any domestic or international service provider that offers goods or services in the Kingdom. E-commerce service providers may only store customer data for the time needed to process an electronic transaction unless explicit consent has been given for such action. During the period of the transaction, service providers are obligated to take necessary measures to protect customer communication and personal data. Data may only be used for "permissible" and "authorised" purposes unless consent is given or it is required by law. Regulations of this law will specify what type of data is to be protected and kept confidential.