BAHRAIN
Since November 2009
Pillar Domestic data policies |
Indicator Minimum period for data retention
Resolution No. 8 of 2009 Promulgating a Regulation requiring Licensees to implement Lawful Access
According to Art. 9.1 of the Telecommunications Regulatory Authority (TRA)'s Board of Directors Resolution No. 8 of 2009, a licensee shall undertake to retain access-related information for one year from the date of each call that is successfully made between two or more parties, whether it results in conveying call content or not. Moreover, it is reported that, since 2009, the TRA has mandated that all telecommunications companies keep a record of customers’ phone calls, emails, and website visits for up to three years.
Coverage Telecommunications sector
Sources
- https://tra-website-prod-01.s3-me-south1.amazonaws.com/Media/mediafiles/document/PublishedLawfulAccessRegulation1.pdf
- https://cyrilla.org/en/entity/7bqc9prz5vquno8h1rp5ws714i?page=1
- https://freedomhouse.org/country/bahrain/freedom-net/2022
- https://iclg.com/practice-areas/telecoms-media-and-internet-laws-and-regulations/bahrain
- Show more...
BAHRAIN
Since March 2022
Since July 2018, entry into force in August 2019
Since July 2018, entry into force in August 2019
Pillar Domestic data policies |
Indicator Requirement to perform a Data Protection Impact Assessment (DPIA) or have a data protection officer (DPO)
Order No. 43 of 2022 Regarding the conditions to be met in the technical and organisational measures that guarantee the protection of personal data
قرار رقم (43) لسنة 2022 بتحديد الاشتراطات التي يتعين توافرها في التدابير الفنية والتنظيمية الكفيلة بحماية البيانات الشخصية
Law No. 30 of 2018 with Respect to Personal Data Protection Law
قانون رقم (30) لسنة 2018 بإصدار قانون حماية البيانات الشخصية
قرار رقم (43) لسنة 2022 بتحديد الاشتراطات التي يتعين توافرها في التدابير الفنية والتنظيمية الكفيلة بحماية البيانات الشخصية
Law No. 30 of 2018 with Respect to Personal Data Protection Law
قانون رقم (30) لسنة 2018 بإصدار قانون حماية البيانات الشخصية
Art. 3 of Order No. 43 of 2022 states that controllers should conduct a Data Protection Impact Assessment (DPIA) in the following cases:
- Cases stipulated in Art. 22.1 of Law No. 30 of 2018, or a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
- When processing on a large scale special categories of data or of personal data relating to instituting and pursuing criminal proceedings and related judgements referred to Art. 7 of Law No. 30; or
- When processing amounts to systematically monitoring a publicly accessible area on a large scale.
- Cases stipulated in Art. 22.1 of Law No. 30 of 2018, or a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
- When processing on a large scale special categories of data or of personal data relating to instituting and pursuing criminal proceedings and related judgements referred to Art. 7 of Law No. 30; or
- When processing amounts to systematically monitoring a publicly accessible area on a large scale.
Coverage Horizontal
Sources
- https://web.archive.org/web/20220228101011/http://www.pdp.gov.bh/en/assets/pdf/executive-decisions/eng/the_be_met_in_the_technical.pdf
- https://web.archive.org/web/20240227033126/http://www.pdp.gov.bh/en/regulations.html
- https://www.dataguidance.com/notes/bahrain-data-protection-overview
- https://www.clydeco.com/en/insights/2022/04/bahrain-issues-new-privacy-guidelines
- Show more...
BAHRAIN
Since December 2005
Pillar Intellectual Property Rights (IPRs) |
Indicator Adoption of the WIPO Copyright Treaty
WIPO Copyright Treaty
Bahrain has ratified the World Intellectual Property Organization (WIPO) Copyright Treaty.
Coverage Horizontal
BAHRAIN
Since December 2005
Pillar Intellectual Property Rights (IPRs) |
Indicator Adoption of the WIPO Performances and Phonograms Treaty
WIPO Performances and Phonograms Treaty
Bahrain has ratified the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty.
Coverage Horizontal
BAHRAIN
Since June 2003
Pillar Intellectual Property Rights (IPRs) |
Indicator Effective protection covering trade secrets
Law No. 7 of 2003 on the Trade Secrets
قانون رقم (7) لسنة 2003 بشأن الأسرار التجارية
قانون رقم (7) لسنة 2003 بشأن الأسرار التجارية
Law No. 7 of 2003 provides a framework for effective protection of trade secrets.
Coverage Horizontal
BAHRAIN
Reported in 2019, last reported in 2024
Pillar Telecom infrastructure & competition |
Indicator Passive infrastructure sharing obligation
Requirement of passive infrastructure sharing
It is reported that there is a regulatory obligation for passive infrastructure sharing in Bahrain to facilitate the provision of telecommunications services to end-users, and that this practice is implemented in both the mobile and fixed sectors.
Coverage Telecommunications sector
Sources
- https://app.gen5.digital/tracker/country-cards/Bahrain
- https://datahub.itu.int/data/?s=3985&e=BHR
- https://tra-website-prod-01.s3-me-south-1.amazonaws.com/Media/Documents/Infrastructure/20191009104943822_vo4qeubo_tcd.pdf
- https://tra-website-prod-01.s3-me-south-1.amazonaws.com/Media/Documents/Infrastructure/20191009105548826_nme1bkpu_3ga.pdf
- Show more...
BAHRAIN
Reported in 2020, last reported in 2024
Pillar Telecom infrastructure & competition |
Indicator Presence of shares owned by the government in telecom companies
Presence of shares owned by the government in the telecom sector
The government holds a significant equity stake in the technology and telecommunications firm Beyon. As of 2024, it possesses 57% of the company’s shares, distributed through Mumtalakat Holding Company (37%) and the Social Insurance Organisation (20%).
Coverage Telecommunications sector
BAHRAIN
N/A
Pillar Telecom infrastructure & competition |
Indicator Functional/accounting separation for operators with significant market power
Lack of mandatory functional separation for dominant network operators
Bahrain does not impose a requirement for functional separation on operators possessing significant market power (SMP) within the telecommunications sector; nevertheless, it does enforce an obligation for accounting separation.
Coverage Telecommunications sector
BAHRAIN
Since October 2002
Pillar Telecom infrastructure & competition |
Indicator Licensing restrictions to operate in the telecom market
Legislative Decree No. 48 of 2002 Promulgating the Telecommunications Law
مرسوم بقانون رقم (48 ) لسنة 2002 بإصدار قانون الإتصالات
مرسوم بقانون رقم (48 ) لسنة 2002 بإصدار قانون الإتصالات
Art. 26 of the Legislative Decree No. 48 of 2002 provides that a licensee must be incorporated in Bahrain or have a registered branch office in Bahrain. In addition, it provides that, subject to certain exceptions, substantially all of the infrastructure and personnel associated with the provision of the telecommunications service must be located within Bahrain.
Coverage Telecommunications sector
BAHRAIN
N/A
Pillar Telecom infrastructure & competition |
Indicator Signature of the WTO Telecom Reference Paper
Lack of appendment of WTO Telecom Reference Paper to schedule of commitments
Bahrain has not appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.
Coverage Telecommunications sector
BAHRAIN
Reported in 2015, last reported in 2024
Pillar Telecom infrastructure & competition |
Indicator Presence of an independent telecom authority
Presence of an independent telecom authority
It is reported that the Telecommunications Regulatory Authority (TRA), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.
Coverage Telecommunications sector
Sources
BAHRAIN
Since September 2006
Pillar Cross-border data policies |
Indicator Local storage requirement
Central Bank of Bahrain and Financial Institutions Law of 2006
قانون مصرف البحرين المركزي والمؤسسات المالية لسنة 2006
قانون مصرف البحرين المركزي والمؤسسات المالية لسنة 2006
According to Art. 59 of the Central Bank of Bahrain and Financial Institutions Law of 2006, a licensee must keep accounting records, other records that the Central Bank may specify, and separate records for each branch abroad providing any of the services that are subject to the law. Insurance and reinsurance companies must keep records as specified by the Central Bank, including insurance contracts signed by the company, claims made against it and actions taken thereon, reinsurance contracts entered into by the company, and funds to be maintained according to the law (Art. 59). Art. 60 states that the period for which the companies must keep the data is at least ten years and the documents have to be retained at the licensee's main office in Bahrain, or at such other places as the Central Bank may approve.
Coverage Financial services, insurance and reinsurance companies
BAHRAIN
Since October 2007, last amended in January 2020
Pillar Cross-border data policies |
Indicator Local storage requirement
Central Bank of Bahrain Rulebook
OM-6.3.1 of the Central Bank of Bahrain (CBB) Rulebook provides that conventional bank licensees must maintain the following records in original form or in hard copy at their premises in Bahrain:
- Internal policies, procedures and operating manuals;
- Corporate records, including minutes of shareholders', directors' and management meetings;
- Correspondence with the CBB and records relevant to monitoring compliance with CBB requirements;
- Reports prepared by the conventional bank licensee's internal and external auditors; and
- Employee training manuals and records.
Conventional bank licensees are banks licensed by CBB under Volume 1 of the CBB Rulebook and generally operate according to conventional finance principles, as opposed to operating in accordance with Islamic finance principles.
- Internal policies, procedures and operating manuals;
- Corporate records, including minutes of shareholders', directors' and management meetings;
- Correspondence with the CBB and records relevant to monitoring compliance with CBB requirements;
- Reports prepared by the conventional bank licensee's internal and external auditors; and
- Employee training manuals and records.
Conventional bank licensees are banks licensed by CBB under Volume 1 of the CBB Rulebook and generally operate according to conventional finance principles, as opposed to operating in accordance with Islamic finance principles.
Coverage Conventional bank licensees
BAHRAIN
Since July 2018, entry into force in August 2019
Since March 2022
Since March 2022
Pillar Cross-border data policies |
Indicator Conditional flow regime
Law No. 30 of 2018 with Respect to Personal Data Protection Law
قانون رقم (30) لسنة 2018 بإصدار قانون حماية البيانات الشخصية
Order No. 42 of 2022 Regarding the transfer of personal data outside the Kingdom of Bahrain
قرار رقم (42) لسنة 2022 بشأن نقل البيانات الشخصية إلى خارج مملكة البحرين
قانون رقم (30) لسنة 2018 بإصدار قانون حماية البيانات الشخصية
Order No. 42 of 2022 Regarding the transfer of personal data outside the Kingdom of Bahrain
قرار رقم (42) لسنة 2022 بشأن نقل البيانات الشخصية إلى خارج مملكة البحرين
According to Art. 12 of Law No. 30 of 2018, the transfer of personal data out of Bahrain is prohibited unless the transfer is made to a country or region that provides sufficient protection to personal data. Alternatively, data controllers can also transfer personal data to countries that are not determined to have sufficient protection of personal data under several circumstances, including a permission to be issued by the Authority on a case-by-case basis, the consent of the data subject and the necessity to conclude a contract (Art. 13).
Order No. 42 establishes a list of countries that have been deemed by the Authority to provide an adequate level of data protection. The adequacy list includes 83 countries, including the UAE, Saudi Arabia, Oman, Jordan, Kuwait, Egypt, India, all EU countries, the UK, and the U.S. Controllers may transfer personal data to any country on the adequacy list without needing to obtain any authorisation from the Authority (Art. 2).
Order No. 42 establishes a list of countries that have been deemed by the Authority to provide an adequate level of data protection. The adequacy list includes 83 countries, including the UAE, Saudi Arabia, Oman, Jordan, Kuwait, Egypt, India, all EU countries, the UK, and the U.S. Controllers may transfer personal data to any country on the adequacy list without needing to obtain any authorisation from the Authority (Art. 2).
Coverage Horizontal
Sources
- https://web.archive.org/web/20220316114748/http://www.pdp.gov.bh/en/regulations.html
- https://web.archive.org/web/20230322155009/http://www.pdp.gov.bh/en/assets/pdf/executive-decisions/eng/trans-order-countries-and-territories-with-adequate-protection-en.pdf
- https://www.clydeco.com/en/insights/2022/04/bahrain-issues-new-privacy-guidelines
- https://www.dataguidance.com/notes/bahrain-data-protection-overview
- https://web.archive.org/web/20221203085012/https://bahrain.bh/wps/wcm/connect/40f1a510-96fb-40ba-b65d-a795c91d10b6/%D9%82%D8%A7%D9%86%D9%88%D9%86+%D8%B1%D9%82%D9%85+(30)+%D9%84%D8%B3%D9%86%D8%A9+2018+...
- https://web.archive.org/web/20230117225805/https://www.dlapiperdataprotection.com/system/modules/za.co.heliosdesign.dla.lotw.data_protection/functions/handbook.pdf?country-1=BH
- Show more...
BAHRAIN
N/A
Pillar Cross-border data policies |
Indicator Participation in trade agreements committing to open cross-border data flows
Lack of participation in agreements with binding commitments on data flows
Bahrain has not joined any agreement with binding commitments to open transfers of data across borders.
Coverage Horizontal
