The year 2020 has witnessed governments respond to the global COVID-19 crisis by rushing to deploy technological solutions, from contact tracing applications to digital health certificates and passports. The pandemic has brought to center stage the significant threats new technologies can pose for human rights, underscoring the critical need for governments to prioritize the adoption of robust privacy safeguards and data protection legal frameworks for citizens’ personal data.
Across the Middle East and North Africa (MENA), data protection legislation is still in its infancy, and it remains a low priority in countries where data protection laws are either very weak or non-existent. Nevertheless, governments have been quick to introduce proposals for use of technology that are data-heavy, such as national digital identity programs, biometric passports, and e-health services, disregarding how technology can be used to infringe citizens’ privacy or exploit their personal data. Where data protection laws do exist, enforcement is problematic. National security agencies often enjoy unrestricted access to citizens’ personal data, and private companies exploit and sell this information for profit without users’ knowledge or consent.
Access Now is committed to protecting human rights and to advancing the global, regional, and local agendas on privacy and data protection. In this report, we highlight how privacy and data protection violations by state and non-state actors are compounded by the lack of legal data protection safeguards which would obligate public entities, private companies, and international organizations to respect and adhere to data protection principles, empower users to take agency and control over their personal information, and create mechanisms for grievance and redress when such violations occur.
We explore these issues and propose safeguards and policy recommendations for those involved in the collection and processing of personal data: governments, private companies, and international aid organizations. We include case studies for Jordan, Lebanon, Palestine, and Tunisia. Our goal is not to include an exhaustive list of all cases related to data protection, but to present a few key illustrative cases for each country. We have only scratched the surface here, and we welcome further input, examples, and investigations by citizens, activists, journalists, and civil society organizations.