Data & Privacy · Palestine
Data protection & privacy laws in Palestine (2026)
Palestine shaded by its data & privacy status
The State of Palestine has no comprehensive, GDPR-style data-protection statute in force; the right to privacy rests on Article 32 of the 2003 Amended Basic Law and Palestine's accession to the ICCPR. A dedicated Personal Data Protection Law by Decree has been drafted since 2016, with its third reading dated 15 June 2022, but remains stuck in cabinet/ministerial review and has not been issued. No independent data-protection supervisory authority currently exists.
Key points
Palestine has not enacted a comprehensive data-protection law. UNCTAD classifies it among the small minority of countries that have only draft legislation, none of which has been adopted.
A drafting committee was assigned in 2016; the latest reviewed version is the third reading dated 15 June 2022, which has been referred repeatedly back to ministries and never issued.
Article 32 of the 2003 Amended Basic Law prohibits arbitrary or unlawful interference with a person's privacy, family, home or correspondence; Palestine has also acceded to the ICCPR (Article 17).
The Cybercrime Law by Decree No. 10 of 2018 contains limited privacy-relevant provisions (e.g., court-authorized interception of communications, capped at three months) but is widely criticized for enabling surveillance rather than protecting personal data.
There is no operational independent data-protection authority. 7amleh's 2023 analysis warns that the draft decree's proposed oversight board lacks defined qualifications and independence guarantees.
The draft decree is modeled on international standards, incorporating principles such as lawfulness, fairness, transparency and rules on collection, processing and storage of personal data — but these take effect only if and when the law is issued.
Palestine - other topics
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →