Dubai: DIFC issues First of its Kind Data Protection Adequacy Decision

The decision establishes that the Amended CCPA is equivalent to DIFC’s DP Law 2020 and aligns with global data protection standards

The DIFC Commissioner of Data Protection has issued a landmark adequacy decision on the Amended CCPA, a comprehensive data protection law in California. The decision recognises the Amended CCPA as equivalent to the DP Law 2020, which applies to the DIFC, a leading global financial centre in the MEASA region. This decision enables personal data transfers between DIFC and California-based entities without additional contractual measures. It also sets a precedent for future adequacy decisions with other US states.

The DIFC Commissioner’s Office acknowledges the Amended CCPA and the CPPA as an international organisation that ensures adequate data protection for personal data processed and transferred by the entities under its supervision.

The Amended CCPA empowers consumers to control and protect their personal data collected by businesses. It also establishes fair and lawful data collection and processing principles that align with global data protection standards and the Commissioner’s objectives in administering the DP Law 2020.

Jacques Visser, DIFC Commissioner of Data Protection, said: “The adequacy decision is based on published adequacy protocols and the EDMRI and due diligence tool. We have assessed California’s privacy law and found it to be compatible with our own. This decision will benefit both DIFC and California-based entities by facilitating cross-border data flows and enhancing data protection.”