Browsing 'spam' News

Photo for illustrative purposes only.

Ahmed Naazim/Flickr

Photo for illustrative purposes only.

Qatar’s Emir has signed a new data privacy law that requires companies and organizations to protect the personal information they gather from residents – or face severe consequences.

Such data includes a person’s ethnic origin, their physical or mental health, religion, marital status, criminal record and information about their children.

The law has been in the works since at least 2011, and was approved by the Advisory Council and Cabinet earlier this year.

Here’s what you need to know about Law No. 13 of 2016, the text of which was published by Al Sharq yesterday.

1) It applies mainly to information gathered and stored on computers or online.

According to Article 2, the legislation refers only to personal data that is electronically processed, or obtained, gathered or extracted in preparation for electronic processing, or when a combination of electronic and traditional processing is used.

It does not apply to personal data processed by individuals privately or within a family context, or to any personal data gathered for official surveys and statistics.

2) Companies will now have a harder time sending out spam messages.

According to Article 22, businesses are now banned from sending direct marketing messages electronically without obtaining an individual’s prior consent.

For illustrative purposes only

Video still via ictQatar

For illustrative purposes only

Even after individuals opt-in, messages must include the identity of the communicating party and a valid address (or phone number) in case the individual wants the messages to stop.

Violators face fines of up to QR1 million.

This new rule will likely come as a big relief to many consumers in Qatar, as residents often complain about receiving unsolicited messages from companies with which they have no relationship.

3) Children have a right to privacy

According to Article 17, the owner or operator of any website related to children must put up a policy about how it manages the information of minors.

These website operators must also get the consent of the child’s parent when processing their information.

Photo for illustrative purposes only.

Reem Saad / Doha News

Photo for illustrative purposes only.

Parents have the right to ask what information the operator has, and to demand that it be deleted.

Additionally, children’s participation in a game or a prize drawing are not grounds for an operator to collect their personal data.

4) Companies must protect personal data from leaks or face stiff penalties.

According to the law, organizations must adhere to basic data protection responsibilities.

This includes ensuring data handlers are properly trained and that necessary precautions are made to “protect personal data from loss, damage, modification, disclosure or being illegally accessed.”

Photo for illustrative purposes only.

Sebastian Sikora/Flickr

Photo for illustrative purposes only.

Companies must also make sure that information is classified as public, “private” or “confidential.”

If the data is breached, the company should notify the affected individuals and Qatar’s communication ministry.

Violators face fines of up to QR5 million.

5) But there are a lot of exemptions.

Not all organizations and firms that have data breaches will be penalized. According to Article 18 of the law, as translated by Qatar Tribune:

Government authorities “can process some personal data without being bound by the provisions of this law for the protection of national security or public security, protection of international relations of the country, protection of economic or financial state of the country, prevention of any crime or collection of information on a crime or and investigation of a crime.”

This calls into question what effect the law would have on organizations like Qatar National Bank.

Photo for illustrative purposes only.

Trinidade/Wikicommons

Photo for illustrative purposes only.

In April, personal information including account numbers, passwords and email address for thousands of QNB customers was leaked on a file-sharing website, sparking concerns about data protection in Qatar.

Meanwhile, Article 19 states that a company is also exempted from complying to the law if it is:

  • Performing a task pertaining to the public good;
  • Executing a court order;
  • Protecting the vital interests of the individual;
  • Meeting the objectives of scientific research that benefits the public; and
  • Collecting information to investigate a crime when asked by officials.

Notably, none of the exemptions cover freedom of speech or media freedom.

6) Complaints must be addressed within a certain time period

Individuals can lodge complaints with Qatar’s Ministry of Transport and Communications if they feel this law has been violated.

Once the ministry contacts the company in question, it has 60 days to respond to the government’s inquiry.

The ministry then has 60 more days to make a decision. If these days pass without a response, this implies a rejection of the company’s petition.

The new law takes effect six months from being published in the official gazette, though this grace period could be extended.

Thoughts?

Photo for illustrative purposes only.

Jan Persiel/Flickr

Photo for illustrative purposes only.

In the latest effort to stop spam from pestering Qatar residents, local authorities are working on a new law that would make it harder for companies to send out marketing messages via email or SMS without running into legal trouble.

The new restrictions come in the form of a data privacy law, a draft of which was approved by the country’s cabinet yesterday. The legislation protects personal information that’s either collected or processed electronically, and has now been referred to the Advisory (Shura) Council.

Mobile spam

Matthew Walker

Mobile spam

One of the specific provisions contained in the law is a ban on sending direct marketing messages electronically without obtaining an individual’s “prior consent,” according to a statement from QNA.

Based on similarly worded provisions in other countries, this suggests that customers would have to explicitly opt-in and agree to receive marketing messages from companies.

In the UK for example, the Information Commissioner’s Office urges organizations to keep records, such as checked-off opt-in boxes, showing that consent was clearly and knowingly given by individuals.

However, the UK also has “soft opt-in” provisions that allow companies to send marketing messages about their own products or services to existing customers if they’ve collected an individual’s contact details during the course of a sale.

It’s not clear if Qatar’s new law will have similar features.

If so, the measures would help tackle some existing problems, as many residents complain that they receive unsolicited text messages from companies with which they have no relationship.

Blocking senders

According to a previous statement from Qatar’s largest telecom firm, Ooredoo, many residents start receiving unwanted SMS marketing messages after voluntarily giving their mobile numbers upon request to cashiers or when filling out contest entry forms:

“Customers go shopping, and when the cashier asks to fill in a form to either sign up for their loyalty program, be notified of discounts, add a phone number and email to account right before payment, customers give their mobile number.

If the retailer is part of a large chain, that number is then passed on to all their retailers. This is one of the primary ways customers end up getting Spam SMS from these companies.”

Ooredoo customers already on such lists can SMS the message “Unsub CompanyName” to 92600 to block particular users. Additionally, Ooredoo’s mobile app has a feature that allows users to block senders by their phone numbers or company names.

Vodafone Qatar customers, meanwhile, can block an unknown or spamming sender via Vodafone’s helpline (111) or website.

However, it’s trickier for telecom firms to tackle spam sent through social media apps, which is an emerging source of frustration for some residents:

Ooredoo suggested using features within WhatsApp to block unwanted senders.

Separately, Qatar’s telecom watchdog – the Communications Regulatory Authority – said in May that it was drafting a code of conduct to strengthen the current guidelines for companies that use text/SMS messages and applications such as WhatsApp, Viber and Skype to reach customers.

Sensitive information

The provisions within the data protection law endorsed by the cabinet yesterday are expected to go beyond direct marketing.

There will also be stipulations that give individuals rights over the privacy of their personal data as well as obligations on the entities that control and process that information, according to QNA.

In 2013, ictQatar representatives were quoted as saying that the legislation – in the works since at least 2011 – would focus on protecting information regarding children, location data and sensitive personal information like religious affiliation and medical conditions.

Photo for illustrative purposes only.

Petar Milošević/Wikicommons

Photo for illustrative purposes only.

More recently, law enforcement officials have also handled cases involving the increasing amount of personal data that many residents keep on their smartphones.

In 2014, the Ministry of Interior said it had arrested 35 men working at local phone shops who were caught copying photos and videos stored on customers’ phones without their knowledge.

A statement issued at the time said the suspects had been charged with blackmail and extortion and stated that copying images from another person’s mobile devices without their permission “is a punishable crime.”

However, there was no mention of the individuals being charged with breaching Qatar’s privacy laws or other legal provisions aimed at protecting personal data.

Thoughts?

For illustrative use only

Video still via ictQatar

For illustrative purposes only,

Qatar’s telecoms regulator has pledged to take stricter action against companies that bombard residents with unwanted marketing messages, amid ongoing complaints about spam on mobile phones.

The Communications Regulatory Authority (CRA) is drafting a code of conduct that it said would beef up existing guidelines for companies that use text/SMS messages and applications such as WhatsApp, Viber and Skype to reach customers.

This new code is still in the early stages of being drawn up and will take input from consumers and industry representatives before it is finalized, a CRA spokesman said.

The watchdog hopes to create a more rigorous set of rules for companies to follow, including introducing “compliance measures,” the CRA official added, although he did not comment on whether penalties would be involved.

Mobile spam has long been a source of ire for residents. In 2011, Ooredoo (then Qtel) began a spam-blocking service and at the time said businesses could face sanctions for spamming customers.

Mobile spam

Matthew Walker

Mobile spam

Then in 2013, it launched a feature on its mobile app that allows users to block senders by phone number or company name, although in the initial stages, it met with mixed success.

While the service blocked some senders, it did not stop new senders from contacting would-be customers.

Also that year, the Ministry of Information and Communications Technology (ictQatar) put guidelines in place outlining what types of messages can be sent to an individual without their explicit consent. Under those rules, permission is still required even if the recipient has a publicly-available telephone number.

However, these provisions only pertain to messages sent by SMS and email, and they are not currently enforceable with penalties.

https://twitter.com/naqvi_aqib/status/595896949447884801

The CRA was established last April under Emiri Decree as an independent regulatory arm of ictQatar and is responsible for telecoms, access to digital media and the postal service.

Its remit is to enforce the Advertising, Marketing and Branding Code, introduced September, as a means of improving transparency in telecom marketing campaigns.

In its latest statement, the CRA said it is monitoring the level of complaints about mobile spam, and is looking at bringing in “additional mechanisms and regulatory enforcements that will further clarify the use of telecoms services.”

Blocking spam

The CRA said that it is in talks with Qatar’s two telecoms service providers to address the issue. Until it can roll out what it describes as “stringent measures,” the watchdog has reminded residents how they can stop spam messages.

Oooredoo customers can block numbers by doing the following:

  • Text “Unsub ServiceName” to 92600 or if you want to stop all bulk SMS senders, just send “Unsub all” to 92600;
  • Block an unknown or spamming sender via Ooredoo’s mobile app.
  • Block an unknown or spamming sender via Ooredoo’s helpline (111) or website.
  • Report cases via social media channels – Facebook and Twitter.

Vodafone customers who receive spam and scam messages can:

  • Block an unknown or spamming sender via Vodafone’s helpline (111) or website.
  • Report cases via social media channels – Facebook and Twitter.

Residents receiving spam via Skype, Viber or WhatsApp are advised to report and block the offenders using the app. Repeat offenders can be blocked by contacting the service provider, CRA said.

Ooredoo has previously warned customers against giving out their mobile numbers in stores or when filling out questionnaires, which it said is a sure-fire way of getting added to mobile marketing lists.

“Customers go shopping, and when the cashier asks to fill in a form to either sign up for their loyalty program, be notified of discounts, add a phone number and email to account right before payment, customers give their mobile number.

If the retailer is part of a large chain, that number is then passed on to all their retailers. This is one of the primary ways customers end up getting Spam SMS from these companies,” a company spokesperson previously told Doha News.

Do you receive lots of spam messages? Thoughts?