Abstract

This paper examines the evolving landscape of data protection and privacy regulations across the Middle East and North Africa (MENA region), with particular emphasis on approaches that diverge from the European Union’s General Data Protection Regulation (GDPR). Through comparative analysis of legislative frameworks in key MENA jurisdictions, including the United Arab Emirates, Saudi Arabia, Egypt, and Morocco, this research identifies distinctive regional approaches to data sovereignty, religious and cultural considerations in privacy conceptualisation, and sector-specific regulatory models. The study contextualises these findings against Brunei Darussalam’s current data protection framework, which remains in nascent stages of development having just come into force in early 2025. Drawing on the MENA region’s experiences, this paper proposes a tailored roadmap for Brunei that balances international best practices with local legal traditions and cultural values. The findings suggest that Brunei might benefit from adopting elements of the UAE’s free zone approach, Saudi Arabia’s sector-specific regulations, and Morocco’s balanced implementation strategy, while adapting these models to accommodate Brunei’s unique socio-legal context and economic priorities.