Skip to main content
NOPE
In Effect Law Data Protection Context Relevance

Morocco Law 09-08

Law 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data

Morocco's data protection law establishing rights regarding automated decision-making and requiring parental consent for children's data processing.

Jurisdiction

Morocco

MA

Enacted

Feb 18, 2009

Effective

Jan 1, 2011

Enforcement

Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP)

Who Must Comply

This law applies to:

  • Controllers and processors of personal data in Morocco
  • Entities processing data of Moroccan residents
  • Automated systems making decisions about individuals

Capability triggers:

servesMinors (increases)
automatedDecisionMaking (required)
Required Increases applicability

Who bears obligations:

Data ControllerData Processor

Safety Provisions

  • Right to object to automated decision-making
  • Parental consent required for children's personal data
  • Prior authorization required from CNDP for sensitive data processing
  • Security measures required for data protection
  • Cross-border transfer restrictions

Enforcement

Enforced by

Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP)

Penalties

criminal liability

Criminal liability

Fines and imprisonment for violations

Quick Facts

Binding
Yes
Mental Health Focus
Yes
Child Safety Focus
Yes
Algorithmic Scope
Yes

Why It Matters

Morocco is a key North African market. Automated decision-making rights apply to AI chatbots, requiring transparency and appeal mechanisms.

Cite This

APA

Morocco. (2009). Law 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data. Retrieved from https://nope.net/regs/ma-law-09-08

BibTeX

@misc{ma_law_09_08,
  title = {Law 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data},
  author = {Morocco},
  year = {2009},
  url = {https://nope.net/regs/ma-law-09-08}
}

Related Regulations

In Effect ZM Data Protection

Zambia DPA

Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.

In Effect BW Data Protection

Botswana DPA

Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.

In Effect SC Data Protection

Seychelles DPA

Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.

In Effect RW AI Safety

Rwanda AI Policy

First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.

In Effect INTL Child Protection

UNICEF AI for Children

Most specific international guidance on children and AI. Ten requirements for child-centered AI including development/wellbeing support, data/privacy protection, and safety.

In Effect NP AI Safety

Nepal AI Policy

Nepal national AI policy establishing governance framework and development priorities. Creates AI Governance Council (chaired by Minister for Communications and IT), AI Regulation Council, National AI Centre, and AI Regulatory Authority. Six pillars including ethics, human resource development, and sectoral application.

Back to all regulations Check if this applies to you