Personal Data Protection in Electronic Applications and Digital Platforms in Light of Saudi Law and Comparative Legislation
(Towards an Optimal Legal Framework for Protecting Electronic Consumer Data)
Abstract
This research addresses the issue of protecting users' personal data in electronic applications and digital platforms through a comparative study between the Saudi Personal Data Protection Law and the European Union's General Data Protection Regulation (GDPR). This study is conducted in light of the reliance of these platforms' business models on the extensive collection of personal data and the resulting privacy challenges. The research's significance lies in evaluating the effectiveness of the new Saudi legislative framework in regulating the actual practices of data collection and processing by these platforms, specifically regarding consent mechanisms, the use of geolocation data, and defining the platform's legal responsibilities. The research seeks to answer a key question: To what extent is the current legal framework in the Saudi system sufficient to provide effective protection for electronic consumer data, and how can its implementation mechanisms be improved by drawing on the European experience? This research employs a comparative analytical approach, analyzing the texts of the Saudi Personal Data Protection Law and its implementing regulations, and comparing them with the principles outlined in the European regulations. The research also uses the Amazon, Mrsool, and Toyou platforms as case studies, given the nature of the biometric data they collect and the significant challenges they pose to user privacy. The research concludes with several key findings, most notably that while the Saudi Personal Data Protection Law provides a robust general framework, there is a gap in the detailed regulations addressing the privacy aspects of digital platform business models, particularly regarding the clarity of consent mechanisms and the limits of personal data use.
References
2. المملكة العربية السعودية. رؤية المملكة العربية السعودية 2030، متاحة على: https://www.vision2030.gov.sa.
3. منظمة التعاون الرقمي. تقرير حالة الاقتصاد الرقمي في المملكة العربية السعودية 2023: ازدهار رقمي للجميع. الرياض: منظمة التعاون الرقمي، 2023.
4. نظام حماية البيانات الشخصية السعودي، الصادر بالمرسوم الملكي رقم (م/19) بتاريخ 9/2/1443هـ، والمعدل بالمرسوم الملكي رقم (م/147) بتاريخ 5/9/1444هـ.
5. الهيئة السعودية للبيانات والذكاء الاصطناعي (SDAIA). الدليل الإرشادي لحقوق أصحاب البيانات الشخصية. الرياض: سدايا، 2023.
6. Acquisti, Alessandro, Curtis Taylor, and Liad Wagman. "The Economics of Privacy." Journal of Economic Literature 54, no. 2 (2016): 442–492.
7. Crain, Matthew. Profit Over Privacy: How Amazon Uses Your Data to Make a Killing. Champaign: University of Illinois Press, 2021.
8. De Hert, Paul, and Vagelis Papakonstantinou. "The new General Data Protection Regulation: Still a sound system for the protection of individuals?" Computer Law & Security Review 32, no. 2 (2016): 179–194.
9. Edwards, Lilian. "Privacy, Security and Data Protection in Smart Cities: A Critical EU Law Perspective." Common Market Law Review 53, no. 1 (2016): 65–94.
10. Hildebrandt, Mireille. "The new imbroglio: the citizen and the state in the era of data-driven agency." In Data Protection and Privacy: The Age of Intelligent Machines, edited by Ronald Leenes et al., 35–54. Oxford: Hart Publishing, 2018.
11. Kaminski, Margot E., and Gianclaudio Malgieri. "Algorithmic Impact Assessments under the GDPR: Producing Multi-layered Explanations." International Data Privacy Law 11, no. 2 (2021): 125–144.
12. Kuner, Christopher, et al. "The GDPR as a model for global data protection law?" International Data Privacy Law 12, no. 1 (2022): 1–3.
13. Martin, Kirsten E. "Ethical issues in the big data industry." MIS Quarterly Executive 14, no. 2 (2015): 67–80.
14. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
15. Richmond, Riva, and Bart van der Sloot. "The Legal Framework for Location Data in the Digital Age." In Privacy and Data Protection in an Age of Hyper-Connectivity, edited by David Lyon and Zygmunt Bauman, 105–128. Cheltenham: Edward Elgar Publishing, 2020.
16. Schartum, Dag Wiese. "Making Privacy by Design Operative." International Journal of Law and Information Technology 24, no. 2 (2016): 151–173.
17. Solove, Daniel J. Understanding Privacy. Cambridge, MA: Harvard University Press, 2008.
18. Solove, Daniel J. "The Myth of the Privacy Paradox." George Washington Law Review 89, no. 1 (2021): 1–55.
19. Turow, Joseph. The Aisles Have Eyes: How Retailers Track Your Shopping, Strip Your Privacy, and Define Your Power. New Haven: Yale University Press, 2017.
20. Voigt, Paul, and Axel von dem Bussche. The EU General Data Protection Regulation (GDPR): A Practical Guide. Cham: Springer International Publishing, 2017.
21. Zuboff, Shoshana. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. New York: PublicAffairs, 2019.
Copyright (c) 2025 د. حسام إبراهيم فلاتة
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
