Qatar's Supreme Council of Information and Communication Technology is examining a draft law that would be the first national data privacy legislation in the Middle East and which would include specific provisions on email-marketing and spam.
If a new law is enacted, it will have an effect on any business that collects, records, stores, uses or discloses personal information, whether for marketing purposes or any other reason.
The proposals include: companies processing data in Qatar will be obliged to "implement and enforce appropriate and effective accountability measures" to ensure the protection of personal data; companies will also be obliged to notify individuals about data losses or moving of personal data across national borders and inform consumers about objection rights in relation to their personal data.
There would also be specific rules relating to the processing of personal information about children and sensitive personal information such as details about religious affiliation or medical conditions.
The draft law also proposes that unauthorised accessing, disclosure or processing of personal information will be deemed a criminal offence punishable by up to two years' imprisonment and a fine of up to 300,000 Qatari rials (Dh302,620).
Employees with responsibility for personal data who commit such an offence would face the same penalties.