Digital Policy Alert logo

Saudi Arabia: Implemented E-Commerce Law including data protection regulation

Policy overview

Description

Implemented E-Commerce Law including data protection regulation

On 24 October 2019, the E-Commerce law was implemented. The law applies to any domestic or international service provider that offers goods or services in the Kingdom. E-commerce service providers may only store customer data for the time needed to process an electronic transaction unless explicit consent has been given for such action. During the period of the transaction, service providers are obligated to take necessary measures to protect customer communication and personal data. Data may only be used for "permissible" and "authorised" purposes unless consent is given or it is required by law. Regulations of this law will specify what type of data is to be protected and kept confidential.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
platform intermediary: e-commerce
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2019-07-09
adopted

On 9 July 2019, the E-Commerce law was adopted through a Council of Ministers decision. The law app…

2019-07-10
in grace period

On 10 July 2019, the E-Commerce law entered into force through Royal Decree M/126. The law applies …

2019-10-24
in force

On 24 October 2019, the E-Commerce law was implemented. The law applies to any domestic or internat…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.