In a busy mall in Dubai, I was about to access an open Wi-Fi network when a voice in my head told me to be careful. What if the network was unsafe? What if they stole my personal information? Much of my fear of data being stolen was driven by what the media reported — large-scale breaches that compromised the data of millions of people. The Identity Theft Resource Center, a non-profit organization focused on identity theft, categorizes data loss into the following categories: insider theft, computer hacking/intrusion, data in transit, physical theft, employee error/negligence, accidental discovery Internet / unauthorized access.
In 2018, I had just started working in the Middle East when Careem, a ride-hailing app in the region, suffered a cyber attack that compromised the data of 14 million users. Personal details such as names, email addresses, phone numbers and travel details were stolen in this unfortunate incident. In the same year, hacking was recognized as the most common form of data leakage in the world.
Internet users like myself are concerned and continue to disagree with companies’ claims of transparency in the use and protection of their personal data. The CIGI-Ipsos Global Internet Security and Trust Survey, conducted to gauge people’s views on online privacy and the power of social media platforms, found that users generally do not trust social media platforms, search engines and internet technology companies. I was not surprised that not a single industry included in the Privitar Privacy Pulse study scored above 50% of the data security reliability rating.
As I was leaving the Dubai Mall that day, I had many questions. How are telco brands in the Middle East looking to protect consumer privacy in light of concerns about the security of their data? How do they reassure their customers? To find the answers, I spent hours studying the company’s privacy practices and how such claims are presented on their respective websites. A review of the privacy statements of three companies in Qatar, Saudi Arabia and the United Arab Emirates found that all companies are required by law to protect and respect customer privacy.
The regulatory landscape is full of policies and legislation to ensure that organizations do more to protect people’s personal data and that users can make better privacy choices. The General Data Protection Regulation, which came into force in 2018 to protect the personal data of European Union residents, has been described as one of the most comprehensive data protection regulations ever enacted. The GDPR defines how people can access information about them and limits what organizations can do with personal data. In 2019, the National Information Technology Development Agency issued the Nigerian Data Protection Regulation to protect the personal data of Nigerians. Like the rest of the world, some countries in the Middle East are also seeking to implement special rules for the protection of personal data. In 2016, Qatar became the first member country of the Gulf Cooperation Council to issue a law on the protection of personal data – the Data Protection Law. In January 2022, the UAE Data Protection Law, the first comprehensive federal data privacy law in the country’s history, came into effect. In the case of Saudi Arabia, a new data protection law will come into effect in March 2022. I look forward to strict enforcement of these laws.
In January of last year, a man was arrested in the USA who fraudulently obtained unpublished works of authors. According to media reports, the thief, who was working in the UK, registered several fake internet domains for fraudsters. I was horrified and it reminded me of the time I got an email from an award-winning Nigerian author saying he was in Spain and needed Euros to pay his hotel bills. The email was full of grammatical errors. But what saddened me the most was the phrase: “Currently, I don’t have a phone number that I can contact.” How is that possible? I ignored the mail. The next day I received another email with the subject: SCAM: I AM NOT IN SPAIN. In it, the real author told how his email was hacked by fraudsters. He never went to Spain and had no financial difficulties. I hoped that no one had sent the money to the scammers. But it could have been worse. What if fraudsters stole his unpublished manuscript from his email and leaked it to the Internet?
Not long ago, I gave a talk at a cyber security conference in Saudi Arabia. The two-day event was held to highlight various aspects of information security, including privacy protection. In my presentation, I argued that Internet users should have more control over their personal data. My position has not changed. I remain concerned that certain firms are still collecting and sharing people’s personal data without their consent, while cybercriminals are stepping up their efforts to steal data. For someone like me, living in the digital world has heightened my concerns about online privacy. As I travel through the Middle East, I hope that brands in the region will continue to take reasonable steps to protect their customers’ personal data.
In the meantime, I’ll keep looking over my shoulder before clicking on that link. As an author, I have a lot at stake.
Dr. Isong works in the Middle East. Twitter: @anietie_isong