Saudi Arabia - Regulatory Boundaries
Data Protection Law and the Sharīʿah Principles, Commercial Law and Dispute Settlements, and the Internet of Things (IoT) Regulatory Framework are three potential regulatory barriers which could influence Fitbit’s ability to succeed in the Saudi Arabia market.
1) Data Protection Law and the Sharīʿah Principles
- The Sharīʿah is the paramount body of law in the Kingdom of Saudi Arabia (KSA). It is a collection of fundamental principles derived from sources such as Islam's Holy Qu’ran and the Sunnah, "which are the witnessed sayings and actions of the Prophet Mohammed". It also forms the basis of the legal system in KSA.
- Since Fitbit handles personal data of consumers and due to increasing market awareness of data privacy and data protection rights, it's now giving rise to new challenges and barriers affecting businesses in Saudi Arabia, and also globally.
- However, there are still no specific data protection laws in Saudia Arabia, which led to the interpretation of data privacy violations by KSA courts and adjudicatory bodies under their general Shari'ah principles.
- For data protection under Shari'ah law or principles, "the disclosure of secrets is prohibited except inter alia where the owner of the relevant secret agrees to such disclosure or if the public interest requires so".
- Violations of data privacy under general Shari'ah law or principles are often expressed in general terms and will then afford KSA courts and adjudicatory bodies their own considerable discretion as to what penalties they deem appropriate and equitable, which mostly include a fine and deprivation of certain rights such as license suspension or imprisonment.
- Previous decisions of the KSA adjudicatory bodies are, in general, not consistently indexed and collected in a central place or made publicly available.
- There are reports that a draft law about KSA's “Freedom of Information and Protection of Private Data Law” is currently being reviewed by the Shura Council, the formal advisory body of the Kingdom of Saudi Arabia. That law dictates that "any party who processes personal data must adhere to the principles of transparency, fairness, and accountability".
- The absence of specific data protection law is considered a barrier that could influence Fitbit's success in Saudi Arabia because of inconsistencies in records and previous decisions, regarding the data privacy of consumers.
2) Commercial Law and Dispute Settlements
- The Kingdom of Saudi Arabia's commercial law is still currently in its developing stage. "In 1994 Saudi Arabia ratified the 1958 New York Convention on the Recognition and Enforcement of Foreign Arbitral Awards."
- The Saudi Arabian Government (SAG) together with the Saudi Ministry of Commerce and Investment are currently leading efforts in order to improve and overhaul their commercial laws and to create an arbitration center in collaboration with the Council of Saudi Chambers of Commerce and Industry.
- According to the US Embassy's report, commercial disputes settlement in Saudi Arabia is considered a trade barrier because dispute settlements and enforcing of foreign arbitral awards "have proven time-consuming and uncertain, carrying the risk that Sharīʿah principles can potentially trump any foreign judgments or legal precedents, though Saudi Arabia is a signatory to the New York Convention on the Recognition and Enforcement of Foreign Arbitral Awards."
- This becomes a possible barrier because even after a dispute decision has been made, it will still take a long time to enforce the judgment and in several cases, bring about some serious problems for foreign investors like Fitbit and can hinder their success in Saudi Arabia.
3) Internet of Things (IoT) Regulatory Framework
- The Internet of Things (IoT) Regulatory Framework is published by the Communications and Information Technology Commission (CITC). It regulates every usage of IoT services in the Kingdom of Saudi Arabia.
- It requires providers of IoT services to comply with ‘data security, privacy, and protection requirements’. The Framework goes on to state that IoT providers and implementers must ‘comply with all the existing or future published laws, regulations, and requirements concerning data management including security, privacy, and protection.
- The IoT Regulatory Framework is a possible barrier because it "envisages that specific data protection laws may be enacted in the Kingdom at some point". It also requires Fitbit, as an IoT service provider, to hold onto strict regulations regarding the collections of personal data among its consumers and may influence its ability to succeed due to needed approvals to operate in the KSA beforehand.