The Impact of the GDPR on Extra-EU Legal Systems: The Case of the Kingdom of Bahrain

Introduction

The recent unprecedented increase in data production stemming from the propagation of the digital economy has led to the worldwide proliferation of regulations seeking to protect data owners and providers, supervise the collection of data, and minimise data security breaches. This is primarily true in the States members of the Gulf Cooperation Council (GCC), regional organisation founded in 1981 and exclusive to six States located on the shores of the Arabian Gulf - Bahrain, Saudi Arabia, United Arab Emirates, Oman, Qatar, and Kuwait (Borea, 2019) -, due to the lack of an advanced rule of law for privacy in most of them, despite their progressive shift from economies relying on the exploitation of natural sources to data-driven societies.

With the constant rejuvenation occurring to technology and its accessories, the development of privacy laws has become crucial and therefore most countries are now amending their laws and regulations to best fit the global epidemic occurring. As reported on the official website of the United Nations Conference on Trade and Development, 107 countries (of which 66 are developing or transition economies) have put in place a legislation to secure the protection of data and privacy. In this area, Asia and Africa show a similar level of adoption, with less than 40 per cent of the countries having a law in place (UNCTAD, 2019). In percentages, this means that:

• •

  57% of the countries have passed laws on data protection and privacy.

• •

  10% of the countries has just draft legislations.

• •

  21% of the countries does not have a legislation at all.

• •

  12% no data are available.

As far as the European Union (EU) framework is concerned, since the enactment of the General Data Protection Regulation (GDPR) there have been many discussions about its impact and repercussions. In economic and statistical terms, scholars pointed out that the GDPR might have a rather negative effect on the European Union’s internal market and economy (Allen, DWE, Berg A, Berg C, Markey-Towler, B and Potts, J, 2019). Nonetheless, from a legal perspective, the impact that the GDPR is producing on other legal systems is remarkable. Indeed, protecting individuals' personal data has become of critical importance in the 21^st century, due to the phenomenon of digitalisation, a wide-ranging motion that affects all individuals with no exception. Consequently, laws and regulations are constantly amended and modified in order to match the innovative digitalisation endangerments. In our times, technology is administering most facilities and services, artificial intelligence is spreading like wildfire, and business undertaking are trying to take advantage of the technological disruption while trying to cope with the need for securing information (Francis L. & Francis J, 2017).

This chapter dwells around two focal pillars. Firstly, it scrutinises the stimulus the GDPR initiated on the enactment of official privacy laws in jurisdictions other than the European Union; secondly, it analyses, with a comparative approach, the privacy laws enacted of the GCC countries, with focus on the Kingdom of Bahrain, while parallelly shedding light on similarities and differences with the GDPR. Indeed, if on the one side the European Union legal framework seems to be quite advanced, the regulatory process in the GCC region is still at its inception and, thus, it seems interesting to investigate how the European Union is influencing the legal changes in other legal systems. Moreover, unlike the EU, the GCC as a regional organisation does not yet have in place a common rule of law for the protection of personal data. Considering the above reasons, the Kingdom of Bahrain followed the footsteps of the GDPR, mirroring, to a large extent, the methodology adopted by the GDPR, as this is the Kingdom’s first law dealing exclusively with this legal phenomenon.