Doha News asked residents in Qatar about their opinions on marketing messages sent by companies and the possible privacy concerns they pose.
In a recent poll on Instagram, hundreds of clicks poured into Doha News social media, confirming people’s frustration with the daily marketing messages received on their phones.
The excessive amount of messages residents receive poses the question on whether or not there an infringement of privacy.
90% of the poll users answered ‘yes’ upon asking if they were tired of the amount of marketing text messages they receive from companies.
48% answered that they receive five text messages at most by different companies in a single day, whilst 37% answered that they receive at least 5-10 marketing text messages daily.
An overwhelming percentage flooded the bar to the poll question that read “does it concern you that companies have access to your number, despite you not providing it to them?” – of which a total of 93% users responded with ‘yes’.
This asserts the concerns centred around the medium of online marketing and unsolicited access to individual’s private information.
Privacy violation concerns
Speaking to Doha News, a former telemarketer employee at a well-known Qatar-based company (who chose to leave the name out for privacy purposes) said “our company would get people’s personal information from Facebook upon them liking our pages in our account which in turn allowed us to access their personal contact information as it was first provided when they registered on Facebook.”
Meta has been criticised for its direct role in sharing its users’ personal information with companies in return for cash, as people’s private information has turned into a trade between tech and marketing companies.
Meta’s CEO Mark Zuckerberg began his congressional inquisition in April 2018 with a public apology for a privacy scandal that had angered social media users.
He opened his remarks before the Senate Commerce and Judiciary committees by claiming responsibility for his company’s failure to prevent Cambridge Analytica, a data-mining firm affiliated with Donald Trump’s presidential campaign, from extracting personal information from 87 million users to attempt to meddle in the 2016 US presidential elections.
Zuckerberg was also hesitant to disclose how his platform was used by Russian-backed actors to sway the election results.
The media giant has shared access to users’ data with other tech firms, including Amazon, Apple, Microsoft, Netflix, and Spotify, according to the New York Times.
In 2014, Ooredoo updated its mobile application to facilitate their customers with a more control over their accounts, introducing a blocking feature. The updated feature enables users to block marketing messages and spam SMS from Ooredoo registered numbers by creating a ‘block list’.
Despite the telecommunication giant company’s efforts in attempting to combat privacy infringement, Ooredoo is still criticised for its ineffective role in safeguarding its customers’ data privacy.
According to an index in 2019, Ranking Digital Rights granted Ooredoo an overall score of 5%, which was considered the lowest score amongst all telecommunications companies. This was due to it disclosing “less” about policies and practices affecting their users’ freedom of expression and privacy than any of its other counterparts worldwide.
“While the political and regulatory environment in Qatar discourages companies from making public commitments to human rights, Ooredoo could still be more transparent about basic policies affecting freedom of expression and privacy in a number of areas,” the report noted.
The Qatar-based telecommunication company further did not offer a “grievance mechanism” for its users to submit “freedom of expression” and privacy-related enquiries. There were also no additional information on how it receives and responds to such grievances, the report added.
The report stipulated that Ooredoo’s lack of disclosure is likely as a result of its shares being “state-owned” by a majority as well as “due to a general lack of transparency in the Qatari legal environment.”
Questioning the role of communication companies in the country with regards to customer’s data protection, Hind, a Qatari national, told Doha News: “Why aren’t Ooredoo or Vodafone protecting the information of their [registered] customers? How is it very easy for companies to attain my number and text message me everyday with marketing deals?”
Qatari laws on personal data
In 2016, the Gulf country welcomed a new law to shift the prying eyes of companies.
On 13th November 2016, Law No 13 of 2016 on protecting personal data was issued, and came into effect six months after the date of its publication in the official gazette.
Qatar was the first Gulf Cooperation Council (GCC) country to issue a comprehensive personal data privacy protection law, in 2017.
The law entails provisions related to the rights of individuals to protect the privacy of their personal data.
According to Article 2, the legislation refers only to personal data that is electronically processed, or obtained, gathered or extracted in preparation for electronic processing, or when a combination of electronic and traditional processing is used.
The law mandated that businesses are banned from sending direct marketing messages electronically without obtaining an individual’s prior consent.
This law, however, does not apply to personal data processed by individuals privately or within a family context, as well as any personal data collected for official surveys and statistics as per Law no 2 of 2011 on official statistics.
Should a company fail to act according to the receiver’s request of an unsubscription, it breaches Article 22 the law, which decrees that: “The Electronic Communication […] shall include a valid address for easy access thereto and through which an Individual can send a request to the originator to stop such communications or revoke the consent on the sending thereof.”
The Data Protection Law allocates high financial penalties for non-compliance or legislative breaches. The penalties range from 1,000,000 QAR to 5,000,000 QAR. The penalties however, are dealt with through finances only, with other forms of sanctions, such as imprisonment, not prescribed under the law.
The lack of institutional efforts in containing personal data exploitation is alarming to many and the tacit consent given to telecommunication companies upon registering for a phone number leaves many helpless.
In 2013, it was reported that very little has been done by relevant government institutions to implement stringent regulations to “deter” messages targeting people’s private phones, which are primarily registered through either Ooredoo (then-called ‘Qtel’) or Vodafone Qatar.
The effectiveness of laws in protecting people’s privacy is brought further into the light as marketing messages are delivered daily despite the existence of laws that ban them.
Through the non-consensual delivery of these messages, Articles 3 and 4 of Law No 3 of 2016 is violated, with the former stating: “Each Individual has the right to the protection of the Personal Data thereof that shall be processed only within the framework of transparency, honesty, and respect of human dignity, and acceptable practices according to provisions hereof.”
Article 4 of Law No 13 of 2016 on Protecting Personal Data Privacy states: “The Controller shall process Personal Data only after obtaining the consent of the individual, unless data processing is necessary to achieve a lawful purpose for the controller or the other recipient of such data.”
The article dating back to 2013 was demanding for a law to regulate such unsolicited messaging, however almost a decade later, the law has been implemented with little change in the effectiveness of its purpose.
Lack of institutional accountability
“I feel like there should be more done on government entities’ parts to implement stricter laws with respective consequences when companies use our personal information and contact details to bombard us with advertising messages daily,” Hind told Doha News.
Telecommunication companies such as Ooredoo and Vodafone Qatar have been held responsible by users for the infringement of privacy, as they are the service providers who customers must provide their details to in order to utilise their services effectively. Which poses the question, how do companies get hold of the numbers of private citizens, and proceed to invade their privacy through calls and text messages?
As noted by 93% of poll participants, the Ministry of Commerce should be doing more in following up with commercial outlets and holding them accountable for their methods in obtaining people’s private information.
Ultimately, a stricter implementation of current regulations is needed to circumvent further invasion of citizen and resident’s privacy.