According to Pinsent Masons, there is no specific data protection law covering all of the UAE currently available. Although a patchwork of other laws provides some rights to privacy and prohibits certain actions, including the disclosure of data obtained electronically in an unauthorised manner.
As reported by Tech Radar in 2019, a data protection law will be drafted for the UAE to support the TRA’s new national cybersecurity strategy for 2020-25. Not sure if this has been approved and implemented by Dubai Data Establishment (DDE) & Dubai Data Strategy furthermore.
However, today I have discovered that Microsoft Teams is forcing users to allow third-party cookies to make Teams load as a web app in Chrome.
Highly appreciate Microsoft Teams if you can make your web app work in any browser without having to permit third-party cookies or at least tell users which third-party cookies you are using so we can open up for those. Just enabling third-party cookies, in general, is insane!
Cookies can store a wealth of data, potentially enough to identify someone without their consent. MicrosoftTeams should cover a piece of basic information to educate, explicitly mention (on the same error page) why users have to enable the third-party cookies, the purpose, how it will benefit users when trying to access Teams application.
- Strictly necessary cookies — These cookies are essential for users to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow webshops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do, and why they are necessary should be explained to the user.
- Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.
- Analytics cookies — Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited.
- Marketing cookies — These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.
As these are the main ways of classifying cookies, although there are cookies that will not fit neatly into these categories or may qualify for multiple categories. When people complain about the privacy risks presented by cookies, they are generally speaking about third-party, persistent, marketing cookies. These cookies can hold significant amounts of information about our online activity, preferences, and location.
Strongly urging TRA-UAE, Dubai Electronic Security Center (DESC), and the UAE federal government to implement data protection law similar to GDPR as personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. User consent must be freely given, specific, informed, and unambiguous. Microsoft Teams Stop forcing users to allow third-party cookies!