5 minute read
Digital Qatar
The Ministry of Communications and Information Technology (MCIT) was established in October 2021, superceding the Ministry of Transport and Communications. The ministry has a wide-ranging mandate, overseeing and developing the ICT sector. The ministry also introduces ICT plans, policies, programmes, projects and initiatives; develops e-government programmes; and boosts capacity and digital literacy to foster a technologyfriendly environment. mcit.gov.qa
Ministries have been rolling out digital initiatives to make government services more efficient, accessible, and customer-centric. The Qatar Digital Government programme serves individuals and businesses, with government administration now better serving citizens and residents. Part of this programme was the Qatar Digital Government 2020 Strategy, which was formulated in line with Qatar National Vision 2030, the National Development Strategy, the National Communications and IT Plan, the National Broadband Plan, and other ICT plans.
Qatar has some of the world's most developed ICT infrastructure. Monitoring online security threats is a top priority, and the Cyber Security Division aims to protect sensitive information and user safety.
Ooredoo was the first company in the world to launch 5G services on a commercially-available network in 2018, rolling out a live 5G network on the 3.5GHz spectrum band. Ooredoo opened mobile access to its 5G network for compatible smartphone users in 2019 with 100 live 5G base stations. Meanwhile Vodafone Qatar rolled out its 5G network in 2018 and was the first to commercially launch its 5G network. In 2019 both companies were granted radio spectrum licences to operate 5G commercially from the Communications Regulatory Authority (CRA), initially assigned 100MHz within the 3500
– 3800MHz frequency band. Both companies rolled out the 5G networks in all densely populated areas, primary roads and highways, and venues associated with the FIFA World Cup Qatar 2022TM
The Communications Regulatory Authority (CRA) is an independent authority regulating the ICT and postal sectors, ensuring fair competition while protecting consumer rights. The CRA urges everyone to be vigilant with online activities. Due to the growing number of cyberattacks, scam calls, and text messages requesting personal and banking information, consumers should verify the identity of the third party before sharing details, use a two-step verification feature online where applicable, and regularly change passwords.
The CRA issued the Quality of Service (QoS) Regulatory Framework in May 2023, adding new obligations and Key Performance Indicators (KPIs) for licenced telecom service providers, covering fixed, mobile and broadband services. The CRA already conducts an annual QoS audit of mobile networks; now, service providers have to submit and publish QoS reports based on the QoS Regulatory Framework. For more about this and other CRA activities, visit cra.gov.qa
Internet use and social media
In April 2023, Qatar's median download speed ranked 1 for mobile and 43 for fixed broadband. Visit speedtest.net/global-index/qatar for full performance details.
According to the 'Digital 2023: Qatar' report by DataReportal, there were 2.68 mn internet users in Qatar in January 2023 (99.0% of the total population) and 2.62 mn (96.8% of the total population) who were active social media users. The most frequented online social platforms were YouTube (2.62 mn users), TikTok (2.14 mn), Facebook (1.95 mn), Instagram (1.40 mn), LinkedIn (1.20 mn), Twitter (1.05 mn), and Snapchat (975,000). User growth for Facebook, Facebook Messenger, Instagram and YouTube decreased, while LinkedIn, Twitter and TikTok saw increased growth between the start of 2022 and early 2023.
Cybercrime
MCIT and Microsoft activated OpenAI GPT technology in the Azure Qatar Cloud in February 2023, offering government entities advanced AI models for cutting-edge applications. In line with the National Artificial Intelligence Strategy, the Qatar e-Government Portal Hukoomi will be among the first portals in the region to adopt OpenAI GPT capabilities through Azure Qatar.
With the high level of internet connectivity in the state comes the increased possibility of cybercrime, leading to the issuance of Law No 14 of 2014 Promulgating the Cybercrime Prevention Law. The law imposes sanctions and penalties for offences committed via the internet, IT networks, computers and other sources. Some of these provisions include the following:
• Under the provisions concerning 'content crimes', it is illegal to publish 'false news' – these terms have not been defined, but there is a duty of care for news agencies, social media users and journalists to verify the source of the news before broadcasting it.
• There is a 10 year jail term and a fine of up to QAR200,000 for forging any official e-document, or a three year jail term and QAR100,000 for unofficial documents.
• A jail term of up to three years and a fine of up to QAR500,000 for the breach of intellectual property rights by using the internet (eg copyrights, patents, trade secrets, trademarks and trade names).
Personal privacy protection
Recognising the need to develop an international regulatory and legal framework to protect the digital sovereignty and data privacy of individuals and businesses in Qatar, Personal Data Privacy Protection Law (PDPPL) No 13 of 2016 was issued. The law includes provisions related to the rights of individuals to protect the privacy of their personal data. Article 2 states that this refers only to personal data that is electronically processed, or obtained, gathered or extracted for use electronically, or when a combination of electronic and traditional processing is used. However, it does not apply to personal data processed by individuals privately or within a family context, or to any personal data gathered for official surveys and statistics, as per Law No 2 of 2011 on Official Statistics.
Under the law, businesses are banned from sending direct marketing messages electronically without obtaining an individual’s prior consent, and that consent is required from individuals before their personal information can be used by another entity.
Organisations must also adhere to basic data protection responsibilities. This includes, but is not limited to, ensuring data handlers receive training and that precautions in place to 'protect personal data from loss, damage, modification, disclosure or being illegally accessed.'
Protection is given to personal data of a private nature, such as information relating to race, religious beliefs, children, health, relationships and criminal records – this may only be processed after obtaining permission from the Ministry.
Additionally, in order to protect the youngest members of society, Article 17 states that the owner or operator of any website related to children must put up a policy about how it manages the information of minors. Website owners/operators must also get the consent of the child’s parent when processing their information.
Entities that operate within the Qatar Financial Centre (QFC) are subject to the QFC's own data protection rules and regulations. The Data Protection Office (DPO) is responsible for the administration of the QFC Data Protection Regulations 2021, which came into force in June 2022, supported by the QFC Data Protection Rules 2021.
With the country racing towards total digitalisation by 2030, there is a need for more transparency, awareness and education. Qatar is at the forefront of adopting regulation, moving quicker than others in the region. To this end, the Ministry released the guidelines for the Personal Data Privacy Protection Law on 28 January 2021 to mark Data Privacy Day.
The Ministry's Compliance and Data Protection (CDP) Department has released guidelines to help everyone, whether individuals, regulated entities or stakeholders, to understand their responsibilities, rights and practices under the law. The guidelines also provide clarity on these requirements, and where possible provide checklists and template documents to support controllers with compliance with the PDPPL. Additionally, the guidelines clarify some ambiguities in the PDPPL.
For example, under Article 11 (8), controllers must ensure that processors comply with the law and adopt appropriate precautions to protect personal data. The Controller and Processor Guidelines for Regulated Entities have now clarified that the controller can ensure a processor's compliance with this Article by entering into a formal contract. There is also now clarification over Article 16, which provides that in order to process sensitive personal data, permission must be sought from the CPD Department under the Special Nature Processing Guidelines. These also set out the requirements in order to obtain permission, including a data protection impact assessment to identify processing risks.
Equally, under Article 22 consent must be obtained from individuals before sending any direct marketing electronic communications, clarified under the Electronic Communications for Direct Marketing Guidelines: consent must be explicit and unambiguous, and an affirmative act – consent through pre-ticked boxes and opt-out notices only is not permitted.
Complaints can be lodged at the Ministry of Communications and Information Technology. Business owners may choose to seek legal advice to ensure they fully comply with these laws.
Sources: Unofficial translations of the laws.
