Load low-bandwidth site?

Exposed & Exploited: Data Protection in the Middle East and North Africa

Image for Exposed & Exploited: Data Protection in the Middle East and North Africa
4 February 2021
Middle East and North Africa

Share this:

Exposed & Exploited: Data Protection in the Middle East and North Africa

The year 2020 has witnessed governments respond to the global COVID-19 crisis by rushing to deploy technological solutions, from contact tracing applications to digital health certificates and passports. The pandemic has brought to center stage the significant threats new technologies can pose for human rights, underscoring the critical need for governments to prioritize the adoption of robust privacy safeguards and data protection legal frameworks for citizens’ personal data.

Across the Middle East and North Africa (MENA), data protection legislation is still in its infancy, and it remains a low priority in countries where data protection laws are either very weak or non-existent. Nevertheless, governments have been quick to introduce proposals for use of technology that are data-heavy, such as national digital identity programs, biometric passports, and e-health services, disregarding how technology can be used to infringe citizens’ privacy or exploit their personal data. Where data protection laws do exist, enforcement is problematic. National security agencies often enjoy unrestricted access to citizens’ personal data, and private companies exploit and sell this information for profit without users’ knowledge or consent.

Access Now is committed to protecting human rights and to advancing the global, regional, and local agendas on privacy and data protection. In this report, we highlight how privacy and data protection violations by state and non-state actors are compounded by the lack of legal data protection safeguards which would obligate public entities, private companies, and international organizations to respect and adhere to data protection principles, empower users to take agency and control over their personal information, and create mechanisms for grievance and redress when such violations occur.

We explore these issues and propose safeguards and policy recommendations for those involved in the collection and processing of personal data: governments, private companies, and international aid organizations. We include case studies for ​Jordan​, ​Lebanon​, ​Palestine,​ and ​Tunisia​. Our goal is not to include an exhaustive list of all cases related to data protection, but to present a few key illustrative cases for each country. We have only scratched the surface here, and we welcome further input, examples, and investigations by citizens, activists, journalists, and civil society organizations.


WFP COVID-19 Common Services Plan

As outlined in the Global Humanitarian Response Plan, WFP is setting up a comprehensive platform of services to enable the health and humanitarian community to deliver support to the most vulnerable populations during the COVID-19 pandemic, known as the Common Services Plan.

Pakistan Elections – Risks for NGOs

This report looks at risks ahead of the 2013 elections in Pakistan, with a particular focus on the safety of NGOs

Getting aid to Syria: Sanctions issues for banks and humanitarian agencies

This paper provides background information and practical tips on how banks and humanitarian agencies can work together to ensure aid can reach civilians in need of assistance in and around Syria in compliance with UK, EU and US sanctions