Jordan PDPL
Personal Data Protection Law (Law No. 24 of 2023)
Jordan's data protection law with medical data processing exceptions, data portability rights, and oversight including security services.
Jurisdiction
Jordan
JO
Enacted
Jun 1, 2023
Effective
Mar 1, 2025
Enforcement
Data Protection Council (includes security services representation)
Medical data exceptions; oversight includes security services
What It Requires
Who Must Comply
This law applies to:
- • Data controllers and processors in Jordan
- • Entities processing data of Jordanian residents
- • Medical and health data processing
Capability triggers:
Who bears obligations:
Exemptions
Medical Data Exceptions
medium confidenceSpecific exceptions for medical data processing
Conditions:
- • Compliance with healthcare regulations
Safety Provisions
- • Medical data with specific exceptions
- • Data portability rights
- • Security services oversight role
- • Breach notification required
- • Cross-border transfer restrictions
Enforcement
Enforced by
Data Protection Council (includes security services representation)
Penalties
Fines and administrative sanctions
Quick Facts
- Binding
- Yes
- Mental Health Focus
- Yes
- Child Safety Focus
- No
- Algorithmic Scope
- No
Why It Matters
Jordan's medical data exceptions and security services oversight create unique compliance considerations for mental health chatbots serving Jordanian users.
Recent Developments
Enforcement began March 2025
Cite This
APA
Jordan. (2023). Personal Data Protection Law (Law No. 24 of 2023). Retrieved from https://nope.net/regs/jo-law-24-2023
BibTeX
@misc{jo_law_24_2023,
title = {Personal Data Protection Law (Law No. 24 of 2023)},
author = {Jordan},
year = {2023},
url = {https://nope.net/regs/jo-law-24-2023}
} Related Regulations
Israel Privacy Amendment 13
Israel's most significant privacy reform in 40 years, explicitly covering AI systems. Requires Data Protection Officers (DPOs) for entities processing sensitive data at scale, mandates Data Protection Impact Assessments (DPIAs) before AI deployment, and enhances Protection of Privacy Authority enforcement powers. One of first data protection laws to explicitly require DPIAs before AI development or deployment.
Saudi Arabia PDPL
Saudi Arabia's comprehensive personal data protection law with extraterritorial scope, DPO requirements for sensitive processing, and National Data Governance Platform registration.
Oman PDPL
Oman's data protection law with world's strictest health data regulation: outright BAN on health data processing without Ministry of Health permit. Also requires 72-hour breach notification.
Egypt AI Strategy 2025
Ambitious national strategy positioning Egypt as regional AI hub for Africa and Middle East. Targets 7.7% ICT sector GDP contribution by 2030, training 30,000 AI specialists, establishing 250 AI companies. Built on six strategic pillars: governance, infrastructure, technology, data, ecosystem, and talent. Accompanied by Egyptian Charter for Responsible AI (April 2023) with ethics principles.
Qatar QCB AI Guidelines
Binding AI governance requirements for Qatar's financial sector. Mandates board-level accountability, risk assessments, human-in-the-loop for high-impact decisions, and prior QCB approval for high-risk AI systems.
UAE Media Law
Comprehensive media regulation requiring licensing for all digital platforms, social media operations, and influencers. 20 binding content standards with significant penalties.