There has been a number of commentators who have referred to the need for reforms in various sectors of the economy, from Whatsapp calls and the telecom sector to bankruptcy laws.

The overall impetus has been a framework to reduce costs, and while these are important, there is another area which I wish to comment, where I believe more can be done. This refers to the issue of data.

Societies throughout the world are trying to make sense of how to draw a line between privacy laws and how the data generated by an individual may be utilised by the company and/or by the government agencies. Recently, there were a raft of measures introduced by the European Union (EU) known as the General Data Protection Regulation (GDPR).

There are far reaching implications this has on the behaviour of companies and individuals and how they interact with each other.

In Dubai, there has hardly been a day where one of us has not received a call by one of the brokers cold-calling to see if we are interested in a property purchase and/or sale. Despite the fact that these calls are explicitly prohibited by Rera (Real Estate Regulatory Agency), a number of brokers have found a way around, simply by calling from overseas numbers and/or VOIP phones. However, the latter is also illegal in the UAE.

At source, the issue of data becomes a paramount one; these brokers have gained access to purchasers simply by buying “broker lists”. A number of these are available online and a simple Google search will yield dozens of agents providing such data.

This problem does not plague the real estate sector alone; many of my friends who use online portals for some of their shopping have been distressed when they receive calls subsequently from salespeople detailing their purchases and offering them additional deals. Many of us have taken these calls in our stride, but the issue of data privacy is a critical one and where the sensitivity levels start to rise is when they trespass onto areas that we consider to be nobody’s business (for example, medical records).

Consent for data mining

Given the fragmentation of the free zones in the UAE, there are a myriad approaches of how to deal with data privacy, with correspondingly varying levels of efficacy. Again, it is not my place to comment on a worldwide and a nationwide approach that is far more complicated than we realise.

But at its roots, we can plainly distinguish between behaviour levels that we find acceptable and those that we do not. Reverting to the example of broker lists, it is clear that there are perverse incentives in place whereby these lists are being complied and then sold by certain individuals who work for certain developers. These lists then proliferate throughout the ecosystem, resulting in the creation of databases where the entire purchase history of individuals are available online and are used for lead generation.

This is not a new phenomenon. However, the concern is the alarming rise with which this data is being made available without the individual’s consent. Even where there are laws in place that stipulate its illegality, it becomes frustratingly difficult to prosecute.

Data mining should be done with the explicit consent of the consumer and/or investor in question. This should not be an issue of fine print; rather, it should be outlined clearly before the purchase decision is made.

The recently passed GDPR laws in Europe have made headway in shifting the balance of power towards the consumer.

In the UAE, which is leading the way in reforms not only in the Middle East but in certain cases throughout the world, there needs to be this spirt infused whereby data protection becomes the centrepoint of the emphasis in digitising and modernising its economic framework.

(Nasser Malalla Ghanem is Senior Partner at NM Associates, which has a joint venture with GCP.)