Scope
This policy applies to all unprotected data and general information
produced by the General Authority, regardless of its source, format, or
nature. This includes paper records, emails, computer-stored data, audio
or video tapes, maps, photographs, manuscripts, handwritten documents,
or any other form of recorded information.
Key Open Data Principles
The General Authority for the Care and Management of the Two Holy
Mosques is committed to promoting transparency and disseminating
knowledge through the Open Data Platform, which provides a unified
center that enables beneficiaries to easily access data in accordance with
a clear policy that governs its usage.
The Authority is committed to continuously updating the data, facilitating
access to it, and ensuring ease of use, which contributes to achieving the
highest level of benefit for users. This is accomplished by adhering to the
following principles:
Principle 1: Data Should Be Open by Default
The General Authority's data is made available to everyone, unless its
nature requires confidentiality or privacy protection. This is achieved by
disclosing the data or enabling access and use.
Principle 2: Open Format and Machine Readability
Data is provided in machine-readable formats such as (XML, JSON, XLS,
CSV), which facilitates effective digital processing and analysis.
Principle 3: Data Timeliness
The latest versions of open datasets are published regularly and made
available to everyone as soon as they are available, with priority given to
data whose value diminishes over time.
Principle 4: Comprehensiveness
Open data must be as comprehensive and detailed as possible, provided it
does not conflict with the personal data protection policy.
Principle 5: Non-Discrimination
Data is accessible to everyone without discrimination or registration
requirements, allowing anyone to access it at any time without needing to
verify identity or provide justification.
Principle 6: Free of Charge
Open data is available to everyone free of charge, with no associated
fees.
Principle 7: Open Data Licensing in the Kingdom
Open data is subject to a license that outlines the legal framework for its
use, including terms, obligations, and limitations. Using the data implies
acceptance of these terms.
Principle 8: Governance Model Development and Public
Participation
Open data enhances transparency and accountability within public
entities, and it encourages community participation in decision-making
and service development.
Principle 9: Inclusive Development and Innovation
Open data contributes to enhancing its reuse, supporting innovation, and
empowering individuals and institutions to explore its potential—thus
strengthening integration among relevant stakeholders to unleash their
full capabilities.
Scope
The provisions of this policy apply to data-sharing operations conducted
by the General Authority for the Care and Management of the Grand
Mosque and the Prophet’s Mosque with other government entities,
private organisations , or individuals, regardless of the source, form, or
nature of the data. This policy does not apply if the requesting entity is a
governmental body and the request is for security purposes or to fulfill
judicial requirements.
This policy is in alignment with the national data governance policies
issued by the National Data Management Office, ensuring no conflict with
them, and with the applicable regulations and any amendments issued.
Key Principles of Data Sharing
The General Authority for the Care and Management of the Two Holy
Mosques relies on the following principles for data sharing:
First Principle: Promoting a Culture of Sharing
The authority shares the key data it produces to ensure integration with
other entities, adopting the “single-source” principle for obtaining data
from correct sources, reducing duplication, conflicts, and multiple
sources. If data is requested from a source other than the original,
approval must be obtained from the primary entity (data source) before
sharing it with the requesting party.
Second Principle: Legitimacy of Purpose
Data should only be shared for legitimate purposes, based on regulatory
grounds or justified operational needs aimed at serving the public
interest, without harming national interests, the activities of entities,
individual privacy, or environmental safety. This excludes data and
entities exempted by royal orders.
Third Principle: Authorised Access
All parties involved in the data-sharing process must have the
authorization to access, obtain, and use the data. This is achieved by
designating authorized individuals to access the data, following the
necessary procedures to verify their credibility (if required, based on the
nature and classification level of the data according to the Data
Classification Policy).
Fourth Principle: Transparency
All necessary information related to data sharing requests must be made
available to all parties involved, including details about the requested
data, its classification levels (according to the Data Classification Policy),
the purpose of the request, methods of storage, protection controls, and
the disposal process.
Fifth Principle: Shared Responsibility
All parties involved in data sharing must be jointly responsible for the
decisions regarding data sharing, in accordance with the roles and
responsibilities outlined in the data-sharing agreement or the appropriate
regulations—depending on the circumstances—to ensure the data is
handled for the specified purposes.
Sixth Principle: Data Security
All parties involved in data sharing must apply appropriate security
controls to protect the data and share it in a safe and reliable
environment, in accordance with the relevant regulatory requirements
and as specified by the National Cybersecurity Authority.
Seventh Principle: Ethical Use
All parties involved in data sharing, in addition to adhering to the
relevant regulatory requirements, must apply ethical practices to ensure
the data is used responsibly, fairly, transparently, and with integrity.
Responsibility of Data Users
Users of open data are responsible for using the data on the General
Authority's website properly and must ensure that their use does not
result in any errors related to the data, its content, source, or date.
Responsibility of the General Authority
The General Authority is not responsible for any damages or misuse
experienced by any beneficiaries—whether from inside or outside the
center, or from public or private entities—as a result of using the data
published on the General Authority’s website. It bears no responsibility
toward users of such data for any harm or loss resulting from its use and
does not guarantee the continued availability of the data or any part of it.
Terms of Reuse
- Users must not distort the data or its source.
- The data must not be used for political purposes, to support illegal
or criminal activity, or in racist, discriminatory, inflammatory, or
culturally or socially harmful content. It must not be used in ways
that conflict with the laws and traditions of the Kingdom.
- When using this data, users must indicate its source.
- Users must provide a link to the official website of the General
Authority to preserve intellectual property rights, data credibility,
and accuracy of the source.
Freedom of Information Policy
First: Purpose of the Policy
The Freedom of Information Policy aims to enhance transparency and
accountability by enabling individuals to access information held by the
General Authority for the Care and Management of the Two Holy
Mosques, in accordance with regulations that balance disclosure with the
protection of sensitive data. It also supports community participation,
improves service quality, and strengthens trust in government
institutions.
Second: Scope
This policy applies to all public — non-protected — data and information
produced by the General Authority, regardless of source, form, or nature.
This includes paper records, emails, computer-stored information, audio
or video tapes, maps, photographs, manuscripts, handwritten documents,
or any other recorded form of information.
This policy does not apply to protected information, including but not
limited to:
- Information whose disclosure would harm national security,
policies, interests, or rights of the state.
- Military and security information.
- Information obtained under agreements with other states that is
classified as protected.
- Investigations, inspections, and monitoring related to crimes,
violations, or threats.
- Information containing recommendations or consultations for
legislation or government decisions yet to be issued.
- Commercial, industrial, financial, or economic information whose
disclosure could lead to unlawful profit or loss avoidance.
- Scientific or technical research and intellectual property rights
whose disclosure would infringe moral rights.
- Information related to tenders, bids, and auctions whose disclosure
would undermine fair competition.
- Confidential or personal information as defined by other
regulations, or requiring specific legal procedures to access.
Third: Core Principles of Freedom of Information
Principle 1: Transparency
Individuals have the right to access information related to the General
Authority to promote integrity, transparency, and accountability.
Principle 2: Necessity and Proportionality
Any restrictions on requests to access protected information must be
clearly justified.
Principle 3: Presumption of Disclosure
Every individual has the right to access public — non-protected —
information without needing to demonstrate a specific interest or purpose
and without legal liability related to exercising this right.
Principle 4: Equality
All requests for access to public information are treated equally and
without discrimination.
Fourth: Individual Rights Regarding Access to Public Information
First: The right to access any non-protected information held by the
Authority.
Second: The right to be informed of the reasons if access is denied.
Third: The right to appeal decisions refusing access to information.
Fifth: Key Requirements for Requests to Access Public Information:
- Requests must be submitted in writing or electronically.
- The approved “Public Information Request Form” must be
completed.
- Requests must be for the purpose of accessing or obtaining public
information.
- The request form must specify how the final decision and
notifications will be sent to the individual (e.g., national address,
email, the General Authority’s website).
- Requests must be submitted directly to the designated office.
Request Processing Mechanism
First: Requests are submitted by filling out the General Information
Request Form—either electronically or in paper form—and submitting it
to the office that holds the information.
Second: Within a specified period (30 days) from the date of receiving
the request to view or obtain general information, the office shall take
one of the following actions:
- Approval: If the office approves the request for full or partial
access to the information, the individual must be notified in writing
or electronically of any applicable fees. The office must provide the
information to the individual within a period not exceeding 10
business days from the receipt of the payment.
- Rejection: If the request to access or obtain the information is
denied, the rejection must be issued in writing or electronically and
must include the following:
- Whether the request was rejected in full or in part
- Reasons for the rejection, if possible
- The right to appeal this rejection and how to exercise that right
- Extension: If the request cannot be processed within the specified
time, the office must extend the response period by a reasonable
time depending on the volume and nature of the requested
information—not exceeding an additional 30 days, for example, and
provide the individual with the following:
- Notification of the extension and the expected completion date
- Reasons for the delay
- The right to appeal this extension and how to exercise that right
- Notification: If the requested information is already available on
the Authority’s website or is outside the office’s jurisdiction, the
individual must be notified in writing or electronically, including
the following:
- Type of notification, e.g., the requested data is available on the
Authority’s website or is outside its jurisdiction
- The right to appeal this notification and how to exercise that right
Third: If the individual wishes to appeal the office’s rejection of the
request, they may submit a written or electronic appeal to the office
within a period not exceeding 10 business days from receiving the office’s
decision. The Appeals Committee within the office will review the
request, make an appropriate decision, and notify the individual of any
review fees—which will be refunded if the committee approves the
request—along with the appeal decision.
To contact the Data Management Office:
Dmo@gph.gov.sa
