Financial Crime World

Here is the article in markdown format:

Lebanese Data Protection Law

=====================================

The Lebanese Data Protection Law provides a framework for protecting personal data within the country. Here are some key points to note regarding this law.

Controller and Processor Contracts

  • The law does not explicitly require a contract between a controller and a processor, which can lead to potential issues with accountability and transparency in data processing operations.

Data Subject Rights

The Lebanese Data Protection Law grants various rights to data subjects, including the right to be informed, access, rectification, erasure, and objection/opt-out.

Right to be Informed

  • Article 88 of the Law obliges data controllers to inform data subjects about their identity, the purposes of processing, mandatory or optional answers, consequences of not answering, recipients of personal data, and the right to access and rectify collected data.
  • This ensures that individuals have a clear understanding of how their personal information is being used.

Right to Access

  • Article 99 allows data subjects to request information on the purpose, categories, sources, subject, nature, and recipients of processed data.
  • Data controllers are required to provide this information in a timely manner.

Right to Rectification

  • Article 101 grants data subjects the right to correct, complete, or update processed personal data.
  • If data was sent to a third party, the controller must inform them of the changes.

Right to Erasure

  • Article 101 also allows data subjects to request the deletion of their personal data.
  • If the data was shared with others, the controller must notify those parties.

Right to Object/Opt-Out

  • Article 86 gives data subjects the right to refuse processing of their data.
  • However, this does not apply if the controller is legally required to process the data or has explicit consent from the subject.

Penalties

Failure to comply with the Lebanese Data Protection Law can result in fines and imprisonment. Here are some examples:

  • Fines range from LBP 1 million (approx. $70) to LBP 5 million (approx. $330), with imprisonment of up to three years for processing personal data without a declaration, violating Chapter 2 of Part 5 of the Law, or intentionally or unintentionally disclosing processed data.
  • Fines range from LBP 1 million (approx. $70) to LBP 5 million (approx. $330) for refusing to comply with a data subject’s request to access or rectify their personal data within ten days.

By understanding the rights and penalties outlined in the Lebanese Data Protection Law, individuals and organizations can ensure compliance and maintain transparency in data processing operations.