Bahrain

Summary

Bahrain presents medium-high risk for web crawling. Bahrain was an early GCC adopter of data protection law: the Personal Data Protection Law (Law 30/2018, in force 1 August 2019) requires explicit written consent for personal data processing with no meaningful publicly-available-data exemption. Ten ministerial resolutions supplementing the PDPL were issued in March 2022, completing the regulatory framework; the Personal Data Protection Authority (PDPA) is the enforcement authority. The Cybercrime Law (Law 60/2014) criminalises unauthorised access to computer systems with penalties up to 3 years' imprisonment and BD 50,000 fines, rising to 10 years and BD 300,000 for serious offences. A 2025 Penal Code amendment (Legislative Decree 3/2025) supplements the Cybercrime Law with new provisions on cybercrime and device theft; the Shura Council's Legislative and Legal Affairs Committee approved a further proposed addition (new Art. 10 bis) as of May 2026, though this had not yet passed into law. Bahrain's copyright law protects databases under a compilation-originality standard; no EU-style sui generis database right exists, and there is no TDM exception. No scraping- specific case law is publicly available.