Saudi Arabia: Implemented Implementing Regulations of E-Commerce Law including data protection regulation

On 31 January 2020, the Ministry of Commerce issued the implementing regulations of the E-Commerce Law, with implementation on the same day. The regulations apply to e-commerce platforms that are located within and outside the Kingdom that provide products/services to consumers within the Kingdom. E-commerce service providers may only store customer data for the time needed to process an electronic transaction unless explicit consent has been given for such action. During the period of the transaction, service providers are obligated to take necessary measures to protect customer communication and personal data. Data may only be used for "permissible" and "authorised" purposes unless consent is given or it is required by law. Protected personal consumer data includes names, addresses and phone numbers, financial details, images or videos of the individual, licence numbers, and personal property. If a breach occurs, the service provider is required to notify the Ministry of Commerce and the individual in question within 3 days with a detailed explanation.