Shedding Light on the Inadequate Protection of Internet Users’ Right to Privacy under Kuwaiti Law

Abstract

Abstract Digital technology such as AI has enabled private companies to collect and analyse people’s personal information, which may infer hidden private data about the individual, such as medical data or psychological state. The inferred private information can be sold to third parties or used to target advertisements without the individual’s knowledge and explicit consent. Private companies, therefore, pose a risk to internet users’ right to privacy in the digital world. As such, the legal system should have a comprehensive Data Privacy law that provides internet users with adequate legal protection for preserving their right to privacy against private companies. Still, Kuwait lacks comprehensive Data Privacy. The only two data privacy mechanisms are embodied in chapter 7 under the Electronic Transaction Act (ETA) No. 20 of 2014 and the Regulation of User Protection and Privacy issued by the Communication and Information Technology Regulatory Authority (CITRA). This paper finds that the fragmented Kuwaiti laws concerning the individual’s right to privacy inadequately protect internet users’ right to privacy against the risk posed by private companies, and therefore, legislative interventions are needed. This paper concludes with proposing essential recommendations for the Kuwaiti Legislative Authority to issue a comprehensive data privacy law, using European Union’s General Data Protection Regulation as a guidance framework (GDPR), to strengthen internet users’ right to privacy (as control over their personal information) against the risk private companies pose.