Lebanon Falls Short in Protecting Financial Institution Data

Lack of Comprehensive Framework Deemed Insufficient by Experts

Beirut - Despite efforts to establish a robust data protection framework, Lebanon’s financial institution data protection laws have been deemed insufficient by experts. The country’s current legislation, Law No. 81 of 2018 on Electronic Transaction and Personal Data, has made some strides in protecting personal data, but critics argue that it falls short when compared to international standards.

Insufficient Legislation: A Concern for Experts

“The law is not a comprehensive piece of data protection legislation,” said a local expert who wished to remain anonymous. “It does establish some essential legal framework governing the protection of personal data, but it’s clear that there is much work to be done.”

Some of the key concerns with Lebanon’s current data protection laws include:

• Lack of an Independent Data Protection Authority: The Law instead gives relevant powers to the Ministry of Economy and Trade, which must be notified of any intended data processing activity.
• Limited Oversight: Experts warn that this may not provide adequate oversight or protection for data subjects. “The role of the ministry is limited,” said another expert. “It does not have the teeth it needs to effectively enforce data protection laws.”
• No Specific Guidelines on Data Retention Periods and Sensitive Personal Data: The Law also fails to establish clear penalties for non-compliance, relying instead on vague provisions.

Experts Call for Revising Existing Legislation

Critics argue that this creates a legal gray area that can be exploited by financial institutions and other organizations handling sensitive information. As a result, experts are calling on the government to revisit and revise the existing legislation to better align with international standards.

“Lebanon needs to take data protection seriously,” said an expert. “The current law is not enough.”