An information seminar on "The protection of personal data and promotion of regional investment" was organised on Monday, 7 December, in Fès.

This seminar was initiated jointly by the National Commission for the Control and Protection of Personal Data (CNDP) and the Regional Investment Centre (CRI) of Fès-Meknès.

The director of the CRI, Rachid Aouine, noted that this information seminar was part of the actions undertaken by the commission to raise awareness among the public, economic operators, and all those responsible for processing personal data.

He took this opportunity to recall the incentive measures taken to stimulate investment and the creation of businesses in the region, stressing that the offshoring zone of Fès has welcomed around twenty companies, allowing for the creation of several thousand jobs.

Nouzha Tlemçani Mhandez, a state engineer in the Control and Expertise department at the CNDP, then discussed the "Legal framework for the protection of personal data in Morocco". As for Mohammed Khamlichi, an official in the same department, he gave a presentation on the theme: "Protection of personal data and promotion of regional investment".

The two speakers recalled the legal provisions introduced by Law number 09-08, which aims to protect identity, individual and collective rights and freedoms, as well as privacy, against any infringement likely to affect them through the use of new information and communication technologies (Internet, Smartphones, unwanted SMS, videos, press, etc.). The adoption of this law makes Morocco one of the first Arab and African countries to have a legal system for the protection of personal data, as defined by European bodies, they indicated.

They also recalled that the National Commission for the Control and Protection of Personal Data was created in 2010 to ensure compliance with and execution of the legal provisions introduced by the said law.

The exploitation of personal data, without the consent of the person concerned, could cause them serious harm if their sensitive identity data (ID card, bank statement, email, race, religion, ethnicity, political or trade union affiliation, etc.) are disclosed to a third party, they warned.

However, this law does not apply to data obtained by the National Defence and State Internal and External Security services, or data acquired within the framework of processing carried out in application of specific legislation.

The person responsible for processing personal data can be a natural or legal person carrying out an activity on Moroccan territory, and also a foreign company maintaining business with Moroccan representatives or Moroccan subsidiaries, while using means located on Moroccan territory.

These provisions thus aim to create favourable conditions for the development of offshoring and relocations, according to the speakers.

Any person committing one of the offences provided for by the law may be subject to fines or imprisonment. And if a legal person is responsible for the offence, the penalties are doubled, they specified.

The law provides that the CNDP, established under the Prime Minister, exercises a power of control, sanction, advice, and awareness. Thus, the Commission can be seized by any natural person whose personal data is being processed.

When the Commission deems the intervention of the justice system necessary, it can refer the matter to the King's Prosecutor to initiate legal proceedings.

A rich and constructive debate was engaged on this occasion, leading the speakers to provide ample clarifications on the law and on the actions undertaken by the CNDP.

Documents were made available to participants, including a CNDP activity report for 2014, the year during which the Commission undertook its first checks in accordance with the provisions of the law relating to the protection of personal data.

Booklets on guidelines relating to the compliance of websites with Law 09-08 were also distributed to the seminar participants.