DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇦🇪 Middle East & North Africa

Cookie consent in الإمارات العربية المتحدة

Consent and privacy law in الإمارات العربية المتحدة

In short
The UAE has a layered system. The federal Personal Data Protection Law, Decree-Law No. 45 of 2021, applies across the mainland and is overseen by the UAE Data Office, while the financial free zones, the DIFC and ADGM, run their own GDPR-style data protection laws with their own regulators. This means the applicable rules depend on where the business is established. The federal law follows GDPR-style principles, requiring consent or another lawful basis, data subject rights, and breach handling, though executive regulations fill in detail. Consent must be clear and specific. Notices in Arabic are expected for mainland audiences. Cookies that identify users are personal data.
Authority
UAE Data Office
Status

Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data

Primary law
PDPL UAE
Languages

ar

Who must comply

Controllers and processors that process personal data of data subjects in the UAE, with some exemptions for the financial free zones that have their own regimes.

Penalties

Penalties to be set by executive regulations, separate from free zone regimes

Key obligations

  • Obtain clear, specific and informed consent where required
  • Provide notice of purpose and processing
  • Honor access, correction, deletion, portability and objection rights
  • Apply appropriate security and conduct impact assessments
  • Meet conditions for cross-border data transfers

Local guidance

  • Identify whether mainland, DIFC, or ADGM rules apply
  • Use clear and specific consent or another lawful basis
  • Provide notices in Arabic for mainland audiences
  • Watch for executive regulations under the federal PDPL

How ConsentX helps

  • Clear, specific opt-in consent capture
  • Geo-aware banner for UAE visitors
  • Full rights workflow including portability
  • Consent receipts and evidence logs
  • Region rule engine tuned for the UAE
Get started free
yoursite.com
🇦🇪 United Arab Emirates

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with United Arab Emirates using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under United Arab Emirates.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that United Arab Emirates requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a United Arab Emirates audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does the UAE have one privacy law or several?+

Several. The federal PDPL applies on the mainland, while the DIFC and ADGM financial free zones have their own GDPR-style laws and regulators, so the rules depend on where the business sits.

Which authority oversees UAE federal privacy law?+

The UAE Data Office oversees the federal Personal Data Protection Law, while the DIFC and ADGM have separate commissioners for their respective free zones.

Governing law

🇦🇪 PDPL UAE

Other countries in Middle East & North Africa

🇸🇦 المملكة العربية السعودية🇶🇦 قطر🇧🇭 البحرين🇮🇱 ישראל🇹🇷 Türkiye🇪🇬 مصر