The 51-article Protection of Personal Data Law, which aims to protect the private lives of citizens and their personal data, was among several laws approved in principle on 3 November. Parliament Speaker Ali Abdel-Aal said a final vote on the law will be held only when MPs and the government reach a consensus on Paragraph 6 of Article 2 which specifies what kind of data institutions are obliged to reveal.
Abdel-Aal said parliament’s Telecommunications and Information Technology Committee had decided to add the paragraph to bolster national security. “The addition obliges the Central Bank of Egypt [CBE] and affiliated institutions to release the data of citizens in specific cases,” he said.
Minister of Parliamentary Affairs Omar Marwan intervened and asked for more consultation on the paragraph so “the government and the CBE can formulate an acceptable text.”
Minister of Telecommunications Amr Talaat said the committee’s addition needed to be more concise.
“It speaks in general terms about the CBE and its affiliated institutions, but the latter are vague,” said Talaat. “Our major aim is to keep the online and electronic personal data of citizens secret, and to ensure they are accessible to the CBE only in limited and fixed cases.”
Talaat argued that the final text of Article 2 should be in line with the 2014 constitution which gives the CBE wide powers to protect Egypt’s national economic security.
Abdel-Aal said Article 2 comprises both technical and legal aspects.
“It is technical in the sense that financial experts are the only ones who can give a fatwa [religious edict] in this respect, and legal in the sense that it tackles two kinds of freedoms — the right of citizens to protect their personal and private data and the right of the state to protect national security. Trying to strike a balance between these two aspects is a delicate task,” said Abdel-Aal.
Articles imposing prison terms on those who violate privacy rules also caused a lot of controversy.
MP Sherif Fakhri said he was disturbed by the number of articles that impose prison terms. “These freedom-restricting articles should be abolished. The only thing they will do is to scare investors away,” said Fakhri.
“A centre will be created to collect fines from violators, and its staff will have massive judicial and bureaucratic powers which they can use in an arbitrary way that could harm citizens and investors. Protection rather than extortion of citizens should be the underlying principle of the law.
“I know that you want this law to be 100 per cent liberal like the one passed by Canada,” Abdel-Aal told Fakhri. “What I would like is for the final text to be balanced, neither overly liberal nor restrictive.”
Ahmed Badawi, head of parliament’s Telecommunications and Information Technology Committee, told MPs the general aim of the law is to protect national security and encourage investments.
“The government-drafted law on the protection of personal data aims to guard citizens, economic institutions and businesses against the malicious use of data collected online,” said Badawi. “The law mainly targets social media and illegal access of personal data.”
Badawi said the committee decided to add Paragraph 6 in order to allow CBE to access the personal data of citizens in cases involving national security.
Ahmed Zidan, secretary-general of the committee, said the goal of the addition was to allow the CBE access to data related to the accounts of people implicated in terrorist activities.
“The law provides the legal framework necessary to protect personal data that is electronically processed and stored, and criminalises improper accessing of information and its malicious use.”
The law mandates the setting up of a personal data protection centre, headed by the minister of telecommunications, which will have the final say on who can access personal data.
The law also states that the personal data of those under 16 can be accessed only with the prior approval of their parents or guardian.
“The law seeks to safeguard the privacy of the data of citizens and the various institutions operating in and out of Egypt and guarantees tight protection of national investments, especially those dealing with the European Union [EU],” says the committee report. It obliges holders of personal data to implement the EU’s General Data Protection Regulations to prevent improper access and use.
“The draft law protects any personal data, including names and addresses, and sensitive data such as a person’s religion, bank accounts and medical records,” said the report.
*A version of this article appears in print in the 14 November, 2019 edition of Al-Ahram Weekly.