Cybercrime Laws in Bahrain

Cyberspace is an infrastructure that has played a critical role in the global pandemic. Due to the increasing dependence on online platforms, the need to protect personal data and prevent its digital exploitation is crucial to minimize the risk faced by individuals and society. The general public must also be aware of the laws and the rights they have within the cyber territory of the country they are residing in. Though there is no standalone legislation for cybercrime in the Kingdom of Bahrain (Bahrain), multiple legislations include sections that address combating cybercrime in the country and legal service providers to ensure the citizens’ digital safety.

Law No. 60 concerning Information Technology Crimes is one of the key frameworks governing cybercrime conduct in the UAE. The sections of this law combat crimes against IT systems and data, means of information technology, and content including child pornography. Article 2 imposes a penalty fine of up to thirty thousand (30,000) dinars and/or up to one year in prison for infiltrating an IT system or a part of it. If any data is compromised, Article 3 states that punishment of life imprisonment or temporary imprisonment and/or a fine of a maximum of fifty thousand (50,000) dinars will be levied. This article also imposes a doubled penalty if the data breach results in:

• Hindrance to conduct of public facilities or public interest work
• Jeopardy to public lives, security, and health
• Harming the human body’s safety
•  Any change in medical records

If this crime results in the death of a person, Article 3 imposes life imprisonment or temporary imprisonment according to the graveness of the crime.

Article 4 criminalizes wiretapping, interception, eavesdropping, and capturing of data transmitted between IT system and makes such conduct punishable by imprisonment with a fine of a maximum of one hundred thousand (100,000) dinars. If a person aids the offender of the abovementioned crimes by providing a tool for this purpose, or a password or information of similar nature, Article 6 imposed imprisonment of up to 1 year and/or a fine of a maximum of one hundred thousand (100,000) dinars.

If the IT device of governmental interest or entities mentioned in Article 107 of the Bahrain Penal Code 1976 (armed forced personnel and servicemen, members of Councils and public representative units, an authorized person from a public authority, and Chairman and members of Board of Directors, Managers and all the staff of public institutions and organizations) is infiltrated into and changed in any manner, the offender will be liable for up-to ten years or imprisonment under Article 7. Article 9 punishes offenders who conceal their crimes with encryption with imprisonment and/or a fine of a maximum of one hundred thousand (100,000) dinars.

Article 10 governs the presence of pornographic materials in cyberspace. An offender producing and distributing pornography on any IT system through selling, importing, trading, transferring, sending, publishing, or any other form of making it available is charged with a minimum of one year of imprisonment and a fine of up-to ten thousand (10,000) dinars. If the pornographic material involves a child or is within the reach of children, the punishment is imprisonment of a maximum of two years and/or a fine of up-to ten thousand (10,000) dinars. A person consuming pornographic material from IT systems is charged with a minimum of three months of imprisonment and/or a fine of up-to three thousand (3000) dinars. If it is child pornography, the punishment is a minimum of six months of imprisonment and/or a fine of a minimum of three thousand (3000) dinars.

Under Article 12 of Law No. 30 of 2018 regarding Issuing the Protecting Personal Data law, imprisonment of up-to one year and/or a fine ranging between one thousand (1,000) dinars and twenty thousand (20,000) dinars may be imposed for the following conducts.

• Non-consensual processing of personal or sensitive personal data, or doing the same without notifying the Authority in advance
• transferring data outside Bahrain without the approval of the Authority or the data subject’s consent
• providing the Authority or data subjects with false information that contradicts the records maintained
• blocking any information or data required to be submitted to the Authority or preventing the Authority’s access to such data
• disrupting the work of the Authority’s inspections or investigations
• disclosing any information available through work, for personal benefit

In 2017, the Kingdom of Bahrain published a National Cybersecurity Strategy, addressing the hazards, including cybercrime, that threaten the country’s interests in cyberspace. The introduction of the National Cybersecurity Committee was also made through this Strategy. The main purpose of this committee is to maintain secure cyberspace to preserve the national interest and protect the nation’s critical infrastructure from big cyber-attacks.

Other legislations that have provisions for cybersecurity are Law No. 28 concerning Electronic Transactions, Law No. 48 concerning Telecommunications, Law No. 16 concerning the Protection of State Information and Documents, Law No. (54) for the year 2018 for Issuance of Letters and Electronic Transactions, and the Decree of the Prime Minister No. 36 2018 regulating the technical requirements for sending, receiving and updating the electronic records and signatures of the public bodies.

In a society that is heavily reliant on the digital realm, it is essential to have a competent and well-functioning cybersecurity program. The identification and prioritization of this necessity provide Bahrain with the foundation to build a strong cybersecurity system for its citizens. Dubai-based law firm Fotislaw can assist you with any legal issues related to cybercrime all over the middle east.