The Universal Declaration of Human Rights stipulates that “no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” The right to privacy, connected to the right to data protection, has long been recognized as a basic human right. Unfortunately, that right is not adequately protected in most of the countries that make up the Middle East North Africa (MENA). Governments in the region have tended to de-prioritize legal frameworks for data privacy and protection in favor of anti-terrorism laws that can raise human rights concerns.
However, the European Union General Data Protection Regulation (GDPR) is leading change across the globe in the area of data protection, privacy, and positive initiatives have started to surface in the MENA region. In some cases, lawmakers are advancing local data protection laws that follow the footsteps of the GDPR. Here’s a look at the status of some of these initiatives and five reasons why implementing a comprehensive data protection framework is imperative in MENA and around the world.
Tunisia: strong data protection must be a top priority
Given the already tense and unstable political landscape, the personal data of Tunisians, especially that on social media platforms, is at risk and can be exploited in ways that are not difficult to predict. Current data protection law does not provide adequate safeguards or guarantees for protecting data that conform with international human rights standards, and a pending bill to address the problem is flawed. Access Now, among many other civil society organizations, has expressed concerns and highlighted the significant deficiencies in the bill that could curtail fundamental freedoms, such as the right to freedom of expression and the right to access information. On Data Protection Day, we remind everyone that enacting strong data protection laws must take absolute priority in Tunisia.
Jordan: the Privacy Commission should be independent
In 2014, the Jordanian Ministry of Information and Communication Technology introduced a draft bill related to data protection. The draft bill appears to be generally based on the GDPR, with the incorporation of the main concepts of transparency, accuracy, storage limitation, and data minimization. However, local civil society organizations have expressed concerns over the draft related to the lack of independence of the Jordanian Privacy Commission as it will be directly chaired by the ICT minister. This directly impacts the legitimacy of such a commission and its capacity to operate in a non-biased way. To date, it is not clear when the parliament will vote on this bill.
Egypt: loopholes should be closed and civil society consulted
Recently the Egyptian House of Representatives approved, in principle, a draft of Egypt’s first data protection law. The new law would establish a Center for Personal Data Protection that will develop policies and regulations related to Egyptians’ data. This is a huge step forward for ensuring Egyptians’ data protection. However, the draft contains points of deficiency, such as putting the Central Bank of Egypt (CBE) and other such entities outside the scope of the law for its supervision. The law was expected to be officially published by the end of 2019. Unfortunately, the final version of the draft has not been published yet. Added to that, civil society was not consulted in the drafting or review of this bill.
Five reasons why strong data protection is imperative across MENA (and globally)
- Data protection strengthens democracies. Having a comprehensive data protection law will not only reinforce trust at the national level in terms of treatment and respect for human rights, but will also be one of the major pillars in the democratic transition for countries that are experiencing uprisings and political instability.
- Data protection fosters economic growth. For countries in the MENA region that have more than 50% of their economy linked to the European Union, robust data protection safeguards will enable them to join the countries that already offer trust and confidence in the processing of Europeans’ personal data. This will reinforce the country’s attractiveness for foreign investors and will facilitate partnerships between local companies and their European counterparts.
- Data protection helps safeguard elections. Undergoing an election season in any country in the world without the guarantee of basic fundamental freedoms, such as the rights to privacy and data protection, constitutes a direct threat to the transparency and legitimacy of the election’s results. We are seeing the consequences of data harvesting and targeted manipulation of voters globally, with the dynamics revealed by the Cambridge Analytica scandal that may have impacted the 2016 U.S election. It is therefore crucial and urgent for MENA countries to put in place safeguards for data privacy.
- Data protection helps keep people safe in the digital era. In many MENA countries, privacy rules exist but they are not adapted to suit the current digital environment, and in some cases the laws on the books are so old, they do not mention the internet or address what happens online. A modern data protection framework can address and help mitigate the risks of today’s digital world, from cyberstalking to identity theft and beyond.
- Data protection can increase cybersecurity. A solid legal framework for data protection can reduce the impact of cyber attacks. Even if attackers gain access to a database, in a GDPR-compliant company, they would find less data to steal and exploit. Government institutions that are likewise obligated to protect people’s data would also be less vulnerable to the negative impact of hacking and data exposure.
Access Now will continue to advocate for comprehensive, user-centered data protection frameworks in MENA and across the globe, and we stand ready to assist lawmakers who are advancing these frameworks.