IGF 2018 - Day 1 - Salle III - WS407 Digital development & Data Protection in the global south: MENA region as an example

The following are the outputs of the real-time captioning taken during the Thirteenth Annual Meeting of the Internet Governance Forum (IGF) in Paris, France, from 12 to 14 November 2018. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



>> MODERATOR: OK.  Ladies and gentlemen, good morning.  Bonjour in good French.  This is the Workshop No. 407 about digital development and data protection in the global south:  MENA region as an example.  I have the pleasure to moderate together with Madam Zeina Bouharb, the online moderator, and also with the rapporteur.

Welcome to all of you and I hope that this session will be of great benefit for you.  One of the most important goal of the World Summit on Information Society, the WSIS was to narrow the digital divide that may also contribute narrowing the social divide between the global south and global north.  15 years later where we're was the divided usage, did the Internet contribute in reducing the gap between the info poor and info rich?  How about the development in the global south?  What are the digital elements that may help better economic growth?  Did the Internet contribute in the achievement of the SDGs?  Also what about the other concerns added today to the ones of 2003 such as privacy and data protection?

To answer all these questions imminent experts have been invited to present their views and their experiences thereupon with a special focus on the mean that region.  I will start with Mr. Aziz Hilali who is a professor at Arabic University, he's president of the Mediterranean Federation of Internet Associations and he's also a member of the ICANN Nomcom.  Aziz, you have the floor.  No, Aziz will address the digital divide status 15 years after the conclusion of the World Summit on Information Society and highlight the impact of (?) on the development.  Aziz, you have the floor.

>> ABDELAZIZ HILALI: Thank you very much, Tijani.  My presentation, as Tijani said, is based on the statistics to show the gap between individual households, geographical and different socioeconomic level in terms of both their opportunities to access ICTs and inequality of use.  The latest data on ICT development published by IT report which has been published annually since 2009 can be summarized as fellows, continued process in connectivity and use of ICTs, supported growth in the availability of communications in the past decade led my growth similar telephony and more recently in broadband.  We have also rapid growth in growth of broadband services, substantial digital divide between countries in the region and between developed and developing countries, this divides our evidence in Internet use as well as connectivity.  Statistics show more than half of all households worldwide now have access to the Internet.  There is also a gender digital divide, it is relatively small in developing countries, more pronounced in developing countries and substantial in last (?).  Only one in seven women is using the Internet compared to one in five men.  The gender digital divide in Africa appears to have grown significantly over the past five years.  Young people also are more likely to be online and their parents.  Statistics show that the proportion of online aged 15 to 25 ‑‑ 24 is estimated at more than 70% (?). 

Here we have four charts.  And according to that, the number of Internet users has exceeded 4.4 billion in 2018.  That is to say 55% of the world population compared to just 1 billion in 2005.  This shows that the continuity of (?) during the period.  Chart two and three shows there are considerable differences in the experiences of countries in different development categories and in different regions.  The two graphs respectively show the evolution of the number of individual users in countries with different development status and by different regions between 2005 and 2017.  This shows a substantial digital divide between developed countries in which 81 of countries are now estimated to use Internet only 41 for developing countries and 17.5 for ADCs.  Chart four shows that the digital divide between developed and developing countries and the region which are also evident in households Internet access levels.  The MENA region which is part of Asia and the Pacific region both record just half of households have an Internet access.  Africa, however, is lower, is much lower at 18% despite country (?) since 2010.  And as Tijani asked me to conclude with the impacts of Internet of economic development, it is not easy to evaluate with figure the impacts of the Internet on development.  There are, however, examples that show the positive impacts of the Internet that has led developing countries to take advantage of access to global searches of information to improve their economy.  This includes the impacts of education and Internet use and education has expanded the horizons of (?) of living and also the availability of educational materials.

Also the impacts are on medicine, Internet allows assistance to persons working in the field access to medical skills, remote medical intervention.  An example, in Kenya, thanks to the platform which name is (?) several cases of persons were saved.  Three, the impacts of banking and finance.  Remote access to banks facility states the transfer of money abroad.  The best known example is in payment is in PASA (phonetic) by Kenya, this system was developed by telephone operator that allowed (?) 30 million users to send cash to other mobile phone users and impacts of business, the cost ‑‑ the cost is (?) is one of the main ‑‑ pardon ‑‑ the main impact to (?) which is buyers and sellers.  There is association also between sellers and consumers.  Thank you, Tijani.

>> MODERATOR: Aziz, you presented only successful cases but we'll see if Rima will give us other kinds of reports.  The second speaker in Rima Hleiss which is the associate professor of faculty of engineering, Labanese University, and she's also head of the scientific community at the Lebanese order of engineers and architects for three years.  She will present the impact of ICTs and Internet in particular on the achievement of the SDGs and on the daily life of grassroot population in the global south.  Rima, you have the floor.

>> RIMA HLEISS:  Good morning, everybody.  Thank you for being here.  It's a great pleasure for me to be part of this very interesting session.  I will present the impact on ICT and Internet and achieving the SDG goals and I really hope you will enjoy the session.  Please first allow me very briefly to thank the organizers of the big job they have done.  The Order of Engineers and Architects have been given special support and special thanks go to Tijani and (?) for their constant support.  20 years ago we never could have imagined how smart our mobile phones would become, how integral they would be for our daily life and to what extent they would impact our manners and behaviors.  Modern technologies have created a global village in which every single individual of the global community is able to communicate with another individual no matter how distant they are from each other as if they lived in the same neighborhood.  The big fact that information and communication technology and Internet are extremely affecting our societies and accelerating human progress.  Based on this fact I will show you during my presentation that ICT and Internet are critical enabler of sustainable development and can be play a very crucial role in achieving the sustainable goals set by the (?) in 2030.  Due to the limited time for my speech I will only be addressing a few of them but will be ready to discuss the other goals during the remaining discussions. 

Let me start with the sustainable goal number four, the quality of education.  By 2030 all boys and girls should be attending a three primary and secondary school.  Students deserve to get educational from highly professional teachers who are following regular profession trainings, ICT is empowering digital learning.  Mobile devices connected to the independent allow now students as well as teachers to access easily access the YouTube or explain the videos and online (?), for example.  We ‑‑ the statistics shown we have 37% of children still out of school by 2016 which is unacceptable.  Poverty and political situations are among several reasons behind this number, as the case of Syria, Yemen and (?), for example.  Situations of refugees, for example, in MENA region is very hard.  Their children are suffering from lack of education especially in rural areas.  In such cases Internet can help bridge the gap given that the prices of computers or smartphones are decreasing and the Internet platform being less expensive than building schools or universities.  Empowering our Internet accessibility and quality is a must.  Connecting students together for collaboration, problem‑solving, global awareness is very important because the quality of education is not only about performance but it's also about the capacity of students to understand the world and to respect other people and cultures.

About the gender equality which is the sustainable development goal number five, how ICT and Internet can help to empower women and promote gender equality.  Due to ICT and Internet everyone has access to online ‑‑ to the same online sources and opportunities.  From statistics the Internet penetration in the MENA region has been 81.4% by December 2017.  Via easy access to Internet knowledge is equally addressed to everyone, women especially will be able to share experience in similarities in developing countries raising awareness about women's rights.  Due to ICT women will have direct access to employment opportunities as owners, managers or employees of new business ventures.  Women will also due to Internet access have stronger voice in their communities.  By empowering women through knowledge we are empowering the whole community to develop and be productive.  Based on my experience in the field of education and universities in my country of Lebanon, I can say that (?) are strongly present and almost all the (?) particularly ‑‑ fields particularly engineering which is my professional and electric, biochemical, and chemical engineering.

A brief statistic I have done at Order of Engineers and Architects, I can report 41% increase in the number of female engineers between the years 2012 and 2017.  On the other side women on the list of developing countries are struggling to improve their ability and thanks to the NGP they're supporting us on this long journey. 

Now about the sustainable development goal number 9, 11, and 12.  More than 70% stated by the World Bank of the population in the MENA region are living in urban areas.  Cities should be designed with affordable housing.  As we need to improve citizens' daily lives, investment in infrastructure like transport roles electricity and Internet and ICT.  Uber is a service provider of the Internet for well‑being and social impact in poor transport cities and lack of employment.  It helps people generate income by driving and helps drivers take (?) of public transport.  Empowering interesting.  A lot of efforts should be done to enhance the speed of the quality in the MENA region.  As of 2020 it is expected that only 16% of the mobile Internet users in the MENA region will use a 4G connection.  Smart metering are all innovative technologies that have reducing the construction.  For example, sensors are allowed to increase or increase (?) when needed.  Dim lights when nobody is around and send an alert when water leaks happen frequently.  Now ICTs themselves require energy consumption.  Research is promoted to minimize the impact of ICTs.  One of these new technologies is harvesting the energy harvesting is deriving energy from external source as solar, wind or kinetic energy.  This wind when captured is able to use devices like those used in electronics and wireless sensor networks.

Now about the good health and well‑being affordable and clean energy and climate action, quantified health, as you know, is the future of healthcare.  ICT provides each member of the society electronic medical card where all of the health information are indexed.  Data inside easily accessible to improve patient health in case of any accident.  Moreover wearable devices can provide information about any patient kick be remotely analyzed to bring out the convenient outcome regarding the treatment to be followed by the patients.  Smart grids allow buildings to benefit from green energy like solar energy or wind energy to procure electricity in a smart collaborative way.  Smart buildings can as described in the previous slide can enhance clean energy also.  Concerning the climate ‑‑ one minute?  Concerning the climate, collective action is a must.  Crucial role, weather information via application where we can find on our smartphones.  The most important point is bringing early warning systems which in case of disasters can help saving the lives of people.  Thank you for listening.


>> MODERATOR: Thank you, Rima.  Sorry for cutting.  Thank you, Rima, and I understood from your speech that was that the goal of the WSIS wasn't achieved, but we are hoping that the SDGs will try to reach the goals of the SDGs.  Thank you very much.

So now we'll go to the next speaker who is Mr. Charles Sha'ban who is the executive director of the Abu‑Ghazaleh Intellectual Property and chair of the (?) ICT committee.  He's also the chair of the Arab AGF MAG.  Charles will provide his experience in the workplace performance also in the strategy, execution and as well as improving legislation that stimulates investment and leadership.  Besides, he will explain how the Digital Economy provides better opportunities to everyone, including small businesses.  You have the floor.

>> CHARLES SHA'BAN:  Thank you very much and good morning, everyone.  A little bit change to the business side a little bit, especially for our new business leaders hopefully and the small businesses in the world and how this will help.  I will go exactly ‑‑ sorry I don't have slides but I will just try to make it in a small brief information as Mr. Tijani explained that any business should think of ICT as a new enabler and the best way we saw it is you need to have a strategy, not to wait until something happens.  And when I talk about this, I mean, for example, artificial intelligence, everybody knows we're talking about it, will it help your business or not?  You need to study it first.  If it does help you, each business, even small businesses, should start preparing what they want to do.  I made an example artificial intelligence because some people said I want artificial intelligence or I use artificial intelligence systems but you need to define what you need from this new technology so this is the most important issue and what it will solve for you in specific.  Usually it should have its clear target, for example, let me give an example, in our firm, so we're working on preparing something that even will do the research instead of the paralegals and lawyers.  So this is something very new, but at least it will help me reduce a lot of time in the research.  Then the person or the individual, the lawyer, the expert or whatever, he will have to be more innovative because he cannot compete with the machine in the speed so this is a small issue.  Going to the legalization part, I think this ‑‑ our countries should have clear legalization to support the businesses.  In some of our countries, since we're talking about the MENA region, for example, I'm sorry to say that some of the countries change I lot.  So a business will open, then suddenly he will discover that there was change in the way ‑‑ the taxation, for example.  So this is an important issue and we witness it in some of the countries.  And we witness some small businesses leaving countries because of this issue which as I say, we cannot know what day there will be a change.  So this is what I wanted to mention in specific about legalization, just to try to hopefully our governments will be able to put something clear to make the business sector confident that this will not change, let's say, next year.

Going to the individuals I think my colleagues already covered what was covered from the SDGs and how the new technology is helping everyone.  So from my experience, to be honest, this is a wonderful chance for all individuals to do something special.  What I mean by that, persons sitting in Jordan or in a small country has the same chance like anyone in Europe or the U.S. or Japan.  When I see (?) he only needs a chance to connect to the Internet and I'm sure he can deliver something and you have some very good experiences in the region as you know, some businesses started with a small online business that doesn't need a lot of investment and ended up being a very good business.

I know we have a specific time, I am leave the rest interact Tivoli at the end, but since I'm covering for my colleage Nidal, the information technology association of Jordan, I want to give you numbers he gave to me, just know when you invest in this work what will happen.  Jordan now, for example, has around 75% of the Arabic contents on the Internet.  So this is I think a good number for Jordan, when every ‑‑ I think you know now the Arabic contents much more than three years, less than 3% of the contents on the Internet but still that's coming better and more content for the Arabic language and 75% of it is coming from Jordan, I'm happy to know.  The revenue of the ICT firms in Jordan reached more than 2 billion last year.  Mainly in the softer industry.  So many of the softer ‑‑ we have a lot of softer ‑‑ for Jordan this is an example and they export mainly to the United Arab Emirates, Saudi Arabia, United Kingdom and United States of America.  These are the top markets.  I'm giving you the statistics that may colleague Nidal sent me and this is a future and Jordan is an example of it.  Export revenue, again, I mentioned ‑‑ I'm finished, yeah.  The last number is the total ICT employment.  More than 7,500 people were employed last year only in the ICT sector and 1.2 of Jordanians, so this is a big enabler to hire more people.

>> MODERATOR: Thank you, Charles, for this presentation and telling us how the Digital Economy give opportunities for young people in our region. 

The next speaker is Madam Wafa Ben‑Hassine has seen who is a policy leader for MENA region for Access Now which is a global not‑for‑profit organization that defends human rights in the digital age.  Wafa, will provide a perspective on the policies or lack of them related to privacy and data protection with special focus on the recent introduction of data protection laws in north Africa.  She will specifically speak about the application in Tunisia of the existing data protection law since 2004.  Wafa, you have the floor.

>> WAFA BEN-HASSINE: Thank you, Tijani, and thank you, everybody for being here.  Welcome to the ICT.  It's a little bit tough to animate an INMA session on the first day but we're doing our best.  So as Tijani mentioned, the digital investment in the Middle East and north African region is growing very quickly but not only that because I think my presentation shifts a little bit to more policy‑related issues and we're seeing slowly the sophistication of the digital policy landscape where digital policy literacy amongst Civil Society organizations, amongst individuals and especially amongst governments has gone up, thankfully.  One thing I did want to say at the onset is that the Middle East and North Africa region is very diverse and not every country and not every region within the region is the same.  So generally the way that is ‑‑ better way to conceive of the region is probably like a la grabbing and gulf, because a lot of these regions have specific populations on how they use the Internet and ICTs and interact with technology and as a result what are the needs of that interaction.  To go to the topic of data protection this is a relatively I would say new concept in the region as a whole.  The concept of privacy has existed for centuries.  It's existed with Arab culture it's exited with Islamic culture, it's always there.  But to actually have that culture of privacy to be translated to data protection is something else.  Privacy of an individual's information or what they say or what they don't say, it takes a little bit of effort to translate that into data protection because that is a modern understanding of what privacy really means and data protection is reflected in legislation that, actually, and effectively protect one's information especially personal information.  And the concept of data protection as a result is relatively new especially for policymakers.  The ‑‑ some countries have started to take on data protection in their national legislation and I will go ahead and use a Tunisian example just because it is the most recent example we have of legislators trying to implement data protection laws and then after that I should conclude my presentation, so it won't take long.

In Tunisia we saw ‑‑ so there has been an organic law in privacy and data protection in 2004 but, as I mentioned earlier it's old laws like that that reflect privacy but not necessarily data protection, it doesn't have the details what it needs to protect the individual and how does that right of privacy interact with other rights et cetera.  So this is the legislation like the one that was introduced this summer or a little bit earlier than the summer in Tunisia comes in.  And other global pieces of regulation such as the GDPR, the global data protection ‑‑ sorry the general data protection regulation in the EU has led ‑‑ has influenced countries in the Middle East, North Africa to implement these laws especially because they interact ‑‑ these countries interact very strongly economically with the EU.  So the data protection draft law in Tunisia really I think the biggest thing it achieved so far is that it opened up a conversation with multiple stakeholders, with the society, with the government, with independent authorities to discuss and negotiate and really kind of hone in on the finer points of the law so it still hasn't passed and it has not passed because there was an interesting interaction between certain articles and certain articles between the right to access public information and the right to the protection of personal data.  And so there was a little bit of a friction, I should say, but it's a very positive friction, I think it's a very positive development, because we see that Civil Society's interacting with these concepts, they're trying to define what it really means to have personal data be protected and what does it also mean to have the right to access public information which is something that Civil Society fought very, very hard for in that country in order to have, especially following a regime that didn't allow for the dissemination of public information and public documents.

So we're now still having this conversation, the balance between these two and there are obviously several models to follow in the world, there's the U.K. model, there are different states of the EU model, there's the Australian model.  And every country kind of finds this balance in its own way so we're still trying to figure that out ourselves.  But just one last thing I wanted to mention, data protection should not be seen as something that hinders the growth or creation of businesses, it should be seen as something that encourages it and makes business flourish.  And the reason I say this is because as a company, when you protect a user's information and you're compliant with various regulations around the world you actually have a strategic advantage over other business that do not, especially in countries outside the EU.  So in the MENA region we should really start to see this as an opportunity, and I say this all the time to startups I mentor or younger businesses I work with that this is your chance to really have a bigger opportunity to grow your market and to be more successful as well.

So that's the end of my presentation but I'll be happy to answer questions and continue the conversation later as well.  Thank you.

>> MODERATOR: Thank you very much, Wafa, and I have to confess that in Tunisia, I was surprised to see those Civil Society people be against the data protection law.  They say this is to prevent us to access data, and this is right, they are not wrong.  The problem is where to put the bar.  This is the problem.  And I think that now, with the discussion, we are better now, we have a better understanding and we will reach very soon the right agreement.  Thank you very much, Wafa.

I would like to ‑‑ for the record, I would like to express my disappointment that the remote participation is not available in this room.  No, it is not available.  This is a big problem because remote participation is one of the main factor of the success of IGF, and today we don't have it.  This is really disappointing.

OK.  Now last but not the least, our last speaker is Mr. Issa Mahasneh, who is ICT policy specialist and president of the Jordan open source association which is a Jordan non‑profit organization which promotes open technologies and human rights online.  Issa will provide us his perspectives on the protection of data rights, privacy or lack of them on Jordan.  Issa, please.

>> ISSA MAHASNEH: Thank you, Mr. Tijani, thank you, everyone.  I might follow up with the good presentation of my colleague Wafa regarding data protection but provide some legal findings in the MENA region regarding privacy and how, basically, they are connected with topics like biometric data.  So basically most of Arab countries lack any legal framework to protect personal data, there are some exceptions, the Tunisian one is the most famous one they have data protection since 2004.  All the countries that have data protection laws Morocco in 2009, Qatar since 2016 although it's not implemented yet, and there are almost we can say two new‑comers probably as a result of the both GDPR era, Algeria and Bahrain adopted two data protection laws in 2018.  We should mention here that basically there are different countries that are currently drafting data protection laws, Jordan is one of them, Egypt, the UAE, and other countries as well.  At the same time I want to mention considerations regarding data protection laws.  The first one is not all privacy laws are created equally.  Some privacy laws in the board and other countries might have some negative implications on human rights.  I really encourage you to have a look, published on the net report that has a complete section on data protection laws and some negative implications that they might have.  For example, the Moroccan data protection law has some kind of restriction on the use of encryption tools which is considered somehow to be one of the human rights in the digital era.  The second consideration is also regarding that basically that some kind of data protection is already there in some countries but not really in the data protection law in let's say in a harmonized legal framework that takes into consideration the rights of the data holder and established, for example, data protection authority.  Also regarding personal data, actually newer laws to differentiate between integrity of data and all of them or most of them provide a (?) for sensitive data.  Actually, we can see that in different region laws.  Morocco, Qatar, Algeria and Bahrain all have some kind of special protection for sensitive data.  And regarding biometric data, some of them, some of these laws specifically mention biometric data and some of them actually put them within the sensitive data categorization.  We have two cases in the MENA region, Morocco and Algeria both have very specific (?) of biometric ordinary data and they put some kind of restrictions on how this data is ‑‑ are processed or are collected and so this was more related to the legal part of the data protection and biometric data.  It will be also very interesting to see some kind of recent developments in terms of how biometric data are being used and it lies in the are board.  You can see that different countries are adopting biometric ID cards, one of the oldest examples in the MENA regions is probably the UAE they have biometric ID card since 2014 and more and more countries are adopting these ID cards, for example, Morocco's expected to have biometric ID system in 2019.

All the countries are using biometric data forcing card registration.  For example, this is happening in the UAE.  They're now recent developments in Jordan to basically if any citizen would card or telephone line should provide some kind of biometric data and we can also see that biometric security has been adopted more and more, for example, I mean, face recognition or iris scanning in airports around the MENA region.  And regarding to this recent developments probably we can also ask ourselves some different questions to basically to see how they're affecting the human rights in the digital era.  For example, since we are talking about countries, most of them have no legal protection, have no legal framework to protect this personal data.  So some of the questions would be who's storing the data, how, basically, it can be transferred to other entities, are this biometric data that are used for assistance utilized by other services, we're talking about public services or other platforms that could basically allow their utilization from private entities.  Also what are the rights of the dense?  Are they able to opt out from this biometric ID card systems?  Do they have access to their own data?  And what is the accuracy or full percentage of the systems in terms of ‑‑ in terms of security or accuracy.  I will also mention one use case before ending my talk.  It's more about using biometric data in terms of facial recognition and iris scanning.  There is a big project happening in Jordan in Syrian refugee camps, actually, that specifically it's using biometric to bring assistance to refugees.  This is a big U.N. FCR project so basically refugees are providing their biometric data in order to get their food rations.  Some (?) basically there are no lost cards anymore faster queues but we can also have a look at let's say negative implications that, so (?) may be able to access this data, these databases could be used for other purposes.  At the end I would just bring some next steps, I would say, or recognition regarding that.  Privacy laws should be a priority for different legislative and policymakers.  Privacy assessment for high‑risk data should be there regarding accessibility of biometric data and probably the civil societies and other entities should raise awareness of privacy issues, thank you.

>> MODERATOR: Thank you very much, Issa.  You know that data protection today is one of the hot topics discussed everywhere.  Because, as you know, there was a big implication of the use of our data without our consent.  So it was ‑‑ now the European countries have decided to have a regulation about that which is the GDPR, and ‑‑ and everyone who is dealing with the European people have to comply with this regulation.  Data protection is about data collection, data process, processing, data transfer, data function and data access.  So there is a real problem now because we have to mean values.  The privacy and the data protection and the transparency.  And this is why there is always everywhere there is a confrontation between those two values and there are people who are defending the transparency and they are rational and people who are defending the privacy and the data protection and they have also their rationales.  If you know at ICANN we have today a real debate, a very hot debate about that because the data are collected by registrars and they are processed, they are used, et cetera.  And with the GDPR, we have to comply with the GDPR.  There is a problem, there are two kinds of people, those who are defending the privacy and the data protection who says we don't have to collect as much data, we don't need them, we don't have to distribute it to other parties, only the registrars have them.  Data retention, the website ‑‑ no, the domain name is expired, we don't have to keep the data, we have to erase it, et cetera.  So we have to comply with GDPR.  Other people said, hey, and how will we prevent the cyber crimes?  If today we don't have as much spams as before, it is because we are using these data to eliminate and to stop any kind of use of the domain name for spam.

So two things and two variable rationales.  And it is not solved yet.  I hope it will be solved because I hope that people will have the spirit of the balance and because all of this is in the interest of the user.  The interest of the registrant is that each data is not ‑‑ its data is not shared with everyone and the interest of user is not to have spam, cyber crimes, et cetera.  I think in these few years we will have more debate about that and I hope that you reach the right conclusions.  Thank you very much and now I open the floor to you.  Please.

>> Can you give your name, please?

>> (Off mic).

>> Actually, I mean, a good case will be Algeria.  The Algeria law regarding data protection is very good in terms of rights and how they are dealing with personal data.  It's a very GDPR‑compliant, I could say, and there is a business or economic reason behind that.  Lots of companies in Algeria are providing services to Europe, especially France.  Probably the ‑‑ it's called the call centers, for example, lots of French companies are basically having call centers in Algeria and they are dealing with personal data of European citizens, French citizens, so Algeria did is they really implemented a legal framework which is very compliant with GDPR.

>> Can I quickly add something to that, Tijani?


>> To answer your question about adequacy decision.  I don't know any country right now in the region which is actively applying for that but I think it's important that these countries pass law that, first of all, protect their own citizens' and own residents' data and then make sure it's compliant with the GDPR.

>> AUDIENCE: Thank you for the floor, my name is (saying name) from Switzerland, from the private sector and my question is for all this new legislation in Africa, what is actually the master project before ‑‑ is it GDPR, is it something join, is it the cancel of Europe 108 new revision convention, so what is actually at the basis of it?  And how do we make sure that it's some kind of a general assumption, what is actually company, for example, need to do?  Because companies have really a challenge what should be the baseline for them and currently it's the GDPR but not in every area of the world.


>> WAFA BEN-HASSINE: The distinction between the GDPR needs to be made and I'm not the expert but convention 108 has been ratified by a few regions Tunisia and I believe Morocco is in the process but I could be wrong but several countries have signed on it.  But signing convention 108, even ratifying it doesn't mean very much in terms of data protection on the ground of users' data so this is why the passage of data protection legislation is important to reflect the commitment that the country made to convention 108.  At the basis of these new laws hopefully would be the protection of user data, as I mentioned in my previous answer.  But at the heart of the movements, of these policy movements is a certain special economic interaction with the EU especially for north African countries where a lot of, for example, call centers exist in north African countries where they're treating the data of European residents.  So ‑‑ so, yeah, I hope that answers your question.

>> MODERATOR: And for the record Tunisia the first law on data protection was done in 2004.  Much before the GDPR. 

>> AUDIENCE: Hello, everybody, I'm (saying name), I'm a professor of law.  I work as an expert for the legal for the states.  I've prepared the conventional cyber security and most important I've prepared the study in the Arab region on personal data protection.  And what I will say here is that technology is ‑‑ won't be the one who rules the net.  So I think we have to understand what are the legal concepts and if it's true that everyone technical, policymakers, decision‑maker, whoever, has to contribute, it's true also that legal people have to be here.  Our experience with our legislation, the new Lebanese legislation says that when technical people wants to write legislation, they will fail to do it alone.  And that's what made our legislation wait for 14 years to be approved.  And the last version of it shows very, very clearly that it wasn't well done because also, according to our experience, those who have contributed wasn't really the one who should be there.  And the last meeting with it at the parliament at the Lebanese parliament, two weeks ago where we called for these NGOs to come and say what they think of the new legislation, showed us people, technical people, who wanted to, for example, go for civil courts for crimes.  You see?  So they were like saying, well, we don't want to go before penal codes, we want civil codes, which is, excuse me, pure un‑understanding of the nature of law, of the procedure, and this is a problem, you see?

So what we need, before everything, we need to understand that when we talk about personal data protection, it's true that it is about economic interest and protecting economic interests, but at the end of the day, these interests of whoever states should be protected and defended by law.

>> MODERATOR: Thank you very much.  Of course, if we speak about regulation, we need to involve the legal persons and lawyers, for sure.  We will not try regulations by everyone.  Any other questions or discussion?  Yes, please, go ahead.

>> AUDIENCE: OK.  (Speaking non‑English language).

>> MODERATOR: The question is for you.

>> I used to study French at school but ‑‑

>> MODERATOR:  OK, I'll translate it, I'll translate it.  He asked about the good pupil, about data protection in the region, means that what is the best country.

>> Oh, I mean, if you ‑‑ it's really very hard and difficult question to answer.  I mean, for ‑‑ it depends what is the standard that we're looking for, I mean, if it's GDPR, I might say the Algerian law is somehow it's also somehow new and it persons lots of the concepts of the GDPR but I'm not sure, for example, I mean, I was thinking about how the legal and technical people could come together.  In Jordan, for example, we have a draft law, now it's basically the third version of it, and there was a round table since ‑‑ for five years, for example, that basically where the grouping, legal and technical people, and trying to put efforts together in order to have very good results in terms of data protection law.  So probably the methodology could be better there.  I'm not really sure how basically the law in Algeria was basically produced, let's say.  So it truly depends which aspects you are looking for.  I think they ‑‑ I mean, the Tunisian one is probably is ‑‑ was first approved in 2004, so even the general mind‑set about privacy even on the global level was somehow different, and things in the new draft law probably could be somehow more compliant more inclusive of all the civil rights that the data holder could have.

>> MODERATOR: Wafa, do you have something to add?

>> WAFA BEN-HASSINE: Not really but as a lawyer I completely agree with (saying name).  I also believe that whatever data protection laws do pass, especially when it comes to balancing between right to access public information for the citizens, not just for the governments, and the right to privacy, what's really important is that the laws are necessary and proportionate, right, so that they follow these principles and that they ‑‑ even the exceptions that could be noted in the law are not vague and that they're well defined, national security, those are certainly legitimate interests, however, the law needs to specify that in clarity and also have a good remedy for cases that don't go right.  So ‑‑ but, yeah, the Algerian law in particular, I mean, I've done a very light analyze of it before, and unfortunately they didn't really involve a lot of stakeholders in the drafting of that.  That's one thing I had a lot of concern with.  It just kind of popped up out of nowhere in parliament.  And it is a decent piece of legislation but I think we could do better in terms of having stakeholders and I don't just mean Civil Society, academia, the lawyers, the Technical Community, et cetera, so ...

>> MODERATOR: Thank you.  OK, Charles.

>> A small addition, not directly related to the subject but I know that as my colleague mentioned in Jordan reviewing the laws, one of the important issues around it is they have harsh penalties.  This is needed, some of our countries, Jordan, for example, the penalties was ‑‑ to be honest I don't want to do something wrong because there were strong penalties.  Sorry to say that but seems they have to enforce it so they are doing it more and additionally I want to say recently in Egypt they are doing something similar to the GDPR, I'm not sure what it is exactly but they said they are having their own law, they are setting it and they are going to enforce it soon.

>> MODERATOR: Thank you, Charles.

>> I'm going in the same thinking.  What I want to say is that actually when I studied these Arab legislations, I found they had some common flaws which relates to the authority in charge of protection.  And as far as a general concept that somewhere it could help, this is only my opinion when it is about technology because it allows the judge or whoever authorities there, to extend the protection a little bit.  It's very bad, we know, as legal personnel, excuse me, professionals, that general concepts are very dangerous for liberties and we have to be specific to defend the citizens against the government.  But when it is about protecting citizens, I am for the general concepts.

>> MODERATOR: Thank you, Muna.  Any other questions, yes, please.

>> AUDIENCE: Hi, my name is (saying name) I'm a student from Brazil and working for NGO.  I'd like to make data protection authorities, how are the discussions going there and you have good institutions for enforcement in the region?  Thank you.

>> MODERATOR: Thank you.  Who wants to answer?  You want to answer?  OK.

>> So if I understood correctly, you're asking about different DBAs in the board.  You really defer and probably because of the concept about even the legal concepts around the DPS, for example, if you look at the Jordanian example the DPA is somehow a dependent unit, it's a single unit within the ICT which doesn't take into account there should be some kind of judiciary power to it.  But, for example, it's not really the case in all the countries like Tunisia.  Tunisia have an independent body.  This is the case of Morocco as well.  The ‑‑ how members are selected are basically deferred from one country to another but you can have a mix, for example, of people that are being selected from specific ministries, we are talking about the Ministry of interior, Ministry of justice, and other members of the GDPR that are basically selected or appointed within the ‑‑ by the parliament, by different houses of the parliament.  So there is not really a specific format that is basically implemented in all the MENA region.  It's really from each country to the other.  But generic idea would be to have very strong, independent authority that has the power to, basically to put in practice what is really written in the law in terms of rights and in terms of people that have been affected in terms of data protection could basically recite to these authorities in order to ‑‑ in order to the law be implemented in the end.

>> MODERATOR: Thank you, Issa.

>> AUDIENCE: I just want to say that protection or privacy or ‑‑ protection of personal data needs to be done also across the culture because also according to our own experience and training and capacity‑building, whatever you want, we find that people need to understand what it is about.  We need to spread the word and we need to work on that.

>> MODERATOR: Thank you.  Any other question?  We still have time.  No questions?  Wafa.

>> WAFA BEN-HASSINE: Yeah, I think education and culture is very important because ‑‑ and that's part of our work at Access Now, as a non‑profit we work a lot with especially vulnerable groups such as children, religious minorities, sexual minorities, people that may need to be more cognizant and diligent about their digital security, helping people understand why it's important to be secure online.  That's important as well.  We're trying to work on the ground with the data protection authority as well to have the head of the DPA work with schools to teach them how to do that, and also this is another program that I think other multi‑lateral institution are interested in as well so, yeah, definitely something to keep in mind.

>> MODERATOR: Charles?

>> I think I have advice for the businesses again.  I will just end with a small sentence regarding the businesses, they need to take data protection as a very important issue.  Not only by teaching all the people working on that.  Because when you think big, even as a small business, you need to think that you will ‑‑ your market will be worldwide.  So even if you want to deal with Europe, you have to make sure that you comply with the GDPR, when you deal with any other country you will comply with the laws in that thing, even for a small issue, and, again, this is from experience, even like a mailing list, you cannot send like an e‑mail, and as Wafa said, for business we didn't find something wrong because we were even affected by spam and you know all of this.  So even this, although some people didn't like it they can not send let's say more news or marketing material for their clients like before but I think it's better.  So you only send for people who want to receive it, not to make spam everyone's e‑mail about this so even small thing like this is important, thank you.

>> MODERATOR: Thank you very much, Charles.  And I'd like to comment on this competition between royals and technical people.

>> AUDIENCE: (Off mic).

>> MODERATOR: Just mention it.  I don't think that should be something like this because when you write a regulation, it cannot be written by other people than lawyers and law people.  But they will write what the technical people will tell them to write.  They have the technical.

>> AUDIENCE: (Off mic).

>> MODERATOR: Exactly.  So defining the needs is something, writing legislation is another thing.  In Tunisia, I don't feel in Tunisia we have this competition, frankly speaking.

>> AUDIENCE: (Off mic) I wasn't talking about competition, I was talking about ignoring the need to talk together and to work together.  And as ‑‑ continuing on what Charles said, we had these workshop with bank (?) and Arab union for banks and the problem there was even if you look at our bank sector, you know that it is a little bit like Switzerland land, so it is very prosperous, it is very aware of all the compliance issues, but when we need to talk with them about the GDPR, there we had problem convincing them that they are concerned.  That's why I said we do need culture, not only in teaching in schools and universities, wherever, or available people, we need also to go to business.  The most aware sectors of the compliance, international compliance issues needs to understand.

>> MODERATOR: Thank you, Muna.  And for the record, GDPR is not the only regulation about data protection.  There are a lot, and, for example, in Canada there is one, and far before the GDPR.  The problem is not the problem but why the GDPR got this importance, it is because there are fines, very, very big fines for people who don't comply with it and they have an (?) impact.  So this is why the GDPR had this importance, and I think that in the future we have to converge toward a regulation that everyone agrees on and that would be more or less the global regulation about data protection.  I know that there is a big difference between the countries, between people.  There is a conflict of Internet between several people and several countries.  And I think that we need to go toward the public interest more than the private interest.  I mean, the interest of everyone, not the interest of only the business people, not only of the registrants, not only of governments, et cetera.  We need to converge toward global interest and have a regulation that will be, I think, not exactly the same but at least harmonized between all countries.  I hope that this will happen.  If you don't have other questions, we still have time.  Yes, please.

>> AUDIENCE: (Off mic).  I have prepared a study for the league of Arab states on the actual situation of the situation of data protection in the Arab countries.

>> AUDIENCE: (Off mic).

>> AUDIENCE: Yes, definitely it is on the site of the Arab ‑‑ of the league of Arab states, it is on www ‑‑


>> AUDIENCE: Yes, dot, of course.  Well, you let me give you the ‑‑

>> AUDIENCE: (Off mic).

>> AUDIENCE: Yes, it is public, it is public.


>> MODERATOR: OK.  If there is no other questions, I will first thank all our speakers for their very good presentations, and I think that they brought different perspectives, a different point of view about this issue of data protection and also about the development and use by the new technologies, in the MENA region particularly.  And thank you all.  Thank you for remote moderator even if we don't have remote and I'd like to repeat it, this is something we have to highlight and we have to go to the organizers here and tell them that there is something very important missing in this meeting.  And thank you all for attending this discussion, and I hope it was of profit for you.  Thank you.