Right to Privacy & Egypt

What is Right to Privacy?

The right to privacy is a legal traditions that intends to restrain governmental and private
actions that threaten the privacy of individuals.

The UN and the Right to Privacy

The right to privacy is included in the Universal Declaration of Human Rights in
UN on 10 Dec. 1948 in (Article 12) and the International Covenant on Civil and
Political Rights (Article 17)
UNIVERSAL DECLARATION OF HUMAN RIGHTS / ARTICLE 12 & INTERNATIONAL COVENANT ON CIVIL
AND POLITICAL RIGHTS / ARTICLE 17
“1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or
correspondence, nor to unlawful attacks on his honor and reputation.” “2. Everyone has the right to
the protection of the law against such interference or attacks.”

Egypt
Together PI, EIPR, AFTE and APC bring their concerns about the protection and promotion of the right
to privacy in Egypt.
Egypt is the latest country in the Middle East to have issued a national data protection law.
This article considers the scope of the new legislation and the compliance obligations that
organizations operating in Egypt will now need to consider. It is likely that the law will be fully
enforced after 2022.

Egypt’s Personal Data Protection Law (PDPL)

1. Ensure transparent, inclusive negotiations

2. Define and include a list of binding data protection principles in the law
3. Define legal basis authorizing data to be processed
4. Include a list of binding users’ rights in the law
5. Define a clear scope of application
6. Create binding and transparent mechanisms for secure data transfer to third countries
7. Protect data security and data integrity
8. Develop data breach prevention and notification mechanisms
9. Establish independent authority and robust mechanisms for enforcement
10. Continue protecting data protection and privacy

Data Subjects have rights very similar to GDPR (General Data Protection Regulations):

 Right to Know
 Right to Inspect
 Right to Access
  Right to Correct (GDPR: Rectify)
 Right to Determine the Degree of Processing (read: limited consent)
 Right to be Forgotten
The PDLP reflects European GDPR

Areas of Concern
1. Communications Surveillance – The Right to Privacy is exploited by Malwares without
users permission or knowing For ex :- ‘FinSpy’ a product of FinFisher, at the time sold by
United Kingdom Gamma International.
2. Data Protection – Egypt does not have a law regulating the protection of personal data,
but as Egypt undergoes political and legal reforms towards a democratic state of
Government accountable to the rule of law, it is essential that issues related to data
protection be addressed & is working to draft laws on it soon.

Recommendations
Taking consideration of UPR (Universal Periodic Review)
recommendations, The Egyptian Government has come up with 7
rules as following:
 Ensure that government authorities expand existing protections for the right to privacy
and Data protection in relevant national laws to ensure the respect of these rights in the
context of digital communication;
 Introduce safeguards to ensure that the rights of mobile telephony! Subscribers in
relation to their personal data are guaranteed in accordance with all provisions relating to
the protection of personal data;
 Revoke the TRA Regulation of the Registration of Consumers’ Personal Data in Selling and
Activating Mobile Lines which requires distributors to record the identity of all SIM card
users;
 Deregulate the use of strong cryptography to allow online users to communicate
anonymously by repelling paragraph two of Article 64 of the Egyptian Telecommunication
Regulation Law, No.10 of 2003 which prohibits the use of encryption technologies without
prior consent from the relevant authorities;
 Development accountability mechanisms to oversee its intelligence services, whose work
remains highly secretive;
 Investigate claims that illegal communications monitoring is routinely undertaken by the
security services and other state authorities; ensure that such practices are ended and
Responsible individuals held to account if the claims are verified and victims redressed for
the violation they experienced;
 Establishes a communications surveillance policy which is in accordance with the
‘International Principles on the Application of Human Rights to Communications
Surveillance 34 ‘which requires all interference with protected information to be legal,
legitimate, necessary, adequate, and proportionate, decided upon by a competent judicial
authority, dealt with due process and with the consent of the user amongst others
criteria. In addition, an independent oversight mechanism must be set up to ensure
transparency and accountability of communications surveillance.