Top of page

Article Egypt: Country's First Law on Protection of Personal Data Enters into Force

(Oct. 29, 2020) On October 17, 2020, Egypt’s first law to protect personal data entered into force. Law No. 151 of 2020 on the Protection of Personal Data had been ratified on July 13, 2020, by Egyptian president Abdel Fattah al-Sisi. Article 7 of the law stipulates that enforcement of the law would begin 90 days after its publication in Egypt’s Official Gazette on July 15, 2020.

According to Professor Mohamed Hegazi, an expert consultant on digital transformation, innovation, and intellectual property legislation, the new law “differentiates between normal personal data, such as [a citizen’s] national identification number, phone number, [and] address, and personal data. The [new] law applies to all sensitive data, such as bank data, financial transactions and children’s data, whether inside or outside Egypt, and also protects the data of foreign citizens residing in Egypt.”

Content of the Law

Exemptions

Law No. 151 of 2020 excludes the following types of data from its scope of application:

  • Personal data for the purpose of national census
  • Personal data that is processed for personal purposes
  • Personal data that national security authorities and the Central Bank of Egypt require
  • Personal data used in criminal investigations (Law No. 151 of 2020, art. 3.)

Territorial Scope of Application

The law applies to crimes related to the breach of personal data that are committed by Egyptians and foreign nationals living either outside or inside Egypt. (Art. 2.)

Competent Court

The Economic Court is the court that has jurisdiction over crimes related to the protection of personal data. (Art. 5.)

Main Definitions

The law defines the term “personal data” as data related to any natural person that could identify him/her directly or indirectly. Such data includes the person’s voice, national identification number, and data determining the person’s psychological or physical health, economic status, cultural, and social identity. (Art. 1, para. 1.)

The law also defines the term “processing of personal data” as an electronic process to write, collect, record, keep, store, merge, present, send, receive, circulate, publish, delete, change, amend, retrieve, or analyze personal data. (Art. 1 para. 2.)

Conditions for Legal Processing of Personal Data

Under the law, the processing of personal data is considered legal if

  • the consent of the person who owns the data is obtained before the processing of his/her data begins;
  • the processing of personal data is required and necessary for implementing a contractual obligation or enforcing a legal action;
  • a contract is being concluded on behalf of the person owning the data;
  • a legal obligation or an order issued by a court or an investigating authority is being executed; and
  • the processing of personal data conducted by an entity as part of its job does not fringe on basic rights and freedoms. (Art. 6.)

Penalties under the Law

The law imposes an array of sanctions against entities and individuals that commit crimes related to personal data. For instance, any entity or individual that processes an individual’s personal data without obtaining the consent of the person who owns the data and causes harm to that person is punishable by a term of imprisonment of not less than 6 months and a fine of 200,000–2 million Egyptian pounds (EGP) (about US$12,736–$127,364) or one of these penalties. (Art. 26, para. 2.)

The law also punishes any entity or individual in charge of processing personal data with a term of imprisonment of not less than 3 months and a fine of EGP500,000–5 million (about US$31,840–$318,410), or one of these penalties, when the data processor, despite causing no harm to the person who owns the data, processes the data without obtaining the owner’s consent. (Art. 41.)

Finally, the law sanctions any entity or individuals in charge of processing personal data with a term of imprisonment of not less than 3 months and a fine of EGP500,000–5 million for transferring personal data to any country that does not have data protection laws or that provides less protection of personal data than Egypt. (Art. 42.)

About this Item

Title

  • Egypt: Country's First Law on Protection of Personal Data Enters into Force

Online Format

  • web page

Rights & Access

Publications of the Library of Congress are works of the United States Government as defined in the United States Code 17 U.S.C. §105 and therefore are not subject to copyright and are free to use and reuse.  The Library of Congress has no objection to the international use and reuse of Library U.S. Government works on loc.gov. These works are also available for worldwide use and reuse under CC0 1.0 Universal. 

More about Copyright and other Restrictions.

For guidance about compiling full citations consult Citing Primary Sources.

Credit Line: Law Library of Congress

Cite This Item

Citations are generated automatically from bibliographic data as a convenience, and may not be complete or accurate.

Chicago citation style:

Sadek, George. Egypt: Country's First Law on Protection of Personal Data Enters into Force. 2020. Web Page. https://www.loc.gov/item/global-legal-monitor/2020-10-29/egypt-countrys-first-law-on-protection-of-personal-data-enters-into-force/.

APA citation style:

Sadek, G. (2020) Egypt: Country's First Law on Protection of Personal Data Enters into Force. [Web Page] Retrieved from the Library of Congress, https://www.loc.gov/item/global-legal-monitor/2020-10-29/egypt-countrys-first-law-on-protection-of-personal-data-enters-into-force/.

MLA citation style:

Sadek, George. Egypt: Country's First Law on Protection of Personal Data Enters into Force. 2020. Web Page. Retrieved from the Library of Congress, <www.loc.gov/item/global-legal-monitor/2020-10-29/egypt-countrys-first-law-on-protection-of-personal-data-enters-into-force/>.