Browsing 'privacy' News

Photo for illustrative purposes only.

Ahmed Naazim/Flickr

Photo for illustrative purposes only.

Qatar’s Emir has signed a new data privacy law that requires companies and organizations to protect the personal information they gather from residents – or face severe consequences.

Such data includes a person’s ethnic origin, their physical or mental health, religion, marital status, criminal record and information about their children.

The law has been in the works since at least 2011, and was approved by the Advisory Council and Cabinet earlier this year.

Here’s what you need to know about Law No. 13 of 2016, the text of which was published by Al Sharq yesterday.

1) It applies mainly to information gathered and stored on computers or online.

According to Article 2, the legislation refers only to personal data that is electronically processed, or obtained, gathered or extracted in preparation for electronic processing, or when a combination of electronic and traditional processing is used.

It does not apply to personal data processed by individuals privately or within a family context, or to any personal data gathered for official surveys and statistics.

2) Companies will now have a harder time sending out spam messages.

According to Article 22, businesses are now banned from sending direct marketing messages electronically without obtaining an individual’s prior consent.

For illustrative purposes only

Video still via ictQatar

For illustrative purposes only

Even after individuals opt-in, messages must include the identity of the communicating party and a valid address (or phone number) in case the individual wants the messages to stop.

Violators face fines of up to QR1 million.

This new rule will likely come as a big relief to many consumers in Qatar, as residents often complain about receiving unsolicited messages from companies with which they have no relationship.

3) Children have a right to privacy

According to Article 17, the owner or operator of any website related to children must put up a policy about how it manages the information of minors.

These website operators must also get the consent of the child’s parent when processing their information.

Photo for illustrative purposes only.

Reem Saad / Doha News

Photo for illustrative purposes only.

Parents have the right to ask what information the operator has, and to demand that it be deleted.

Additionally, children’s participation in a game or a prize drawing are not grounds for an operator to collect their personal data.

4) Companies must protect personal data from leaks or face stiff penalties.

According to the law, organizations must adhere to basic data protection responsibilities.

This includes ensuring data handlers are properly trained and that necessary precautions are made to “protect personal data from loss, damage, modification, disclosure or being illegally accessed.”

Photo for illustrative purposes only.

Sebastian Sikora/Flickr

Photo for illustrative purposes only.

Companies must also make sure that information is classified as public, “private” or “confidential.”

If the data is breached, the company should notify the affected individuals and Qatar’s communication ministry.

Violators face fines of up to QR5 million.

5) But there are a lot of exemptions.

Not all organizations and firms that have data breaches will be penalized. According to Article 18 of the law, as translated by Qatar Tribune:

Government authorities “can process some personal data without being bound by the provisions of this law for the protection of national security or public security, protection of international relations of the country, protection of economic or financial state of the country, prevention of any crime or collection of information on a crime or and investigation of a crime.”

This calls into question what effect the law would have on organizations like Qatar National Bank.

Photo for illustrative purposes only.


Photo for illustrative purposes only.

In April, personal information including account numbers, passwords and email address for thousands of QNB customers was leaked on a file-sharing website, sparking concerns about data protection in Qatar.

Meanwhile, Article 19 states that a company is also exempted from complying to the law if it is:

  • Performing a task pertaining to the public good;
  • Executing a court order;
  • Protecting the vital interests of the individual;
  • Meeting the objectives of scientific research that benefits the public; and
  • Collecting information to investigate a crime when asked by officials.

Notably, none of the exemptions cover freedom of speech or media freedom.

6) Complaints must be addressed within a certain time period

Individuals can lodge complaints with Qatar’s Ministry of Transport and Communications if they feel this law has been violated.

Once the ministry contacts the company in question, it has 60 days to respond to the government’s inquiry.

The ministry then has 60 more days to make a decision. If these days pass without a response, this implies a rejection of the company’s petition.

The new law takes effect six months from being published in the official gazette, though this grace period could be extended.


Photo for illustrative purposes only.

Sebastian Sikora/Flickr

Photo for illustrative purposes only.

With reporting from Riham Sheble

Authorities in Qatar are considering adopting a new data privacy law that would fine organizations who fail to prevent leaks up to QR5 million.

The latest version of the law has moved one step closer to being enacted after the Advisory (Shura) Council unanimously approved the draft yesterday, QNA reports.

The legislation has been in the works since at least 2011, and the draft was passed by the Cabinet in January this year.

Photo for illustrative purposes only.

Omar Chatriwala / Doha News

Photo for illustrative purposes only.

Yesterday, the Advisory Council approved the draft with some suggested changes and sent its recommendations back to the Cabinet.

The legislation would make it illegal for companies to use an individual’s data without their consent and includes provisions to prevent unsolicited spam marketing by SMS or email.

Leak protection

The draft includes 32 articles in eight chapters, and also outlines obligations for organizations and companies to ensure they properly protect personal information from being leaked or hacked.

Chapter two of the legislation includes five articles that require consent from individuals before their personal information can be used by an organization.

People should also be able to update these preferences at any time, Al Raya reported.

The law also aims to protect children against online exploitation domestically and abroad, but does not give further details of how.

The third chapter, with eight separate articles, sets out basic data protection responsibilities that all organizations must adhere to.

For illustrative purposes only

Video still via ictQatar

For illustrative purposes only

According to these provisions, data handlers must be properly trained and put in place “the necessary precautions to prevent personal data against loss, damage or disclosure,” the newspaper states.

In April this year, personal information including account numbers, passwords and email address for thousands of Qatar National Bank (QNB) was leaked on a file-sharing website.

The hack raised questions about the level of protection of personal data currently in place in organizations in Qatar.

As a result, the new law seeks to have “established standards of data protection as determined by the state” and in line with basic protections as enshrined in the national constitution, Al Raya said, quoting the Ministry for Transport and Communication.

Companies must make sure their networks and systems have sufficient protection and that information is classified as public, “private” or “confidential.”

No spam

In a bid to curb the amount of spam messages residents receive on email or by text message, there are also new provisions detailing the rules for direct marketing.

As announced in January, companies would be banned from sending messages without first getting an individual’s prior permission.

Photo for illustrative purposes only.

Petar Milošević/Wikicommons

Photo for illustrative purposes only.

Customers have previously complained about getting unsolicited texts from organizations that they have not had any dealings.

While telecommunications companies have advised residents how to block such SMS messages, it is more difficult to stop them being sent through social media apps such as Whatsapp.

Failure to comply with the provisions of the draft law could result in penalties of up to QR5 million, although the fine imposed for violators will be determined by the courts based on the severity of the infraction.

Some exceptions to the consent requirement include protection of national and public security, international relations or to prevent crimes.


Photo for illustrative purposes only.

Jan Persiel/Flickr

Photo for illustrative purposes only.

In the latest effort to stop spam from pestering Qatar residents, local authorities are working on a new law that would make it harder for companies to send out marketing messages via email or SMS without running into legal trouble.

The new restrictions come in the form of a data privacy law, a draft of which was approved by the country’s cabinet yesterday. The legislation protects personal information that’s either collected or processed electronically, and has now been referred to the Advisory (Shura) Council.

Mobile spam

Matthew Walker

Mobile spam

One of the specific provisions contained in the law is a ban on sending direct marketing messages electronically without obtaining an individual’s “prior consent,” according to a statement from QNA.

Based on similarly worded provisions in other countries, this suggests that customers would have to explicitly opt-in and agree to receive marketing messages from companies.

In the UK for example, the Information Commissioner’s Office urges organizations to keep records, such as checked-off opt-in boxes, showing that consent was clearly and knowingly given by individuals.

However, the UK also has “soft opt-in” provisions that allow companies to send marketing messages about their own products or services to existing customers if they’ve collected an individual’s contact details during the course of a sale.

It’s not clear if Qatar’s new law will have similar features.

If so, the measures would help tackle some existing problems, as many residents complain that they receive unsolicited text messages from companies with which they have no relationship.

Blocking senders

According to a previous statement from Qatar’s largest telecom firm, Ooredoo, many residents start receiving unwanted SMS marketing messages after voluntarily giving their mobile numbers upon request to cashiers or when filling out contest entry forms:

“Customers go shopping, and when the cashier asks to fill in a form to either sign up for their loyalty program, be notified of discounts, add a phone number and email to account right before payment, customers give their mobile number.

If the retailer is part of a large chain, that number is then passed on to all their retailers. This is one of the primary ways customers end up getting Spam SMS from these companies.”

Ooredoo customers already on such lists can SMS the message “Unsub CompanyName” to 92600 to block particular users. Additionally, Ooredoo’s mobile app has a feature that allows users to block senders by their phone numbers or company names.

Vodafone Qatar customers, meanwhile, can block an unknown or spamming sender via Vodafone’s helpline (111) or website.

However, it’s trickier for telecom firms to tackle spam sent through social media apps, which is an emerging source of frustration for some residents:

Ooredoo suggested using features within WhatsApp to block unwanted senders.

Separately, Qatar’s telecom watchdog – the Communications Regulatory Authority – said in May that it was drafting a code of conduct to strengthen the current guidelines for companies that use text/SMS messages and applications such as WhatsApp, Viber and Skype to reach customers.

Sensitive information

The provisions within the data protection law endorsed by the cabinet yesterday are expected to go beyond direct marketing.

There will also be stipulations that give individuals rights over the privacy of their personal data as well as obligations on the entities that control and process that information, according to QNA.

In 2013, ictQatar representatives were quoted as saying that the legislation – in the works since at least 2011 – would focus on protecting information regarding children, location data and sensitive personal information like religious affiliation and medical conditions.

Photo for illustrative purposes only.

Petar Milošević/Wikicommons

Photo for illustrative purposes only.

More recently, law enforcement officials have also handled cases involving the increasing amount of personal data that many residents keep on their smartphones.

In 2014, the Ministry of Interior said it had arrested 35 men working at local phone shops who were caught copying photos and videos stored on customers’ phones without their knowledge.

A statement issued at the time said the suspects had been charged with blackmail and extortion and stated that copying images from another person’s mobile devices without their permission “is a punishable crime.”

However, there was no mention of the individuals being charged with breaching Qatar’s privacy laws or other legal provisions aimed at protecting personal data.