Data disclosure requirements
12. Are there any local laws that would require a cloud service provider to disclose the data it hosts to any third parties in any circumstances (including regulatory or law enforcement authorities)?

Generally, in judicial proceedings the Public Prosecutor and/or a court may order a person to share data that is relevant/required in any proceedings whether civil or criminal. The Egyptian Criminal Procedures Law allows an investigating judge to issue a warrant to access electronic mail and to monitor/intercept phone calls where this will assist an investigation.

Under Article 6 of the Cybercrime Law no. 175 of 2018, cloud service providers are required at request of national security agencies, to provide all technical support to permit these agencies to exercise their legal power. A failure to comply with these requests is punishable by a term of imprisonment of not less than three months and a fine of not less than EGP 20,000 and not more than EGP1 million (see article 32 of the Cyber Crime Law).

The Data Protection Law No. 151 of 2020 (the DPL) allows national security agencies and governmental authorities, for national security purposes, to request the Data Commissioner, to require personal data controllers and processors to modify, delete, hide, or to abstain from circulating or disseminating personal data for a specified period. While there are no penalties under the DPL for non-compliance with this requirement, data controllers and processors are required to comply with the Data Commissioner's notification within the specified period therein. Any non-compliance may be considered as obstruction of justice punishable by a term of imprisonment. Please note that entities subject to the supervision and control of the Central Bank of Egypt are not subject to the DPL.