6 minute read
Digital Qatar
The Ministry of Communications and Information Technology was established in October 2021, superceding the Ministry of Transport and Communications. The ministry has a wide-ranging mandate, overseeing and developing the ICT sector. The ministry also introduces ICT plans, policies, programmes, projects and initiatives; develops e-government programmes; and boosts capacity and digital literacy to foster a technologyfriendly environment. Ministries have been rolling out digital initiatives to make government services more efficient, accessible, and customer-centric. The Qatar Digital Government programme serves individuals and businesses, with government administration now better serving citizens and residents. Part of this programme is the Qatar Digital Government 2020 Strategy, which was formulated in line with Qatar National Vision 2030, the National Development Strategy, the National Communications and IT Plan, the National Broadband Plan, and other ICT plans. Qatar has some of the world's most developed ICT infrastructure. Monitoring online security threats is a top priority, and the Cyber Security Division aims to protect sensitive information and user safety. Ooredoo was the first company in the world to launch 5G services on a commercially-available network in May 2018, rolling out a live 5G network on the 3.5GHz spectrum band. Ooredoo opened mobile access to its 5G network for compatible smartphone users in July 2019 with 100 live 5G base stations. Meanwhile Vodafone Qatar rolled out its 5G network in August 2018 and was the first to commercially launch its 5G network. In early 2019 both companies were granted radio spectrum licences to operate 5G commercially from the Communications Regulatory Authority (CRA), with each company initially assigned 100MHz within the 3500 – 3800MHz frequency band. Both companies have to roll out the 5G networks in all densely populated areas, primary roads and highways, and venues associated with the FIFA World Cup Qatar 2022TM .
Internet use and social media In December 2021, Qatar's median download speed ranked it 5 for mobile and 44 for fixed broadband (Source: Speedtest Global IndexTM). Qatar is number one globally in Internet Adoption according to ‘The Global State of Digital 2021’, a report by Hootsuite which features more than 230 countries. There were 2.88 mn internet users recorded in Qatar in January 2021, out of a population of 2.91 mn, a year-on-year (y-o-y) increase of 29,000, with 2.87 mn social media users (98.8% of total population). Google Chrome recorded a 68.3% share of web traffic, up 8.6%. Mobile connections increased by 35,000 (0.8%) y-o-y, giving connections of 4.67 mn, 160.6% of the population – the mobile connection figures exceed the total population as many people have multiple mobile connections. Prepaid services are favoured, accounting for more than 70% of the population. Broadband connections ranging from 3G to 5G covers 87% of the population. In terms of social media platforms, other surveys show that Instagram and Snapchat are the most popular, with TikTok gaining popularity. The Communications Regulatory Authority (CRA), regularly urges citizens and residents of Qatar to be vigilant with online activities. Due to the growing number of cyberattacks, scam calls, and text messages requesting personal and banking information, consumers should verify the identity of the third party before sharing details, use a twostep verification feature online where applicable and regularly change passwords. Personal privacy protection Recognising the need to develop an international regulatory and legal framework to protect the digital sovereignty and data privacy of individuals and businesses in Qatar, Personal Data Privacy Protection Law (PDPPL) No 13 of 2016 was issued. The law includes provisions related to the rights of individuals to protect the privacy of their personal data. Article 2 states that this refers only to personal data that is electronically processed, or obtained,
The Communications Regulatory Authority (CRA) regulates the ICT and postal sectors. The independent authority ensures fair competition while protecting consumer rights. cra.gov.qa
gathered or extracted for use electronically, or when a combination of electronic and traditional processing is used. However, it does not apply to personal data processed by individuals privately or within a family context, or to any personal data gathered for official surveys and statistics, as per Law No 2 of 2011 on Official Statistics. Under the law, businesses are banned from sending direct marketing messages electronically without obtaining an individual’s prior consent, and that consent is required from individuals before their personal information can be used by another entity. Organisations must also adhere to basic data protection responsibilities. This includes, but is not limited to, ensuring data handlers receive training and that precautions in place to 'protect personal data from loss, damage, modification, disclosure or being illegally accessed.' Protection is given to personal data of a private nature, such as information relating to race, religious beliefs, children, health, relationships and criminal records – this may only be processed after obtaining permission from the Ministry. Additionally, in order to protect the youngest members of society, Article 17 states that the owner or operator of any website related to children must put up a policy about how it manages the information of minors. Website owners/operators must also get the consent of the child’s parent when processing their information. It should be noted that entities that operate within the Qatar Financial Centre (QFC) are subject to the QFC's own Data Protection Rules and Data Protection Regulations from 2005. With the country racing towards total digitalisation by 2030, there is a need for more transparency, awareness and education. Qatar is at the forefront of adopting regulation, moving quicker than others in the region. To this end, the Ministry released the guidelines for the Personal Data Privacy Protection Law on 28 January 2021 to mark Data Privacy Day. The Ministry's Compliance and Data Protection (CDP) Department has released guidelines to help everyone, whether individuals, regulated entities or stakeholders, to understand their responsibilities, rights and practices under the law. The guidelines also provide clarity on these requirements, and where possible provide checklists and template documents to support controllers with compliance with the PDPPL. Additionally, the guidelines clarify some ambiguities in the PDPPL. For example, under Article 11 (8), controllers must ensure that processors comply with the law and adopt appropriate precautions to protect personal data. The Controller and Processor Guidelines for Regulated Entities have now clarified that the controller can ensure a processor's compliance with this Article by entering into a formal contract. There is also now clarification over Article 16, which provides that in order to process sensitive personal data, permission must be sought from the CPD Department under the Special Nature Processing Guidelines. These also set out the requirements in order to obtain permission, including a data protection impact assessment to identify processing risks. Equally, under Article 22 consent must be obtained from individuals before sending any direct marketing electronic communications, clarified under the Electronic Communications for Direct Marketing Guidelines: consent must be explicit and unambiguous, and an affirmative act – consent through pre-ticked boxes and opt-out notices only is not permitted. Cybercrime The law on data protection follows on from Law No 14 of 2014 Promulgating the Cybercrime Prevention Law. With the high level of internet connectivity in the state comes the increased possibility of cybercrime. According to the 2020 Global Economic Crime Survey by PricewaterhouseCoopers, 'As huge numbers of people move to digital platforms for work and social interaction, we are seeing a shift in cybercrime' due to COVID-19. The law imposes sanctions and penalties for offences committed via the internet, IT networks, computers and other sources. Some of these provisions include the following: • Under the provisions concerning 'content crimes', it is illegal to publish 'false news' – these terms have not been defined, but there is a duty of care for news agencies, social media users and journalists to verify the source of the news before broadcasting it. • There is a 10 year jail term and a fine of up to
QAR200,000 for forging any official e-document, or a three year jail term and QAR100,000 for unofficial documents. • A jail term of up to three years and a fine of up to
QAR500,000 for the breach of intellectual property rights by using the internet (eg copyrights, patents, trade secrets, trademarks and trade names).
Complaints can be lodged at the Ministry of Communications and Information Technology. Business owners may choose to seek legal advice to ensure they fully comply with these laws. Sources: Unofficial translations of the laws. m
