Jordan has finally adopted a data protection law after nine years in the making. While it introduces robust rights and safeguards to protect people’s personal information, the long-awaited law retains a number of problematic provisions that could not only seriously undermine enforcement, but hands unprecedented power and control over personal information to the government. To mitigate the law’s major red flags, Access Now is calling on Jordanian authorities to open discussions with civil society experts, and place human rights at the center of all data protection legislation.
Access Now and Jordanian civil society organizations have previously raised the draft law’s shortcomings. One of the new law’s alarming flaws is the structure of Jordan’s future data protection authority. It’s not only chaired by the Minister of Digital Economy and Entrepreneurship, but will also include members of Jordan’s security agencies and from the telecommunications and ICT industry, undermining its independence as an oversight body. In its stipulated form and mandate, the new data protection authority will not be empowered to hold private companies and public entities accountable for their violations.
Despite the amendments to the draft bill submitted by the government in 2022, neither chamber of Parliament addressed the serious loopholes which makes the data protection framework grossly lag behind international best practices. Moreover, the legislators decreased the maximum amount of the fine to be imposed on entities and companies from 5 percent to 3 percent of their annual revenues — decreasing the financial impact of the sanctions on potential violators, reducing any deterrent.
Access Now stands ready to engage and collaborate with Jordanian authorities and other stakeholders to advance strong data protection measures for the people in Jordan.