Internet service providers (ISPs) in Palestine are failing to protect their customers’ privacy. Through a joint study, Privacy Violated: Protection of Customers’ Personal Information by Internet Service Providers in Palestine, ImpACT International for Human Rights Policies and Access Now explore how the absence of right-respecting and user-centric privacy policies are leaving individuals’ personal data up for grabs.
Reviewing the privacy policies of seven major ISPs — Hadara, Mada, Fusion, Call U, Super Link, B Net, and Zaytona — the report assesses how these companies violate basic principles of customer data protection, and explores the level of customers’ awareness about privacy and data protection. Main findings include:
- All ISPs in Palestine fail to meet the standards for privacy and data protection exposing personal data to misuse;
- There is a lack of clarity over privacy policies from the majority of ISPs, with customers unaware of what these companies do with their personal, sensitive data;
- All ISPs relieve themselves from legal liability for the misuse of customers’ data by third parties, and withhold information about their right to compensation;
- Alarmingly, approximately one third of internet customers surveyed (30.8%) are unaware of how a privacy policy can and should protect them.
“Privacy is the gateway to the enjoyment of fundamental rights and freedoms, and internet companies in Palestine must ensure that people’s privacy is never violated,” said Marwa Fatafta, MENA Policy Manager at Access Now. “Companies that hoard personal data without transparency are exposing people who are already subject to all forms of surveillance and abuse online to further unnecessary harm. This heightens the need for a robust data protection law to protect internet users in Palestine.”
The Privacy Violated report comes in the wake of a USD 30 million grant from the World Bank to, among other areas, “support the digital foundations of the Palestinian economy.” The Palestinian Authority should seize this opportunity to allocate funds to enacting a robust data protection law, imposing regulations, and raising awareness of the right to privacy.
“The fact that the majority of ISP staff and consumers in Palestine are not aware that the ISP companies should have public privacy policies reflects the extent to which digital privacy awareness in Palestine is limited,” said Maha Hussaini, Executive Manager at ImpACT International. “It is the responsibility of the Palestinian Ministry of Telecommunications and Information Technology to ensure that no ISP is given a license to operate unless it meets privacy standards.”
ImpACT International and Access Now call on ISPs in Palestine to adopt and enforce robust, right-respecting, and user-centric privacy policies to protect people’s personal data, ensure that their privacy policies are public and easily accessible, and to collect only the data necessary to provide products or services.
These findings add to a disturbing pattern of privacy violations in the MENA region, including in Jordan, and Tunisia.