At a busy shopping mall in Dubai, I was about accessing an open wifi network when a voice in my head told me to be careful. What if the network was unsafe? What if they stole my private information? My fear of stolen data was due in large part to what had been reported in the media –large-scale breaches that have compromised the data of millions of people. The Identity Theft Resource Centre – a non-profit organisation that focuses on identity theft – classifies data loss according to the following categories: insider theft, hacking/computer intrusion, data on the move, physical theft, employee error/negligence, accidental web exposure/unauthorised access.
In 2018, I had just started working in the Middle East when Careem, the ride-hailing app in the region, suffered a cyberattack that compromised the data of its 14 million users. Personal details such as names, email addresses, phone numbers and trip data were stolen in that unfortunate incident. That same year, hacking was identified as the most common form of data breach in the world.
Internet users like me are worried, and continue to disagree with businesses’ claim on transparency in the use and protection of their personal data. A CIGI-Ipsos Global Survey on Internet Security and Trust conducted to determine people’s opinions on online privacy and the power of social media platforms, revealed that users generally distrust social media platforms, search engines and internet technology companies. I was not surprised that no industry included in the Privitar Privacy Pulse research scored up to 50% rating for data-protection trustworthiness.
On that day, as I left the Dubai mall, I had many questions. How are telecoms brands in the Middle East seeking to protect the privacy of consumers in light of concerns about the security of their data? How are they assuring their customers? To seek answers, I spent hours poring over company procedures on protecting personal information, and how such claims are presented on their respective websites. My review of the privacy statements from three companies in Qatar, Saudi Arabia, and the United Arab Emirates suggested that the businesses are all committed to protecting and respecting customers’ privacy, in line with the law.
The regulatory landscape is awash with policies and legislation to ensure that organisations do more to protect people’s personal details, and users can make better privacy choices. The General Data Protection Regulation – which came into effect in 2018 to protect the personal data of European Union residents – has been described as one of the most comprehensive data protection regulations ever enacted. The GDPR defines how people can access information about them and limits what organisations can do with personal data. The National Information Technology Development Agency issued the Nigerian Data Protection Regulation, in 2019 to protect the personal data of Nigerians. Just like the rest of the world, some countries in the Middle East are also moving towards introducing specific regulations on personal data protection. In 2016, Qatar became the first Gulf Cooperation Council member state to issue a personal data protection law – the Data Protection Law. In January 2022, the UAE Personal Data Protection Law, the first comprehensive federal data privacy law in the country’s history, came into effect. In the case of Saudi Arabia, a new Personal Data Protection Law will come into effect in March, 2022. I look forward to the strict enforcement of these laws.
Last January, a man was arrested in the US for fraudulently obtaining unpublished works of authors. According to media reports, the thief, who worked in the UK registered several fake Internet domains to scam writers. I was horrified, and it reminded me of a time I received an email from an award-winning Nigerian author, stating he was stranded in Spain, and needed some Euros to pay his hotel bills. The email was riddled with grammatical errors. But what upset me most was the line: “I currently don’t have a phone where I can be reached.” How was that possible? I ignored the mail. The following day, I received another email with the subject: SCAM: I AM NOT IN SPAIN. In it, the real author detailed how his email had been hacked by scammers. He never went to Spain, and was not stranded financially. I hoped no one sent the scammers money. But it could have been worse. What if the scammers stole his unpublished manuscript from his email and leaked it online?
Not too long ago, I presented a paper at a cybersecurity conference in Saudi Arabia. The two-day event was held to shed light on various aspects of information security, including privacy protection. In my presentation, I argued that Internet users should have more control of their personal data. My stand hasn’t changed. I remain worried that certain firms still collect and share people’s personal details without their consent, at the same time that cybercriminals are intensifying their efforts at data theft. For someone like me, living in the digitalised world has increased my concern about online privacy. As I travel around the Middle East, I hope that brands in the region continue to take reasonable steps to protect their customers’ private data.
In the meantime, I will continue to look over my shoulder before I click that link. As an author, I have a lot at stake.
Dr Isong is based in the Middle East. Twitter: @anietie_isong
All rights reserved. This material, and other digital content on this website, may not be reproduced, published, broadcast, rewritten or redistributed in whole or in part without prior express written permission from PUNCH.
Contact: [email protected]