the Development of Personal Data Protection Law in Yemen

Consultant IT & Telecom Information Management

Overview

Deliver a report on Personal Data Protection Law in Yemen.

You have:

• An advanced university degree in law or a related field is required.
• A Ph.D. degree is desired.
• At least 5 years of demonstrated experience in the drafting or regulatory advisory assessment of personal data protection legislation is required.
• Familiarity with the Yemeni legal system or civil law systems in the Arab region is desirable.
• Expertise in digital technology and digital identity issues is desirable.
• Previous experience in the delivery of research papers is desirable.
• Fluency in written and spoken English and Arabic is required.
• Knowledge of French is desirable.

Contract

This is a Consultancy contract. More about Consultancy contracts.

Result of Service

The consultant is expected to deliver: • The report prepared should be in Arabic and in electronic format. • The report submitted should not be less than 30 pages. • A 2 to 4 pages executive summary of the report. All deliverables must be submitted in Arabic (with professional quality and clarity). The completed parts should be edited and saved in MS-Word (*.docx file) or an alternate compatible format. Note that PDF format will not be accepted. It should include a table of contents to be automatically updated followed by a list of all tables and figures. The various parts should be submitted in electronic form and sent to the email of the designated focal point. Attention is kindly drawn to the need to ensure that the final draft of the outputs be thoroughly reviewed prior to submission and to indicate the sources of tables and diagrams. References to reports and other substantive material should be clearly indicated within the text and noted at the end. It is also essential to send, with the completed output, photocopies or scans of at least the first page of books, reports and bulletins, used as reference material as well as copies of the pages quoted. The content of the generated document shall be the sole property of ESCWA. Their contents cannot and must not be presented, discussed or published without the express authorization of ESCWA. The consultant shall keep in mind that UN-ESCWA routinely checks all deliverables for plagiarism using readily available electronic tools. All previously published content, even if written by the selected consultant, must be clearly referenced where required within the text and end-noted at the end of the study. The report submitted by the consultant must not contain quoted, previously published text equalling more than 20 per cent of the total number of pages. The consultant shall not publish or announce or reveal the content of the report, partly or entirely, on social media or any other public channel, without ESCWA and MTIT permission. The content of the generated document shall be the sole property of ESCWA.

Work Location

remote

Expected duration

16 weeks

Duties and Responsibilities

I. GENERAL SCOPE The widespread adoption of information and communications technologies (ICTs) across public and private institutions has made the establishment of comprehensive cyber and data related legislation imperative. In the Arab region, many countries have made progress in developing cyber laws; however, the rapid evolution of digital services—such as cloud computing, artificial intelligence (AI), platform economies, and cross border data flows—continues to outpace existing legal frameworks. To fully harness the benefits of digital transformation while addressing risks related to privacy, security, and misuse of data, Arab countries are encouraged to develop and modernize their legislative frameworks to meet the demands of the digital age. At the global level, the UN promotes responsible, inclusive, and trustworthy use of digital and emerging technologies in support of sustainable development. In September 2024, world leaders adopted the Pact for the Future during the Summit of the Future, together with its annexes: the Global Digital Compact (GDC) and the Declaration on Future Generations. The GDC places strong emphasis on digital trust, effective digital governance, and the protection of human rights in the digital environment. Central to these objectives is the protection of personal data, which the GDC recognizes as a cornerstone of trust in digital systems and a prerequisite for people’s safe and meaningful participation in the digital economy. The UN ESCWA has a long standing role in supporting its member States in the development and reform of cyber legislation. In 2007, UN ESCWA published Models for Cyber Legislation in UN ESCWA Member Countries, which reviewed regional and international legal developments and proposed practical templates to assist countries in assessing and harmonizing national cyber laws. Through its technical cooperation program, UN ESCWA continues to support member States in strengthening legal, institutional, and regulatory capacities related to digital and emerging technologies, including data protection and regulatory oversight. Recently, the Ministry of Telecommunications and Information Technology (MTIT) in Yemen has requested UN ESCWA’s advisory services to support the development of a personal data protection law aligned with international standards and regional best practices. Such a law would contribute to strengthening trust in digital services, protecting individuals’ rights, and supporting Yemen’s broader digital transformation efforts in line with global developments, including the principles set out in the GDC. In response, UN ESCWA is engaging a qualified legal consultant to provide specialized expertise in personal data protection, with specific attention to the Yemeni legal and institutional context. Yemen's ongoing conflict and fragile institutional environment require that the draft law include a realistic implementation sequencing recommendation, identifying which provisions can be operationalized in the near term and which require institutional prerequisites, such as the establishment of a data protection authority. The consultant shall draw on established international frameworks including the EU General Data Protection Regulation (GDPR), the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (2013 revision), the Council of Europe Convention 108+, and the Arab League's draft model data protection law, selecting and adapting provisions appropriate to Yemen's legal, institutional, and developmental context. This consultancy is part of a coordinated package of three inter-related legal instruments being developed simultaneously for Yemen: Access to Information Law, Personal Data Protection Law, and an e-Transactions and Trust Services Law. The consultant shall be aware of this broader legislative package and shall flag, in the drafting notes annex, any provisions in the assigned law that intersect with or depend upon the other instruments, to ensure coherence across the three laws. The advisory services, including the scope of work and expected outputs, are detailed in these Terms of Reference. III. DUTIES AND RESPONSIBILITIES The consultant shall propose to the designated ESCWA focal point a detailed version of the report on personal data protection law. To produce the draft report, the consultant is requested to conduct, among others, the main following tasks: 1. Benchmarking and Best Practices • Review current national laws related to digital and emerging technologies in Yemen; • Review best regional and international practices in personal data protection law covering at least 2 regional cases and 2 international cases, with justification for case selection provided in the report; 2. Stakeholder Engagement • Identify main national stakeholders, hold, in coordination with MTIT, interviews and meetings with the main national stakeholders and preparing minutes of each meeting/interview summarizing the discussed points, their remarks, observations and proposals; • Contribute to sectoral workshops to discuss needs and priorities, if needed; • Discuss priorities and needs with MTIT and ESCWA; • Document findings, priorities, and challenges. 3. Situational analysis • Analyze existing legislation, and regulatory frameworks, including data-related provisions currently embedded in Yemen's telecommunications law, e-government frameworks, and sector-specific regulations, mapping these against international PDPL standards; • Conduct a comprehensive gap analysis to identify gaps, overlaps, and contradictions with international PDPL standards 4. Law Development • Draft a suggested law based on national needs, gap analysis, international/regional best practices, and ESCWA template for cyber legislations. The draft Personal Data Protection Law (PDPL) shall include, at a minimum: o Preamble, objectives, and guiding principles (including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality); o Definitions and material/territorial scope of application (including extraterritorial reach, where applicable); o Legal bases for processing personal data, including consent, contractual necessity, legal obligation, vital interests, public interest, and legitimate interests, with specific conditions for validity of consent; o Special categories of personal data (sensitive data) and rules governing their processing, including additional safeguards; o Data subject rights, including access, rectification, erasure, restriction of processing, data portability, objection, and rights related to automated decision-making and profiling; o Obligations of data controllers and data processors, including accountability, record-keeping, data protection by design and by default, use of processors, and contractual requirements; o Transparency and information obligations, including privacy notices and communication requirements; o Data security requirements, including technical and organisational measures; o Personal data breach notification and incident response obligations, including notification to the supervisory authority and, where applicable, affected data subjects; o Data protection impact assessments (DPIAs) and prior consultation mechanisms for high-risk processing; o Appointment and role of data protection officers (DPOs), where required; o Cross-border data transfer rules, including adequacy mechanisms, appropriate safeguards, and specific consideration of GCC and Arab regional frameworks; o Supervisory authority: establishment, independence, powers, functions, and cooperation mechanisms (including international cooperation); o Complaints, remedies, and judicial redress mechanisms for data subjects; o Administrative sanctions, penalties, and enforcement mechanisms; o Exemptions and derogations, including for national security, public interest, research, and journalistic purposes, subject to safeguards; o Specific provisions for children’s data, where applicable; o Transitional provisions and entry into force. 5. Validation and Consultation • Present and discuss, under the guidance of ESCWA and MTIT teams, the draft law with national entities in an enlarged meeting or workshop; • Update and enrich the suggested draft based on the comments received during the workshop/meeting and from ESCWA and MTIT team. 6. Finalization • Deliver a final report that includes a summary of implemented activities with the suggested law, and an implementation annex proposing a phased roadmap for the law's entry into force. ESCWA promotes gender equality and integration of youth through its publications and therefore the consultant should pay attention, with the help of ESCWA staff, to gender considerations and youth dimension throughout the research work to ensure that the report gives equal attention to the needs of both men and women, as well as girls and boys. Writing should use gender-sensitive language.

Qualifications/special skills

An advanced university degree in law or a related field is required. A Ph.D. degree is desired. All candidates must submit a copy of the required educational degree. Incomplete applications will not be reviewed. At least 5 years of demonstrated experience in the drafting or regulatory advisory assessment of personal data protection legislation is required. Familiarity with the Yemeni legal system or civil law systems in the Arab region is desirable. Expertise in digital technology and digital identity issues is desirable. Previous experience in the delivery of research papers is desirable

Languages

English and French are the working languages of the United Nations Secretariat; and Arabic is a working language of ESCWA. For this position, Fluency in written and spoken English and Arabic is required Note: “Fluency” equals a rating of ‘fluent’ in all four areas (speak, read, write, and understand) and “Knowledge of” equals a rating of ‘confident’ in two of the four areas.

Additional Information

Not available.

No Fee

THE UNITED NATIONS DOES NOT CHARGE A FEE AT ANY STAGE OF THE RECRUITMENT PROCESS (APPLICATION, INTERVIEW MEETING, PROCESSING, OR TRAINING). THE UNITED NATIONS DOES NOT CONCERN ITSELF WITH INFORMATION ON APPLICANTS’ BANK ACCOUNTS.

Apply now

Potential interview questions

Added 1 hour ago - Updated 1 hour ago - Source: careers.un.org