PDPL Article 28, says that controllers are not allowed to make copies of official documents (e.g., passports, national ID cards) that can be used to identify individuals, unless one of two conditions is met:
The copying is explicitly required by law, or
A competent public authority formally requests it, in accordance with the Regulations.
This provision protects data subjects from unnecessary duplication and potential misuse of their identity documents.
Saudi PDPL Article 28
Copying ID Restricted
It is not permissible to copy official documents where Data Subjects are identifiable, except where it is required by law, or when a competent public authority requests copying such documents pursuant to the Regulations.
Explanation of Saudi PDPL Article 28
Official documents with identity details cannot be copied unless legally required
Saudi PDPL Article 28 says, controllers are prohibited from copying any official document (e.g., ID cards, passports) that identifies a person unless it is mandated by law or requested by a competent public authority as per the Regulations.
