Browsing 'data' News

Photo for illustrative purposes only.

Ahmed Naazim/Flickr

Photo for illustrative purposes only.

Qatar’s Emir has signed a new data privacy law that requires companies and organizations to protect the personal information they gather from residents – or face severe consequences.

Such data includes a person’s ethnic origin, their physical or mental health, religion, marital status, criminal record and information about their children.

The law has been in the works since at least 2011, and was approved by the Advisory Council and Cabinet earlier this year.

Here’s what you need to know about Law No. 13 of 2016, the text of which was published by Al Sharq yesterday.

1) It applies mainly to information gathered and stored on computers or online.

According to Article 2, the legislation refers only to personal data that is electronically processed, or obtained, gathered or extracted in preparation for electronic processing, or when a combination of electronic and traditional processing is used.

It does not apply to personal data processed by individuals privately or within a family context, or to any personal data gathered for official surveys and statistics.

2) Companies will now have a harder time sending out spam messages.

According to Article 22, businesses are now banned from sending direct marketing messages electronically without obtaining an individual’s prior consent.

For illustrative purposes only

Video still via ictQatar

For illustrative purposes only

Even after individuals opt-in, messages must include the identity of the communicating party and a valid address (or phone number) in case the individual wants the messages to stop.

Violators face fines of up to QR1 million.

This new rule will likely come as a big relief to many consumers in Qatar, as residents often complain about receiving unsolicited messages from companies with which they have no relationship.

3) Children have a right to privacy

According to Article 17, the owner or operator of any website related to children must put up a policy about how it manages the information of minors.

These website operators must also get the consent of the child’s parent when processing their information.

Photo for illustrative purposes only.

Reem Saad / Doha News

Photo for illustrative purposes only.

Parents have the right to ask what information the operator has, and to demand that it be deleted.

Additionally, children’s participation in a game or a prize drawing are not grounds for an operator to collect their personal data.

4) Companies must protect personal data from leaks or face stiff penalties.

According to the law, organizations must adhere to basic data protection responsibilities.

This includes ensuring data handlers are properly trained and that necessary precautions are made to “protect personal data from loss, damage, modification, disclosure or being illegally accessed.”

Photo for illustrative purposes only.

Sebastian Sikora/Flickr

Photo for illustrative purposes only.

Companies must also make sure that information is classified as public, “private” or “confidential.”

If the data is breached, the company should notify the affected individuals and Qatar’s communication ministry.

Violators face fines of up to QR5 million.

5) But there are a lot of exemptions.

Not all organizations and firms that have data breaches will be penalized. According to Article 18 of the law, as translated by Qatar Tribune:

Government authorities “can process some personal data without being bound by the provisions of this law for the protection of national security or public security, protection of international relations of the country, protection of economic or financial state of the country, prevention of any crime or collection of information on a crime or and investigation of a crime.”

This calls into question what effect the law would have on organizations like Qatar National Bank.

Photo for illustrative purposes only.

Trinidade/Wikicommons

Photo for illustrative purposes only.

In April, personal information including account numbers, passwords and email address for thousands of QNB customers was leaked on a file-sharing website, sparking concerns about data protection in Qatar.

Meanwhile, Article 19 states that a company is also exempted from complying to the law if it is:

  • Performing a task pertaining to the public good;
  • Executing a court order;
  • Protecting the vital interests of the individual;
  • Meeting the objectives of scientific research that benefits the public; and
  • Collecting information to investigate a crime when asked by officials.

Notably, none of the exemptions cover freedom of speech or media freedom.

6) Complaints must be addressed within a certain time period

Individuals can lodge complaints with Qatar’s Ministry of Transport and Communications if they feel this law has been violated.

Once the ministry contacts the company in question, it has 60 days to respond to the government’s inquiry.

The ministry then has 60 more days to make a decision. If these days pass without a response, this implies a rejection of the company’s petition.

The new law takes effect six months from being published in the official gazette, though this grace period could be extended.

Thoughts?

Photo for illustrative purposes only.

Sebastian Sikora/Flickr

Photo for illustrative purposes only.

With reporting from Riham Sheble

Authorities in Qatar are considering adopting a new data privacy law that would fine organizations who fail to prevent leaks up to QR5 million.

The latest version of the law has moved one step closer to being enacted after the Advisory (Shura) Council unanimously approved the draft yesterday, QNA reports.

The legislation has been in the works since at least 2011, and the draft was passed by the Cabinet in January this year.

Photo for illustrative purposes only.

Omar Chatriwala / Doha News

Photo for illustrative purposes only.

Yesterday, the Advisory Council approved the draft with some suggested changes and sent its recommendations back to the Cabinet.

The legislation would make it illegal for companies to use an individual’s data without their consent and includes provisions to prevent unsolicited spam marketing by SMS or email.

Leak protection

The draft includes 32 articles in eight chapters, and also outlines obligations for organizations and companies to ensure they properly protect personal information from being leaked or hacked.

Chapter two of the legislation includes five articles that require consent from individuals before their personal information can be used by an organization.

People should also be able to update these preferences at any time, Al Raya reported.

The law also aims to protect children against online exploitation domestically and abroad, but does not give further details of how.

The third chapter, with eight separate articles, sets out basic data protection responsibilities that all organizations must adhere to.

For illustrative purposes only

Video still via ictQatar

For illustrative purposes only

According to these provisions, data handlers must be properly trained and put in place “the necessary precautions to prevent personal data against loss, damage or disclosure,” the newspaper states.

In April this year, personal information including account numbers, passwords and email address for thousands of Qatar National Bank (QNB) was leaked on a file-sharing website.

The hack raised questions about the level of protection of personal data currently in place in organizations in Qatar.

As a result, the new law seeks to have “established standards of data protection as determined by the state” and in line with basic protections as enshrined in the national constitution, Al Raya said, quoting the Ministry for Transport and Communication.

Companies must make sure their networks and systems have sufficient protection and that information is classified as public, “private” or “confidential.”

No spam

In a bid to curb the amount of spam messages residents receive on email or by text message, there are also new provisions detailing the rules for direct marketing.

As announced in January, companies would be banned from sending messages without first getting an individual’s prior permission.

Photo for illustrative purposes only.

Petar Milošević/Wikicommons

Photo for illustrative purposes only.

Customers have previously complained about getting unsolicited texts from organizations that they have not had any dealings.

While telecommunications companies have advised residents how to block such SMS messages, it is more difficult to stop them being sent through social media apps such as Whatsapp.

Failure to comply with the provisions of the draft law could result in penalties of up to QR5 million, although the fine imposed for violators will be determined by the courts based on the severity of the infraction.

Some exceptions to the consent requirement include protection of national and public security, international relations or to prevent crimes.

Thoughts?

Qatar is set to establish new standards of privacy on personal information relating to children, location data and sensitive personal information like religious affiliation and medical conditions.

UPDATE: This post has been removed to comply with a request from ictQATAR, which said the information is confidential and not meant to be made public.