(Resolution No. 26 of 2024) extends its scope to encompass all service providers authorized by CITRA involved in the collection, processing, and retention of personal data and user content. This includes data stored either entirely or partially, on a permanent or temporary basis, through mechanical or alternative techniques, forming an integral part of a data storage system, regardless of whether processing occurs within or beyond Kuwait's borders.

Key Features

• Under the directive of transparency, service providers are required to convey terms using clear language in both English and Arabic. They must notify users about procedures for requesting modifications or deletions of their data.
• Explicit user consent is mandatory prior to data collection. This includes providing users with comprehensive information about the terms, conditions, and commitments associated with the data collection process.
• A clarification of the purpose of collecting the necessary user’s personal data is required, in order to provide the service and detail how the data will be employed.
• It is mandatory to notify CITRA of any data breaches within 24 hours, accompanied by specific steps aimed at mitigating potential consequences.

The implementation of (Resolution No. 26 of 2024) marks a positive step towards advancing data privacy protections for users in Kuwait. CITRA is taking proactive measures to enhance security and safeguard user data, fostering a conducive atmosphere for the continued growth and innovation of the ICT sector in Kuwait.