UAE Law Imposes up to Dh500,000 Fine and Jail Term for Hacking Personal Data

The UAE continues to strengthen its legal framework to keep pace with rapid technological advancements, providing residents and citizens with smart digital systems to complete transactions quickly and efficiently. However, this increasing reliance on technology has also created opportunities for cybercriminals to exploit gaps in awareness around the protection of personal information.

Fraudsters use constantly evolving tactics to target victims, often taking advantage of unsuspecting individuals by gaining access to sensitive personal and financial data. Authorities have repeatedly issued warnings and launched awareness campaigns to educate the public on recognising and preventing online fraud.

Under the UAE’s Decree-Law on Combating Rumours and Cybercrimes, strict penalties apply to offences involving personal data breaches. Article 6 provides that anyone who unlawfully obtains, modifies, damages, discloses, leaks, deletes, copies, publishes or republishes electronic personal data using information technology may face imprisonment for at least six months and a fine ranging from Dh20,000 to Dh100,000, or either of the two penalties.

The law applies particularly to sensitive information such as medical records, diagnosis and treatment details, bank account information and electronic payment data. It also criminalises the unlawful receipt, storage or use of such data.

Separately, Article 2 of the same law imposes penalties on anyone who hacks an electronic website, information system, network or IT tool. The punishment includes imprisonment and fines ranging between Dh100,000 and Dh300,000.

Where hacking leads to damage, disruption, destruction or the loss of confidentiality of data, the penalty increases to imprisonment for at least six months and fines between Dh150,000 and Dh500,000. If the breach is committed with the intention of obtaining data for unlawful purposes, offenders may face imprisonment of at least one year and fines ranging from Dh200,000 to Dh500,000.

Authorities have dealt with several fraud-related cases in recent years, with courts ordering offenders to repay victims and compensate them for losses. In many instances, officials have noted that victims inadvertently contributed to the fraud by responding to suspicious text messages or emails and sharing confidential banking information.

In one such case, the Al Ain Court of First Instance ordered two defendants to return Dh90,000 to a victim and pay Dh30,000 in compensation after they fraudulently withdrew funds from his bank account.

The suspects had allegedly contacted the victim while posing as consumer protection officials, claiming they could help him recover money from a company. They then sent him a five-digit OTP and persuaded him to forward it via the Botim app, which enabled them to access and transfer funds from his account.

Following investigations, police identified the suspects, who were later convicted by the court and ordered to repay the stolen amount along with compensation.

 For any enquiries or information, contact ask@tlr.ae or call us on +971 52 644 3004. Follow The Law Reporters on WhatsApp Channels.