CLOSE

Cybercrimes – MENA

  • As access to the internet continues to grow rapidly in the MENA Region, cybercrimes are becoming ever more prevalent and dangerous.

  • However, laws which regulate criminal activity on the internet, or cybercrimes laws, are increasingly providing tools for the state to suppress dissent and the media.

  • Data privacy is starting to attract more widespread attention across the MENA region, with many countries recently passing data protection laws, albeit often containing insufficiently robust privacy protections, with inadequate implementation of safeguards.

  • Concerningly, many cybercrimes have a particularly gendered nature, such as cyberstalking and the non-consensual dissemination of intimate images.

  • There are various practical steps that can be taken to address online harms and ensure that fundamental rights are equally protected both off- and online.

Introduction

The increase in internet access recently has created a number of new legal challenges.  The internet is transnational and ubiquitous, and the new landscape created by the digital world has raised novel challenges when it comes to protecting fundamental rights in the digital age.  Old definitions about what constitutes a publisher or a journalist are increasingly complicated; the anonymity afforded by many internet platforms, while key to fostering freedom of expression in many contexts, can pose challenges in relation to combatting illegal online activities and seeking remedies for victims; and there are serious questions about who is liable for content shared online that may affect parties in different jurisdictions in some way.

Regulating and legislating crimes that occur on, or relate to, the internet has been a difficult undertaking for states and international bodies.  In 2020, global cybercrimes costs were forecast by the research group Cybersecurity Ventures to grow by 15 per cent annually, predicted to reach USD 10.5 trillion annually by 2025.(1)  Without adequate regulatory frameworks and protections, the growth of internet access, e-commerce and economic development may continue to fuel the spread of cybercrime. In the Middle East and North Africa region, where the number of new internet users continues to grow at a rapid rate, the increase in access to the internet and information and communications technologies (ICTs) has also led to increased criminal activity online.  However, laws to regulate criminal activity on the internet are increasingly providing tools for the state to suppress dissent or to punish critics and independent media because of their often vague and overly broad nature.

As far back as 2011, the United Nations (UN) Special Rapporteur on freedom of expression warned:

[L]egitimate online expression is being criminalized in contravention of States’ international human rights obligations, whether it is through the application of existing criminal laws to online expression, or through the creation of new laws specifically designed to criminalize expression on the internet.  Such laws are often justified on the basis of protecting an individual’s reputation, national security or countering terrorism, but in practice are used to censor content that the Government and other powerful entities do not like or agree with.(2)

Unfortunately, the problem has only gotten worse since then.

What is a Cybercrime?

There is no precise, universal definition of the term ‘cybercrime’.  In general terms, it refers to a crime that is committed using a computer network or the internet.(3)  This can cover a wide range of activities, including terrorist activities and espionage conducted with the help of the internet, illegal hacking into computer systems, content-related offences, theft and manipulation of data, and cyberstalking.(4)

Cybercrimes and cybersecurity are two issues that cannot be separated in an interconnected digital environment.  Cybersecurity, or the protection of digital devices, systems and networks against cybercrimes, refers to the collection of “tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets”, such as computing devices, applications and telecommunication systems.(5)

Cybercrimes in international law

The UN General Assembly Resolution on the Creation of a global culture of cyber security states:

Security should be implemented in a manner consistent with the values recognised by democratic societies, including the freedom to exchange thoughts and ideas, the free flow of information, the confidentiality of information and communication, the appropriate protection of personal information, openness and transparency.(6)

The Convention on Cybercrime of the Council of Europe (CETS No.185), known as the Budapest Cybercrime Convention, is the only binding international instrument on Cybercrime.(7)  This Convention is open for adoption by states outside of Europe, and to date, Israel, Morocco and Tunisia are the only three states in the MENA region that are party to it.(8)

Although it has been cited as a ‘benchmark’ by certain participants in current negotiations for a UN convention on cybercrime, the Budapest Convention has been criticised for providing insufficient procedural protections for the rights to freedom of expression and privacy, and for containing superfluous and overbroad content and copyright offences.(9)

Cybercrimes in Domestic Law

Cybercrimes laws have proliferated across states in the MENA region in recent years(10) despite only Israel, Morocco and Tunisia being the only states from the MENA region that are party to the Budapest Cybercrime Convention.(11)

To ensure that cybercrimes laws do not unnecessarily infringe on the fundamental rights to freedom of expression, privacy and access to information, legislation should meet the following criteria:

  • Provide narrow and clear definitions of cybercrimes, well-tailored to advancing legitimate aims and minimally restrictive of freedom of expression and privacy rights.

  • Require proof about the likelihood of harm arising from a given criminal activity.

  • Require the nature of the threat resulting from any criminal activity to be identified.

  • Not introduce different standards for online and offline behaviour unless that behaviour is fundamentally different online.

  • Provide for a public interest defence in relation to the obtaining and dissemination of information classified as secret.

  • As a general principle, not impose prison sentences for expression-related offences, except for those permitted by international legal standards and with adequate safeguards against abuse.(12)

Types of Cybercrimes

Data privacy violations

The use of data, including the volume of cross-border data flows, is increasing every year, and this includes personal data.  However, there is a lack of adequate regulations in many countries for the collection and processing of personal information which can have significant ramifications, making data protection laws critical.  In recent years, increasing attention to the issue of data protection has led to a number of states in the MENA region enacting new privacy laws.(13)  However, many states continue to protect individuals’ privacy only inadequately, especially when it concerns state surveillance activities.(14)

The rise of sophisticated surveillance technologies and the use of biometric technologies without proper safeguards are just some of the many threats to the right to privacy across the MENA region. 

The Israeli High Court of Justice and the ‘al-Munasiq’ App

In 2019, the Israeli Coordination of Government Activities in the Territories (COGAT) (which is the Israeli military’s civil administration are in the Occupied Palestinian Territories) launched the ‘Al-Munasiq’ app to offer Palestinians from the occupied territories access to civil services including applications for stay and entry permits to Israel for work and other purposes. According to the terms of the use of the app, Palestinian users are required to consent to the collection and use of their data “for any purpose, including for security purposes”,(15) including geolocation data, messages and files stored on the phone and access to the camera. The Israeli civil society rights organisation HaMoked applied to the High Court of Justice of Israel claiming that the app violated the users’ right to privacy and dignity under Israeli and international law.

The Court dismissed the petition on the grounds that actual harm had not been proven, and it is unclear if it would have decided otherwise if actual harm had been proven.(16) Israel since stated that it would change the app to stop forcing Palestinian labourers who need it to cross the border to give access to the data stored on their phones.

Court practice on the overreach of cybercrimes legislation in the face of wide-ranging surveillance powers without protecting individuals’ rights to their privacy and data is yet to be fully tested in courts in the MENA region.

In Mustafa vs. Minister of Interior and Minister of Finance (Egypt, 2017), the Administrative Court of Egypt was asked to rule on whether the Minister of Interior had a right to surveil social media. The Court ultimately dismissed the matter on the grounds that the applicant did not evidence a direct personal interest or potential harm to himself in this case.(17)

The recognition at the national level of a right to privacy and its extension to the digital realm follows the rapid growth in adoption of data protection legislation around the world since the entry into force of the European Union’s General Data Protection Regulations (GDPR) in 2018.  The GDPR has set a new standard for the protection of personal data online and has served as a template for numerous other countries’ legislation.  The California Consumer Privacy Act (CCPA) likewise has sweeping rules regarding consumers’ rights to know what personal information is being collected from them, to request deletion of their data, and to opt out of data collection.(18)  Because of its application to the technology sector of Silicon Valley, the CCPA has also been lauded for advancing the state of data protection globally.(19)

Criminalisation of online speech

Cybercrimes legislation often seeks to deal with a wide range of illegal or harmful content that is posted online.  This may include incitement to terrorism, hate speech, sexually explicit content such as child pornography, and content which breaches intellectual property rights.(20) This is often the area in which such legislation conflicts most severely with the right to freedom of expression and the right to information.  Any restrictions on these rights must meet the requirements listed under Article 19(3) of the ICCPR: namely that restrictions be provided by law and necessary for one of the exhaustive list of legitimate purposes (to respect the rights or reputations of others or protect national security or of public order, or of public health or morals). In 2011, the UN Special Rapporteur on Freedom of Expression listed the following examples of kinds of expression the restriction of which would fall under these legitimate purposes: (a) child pornography; (b) direct and public incitement to commit genocide; (c) hate speech; (d) defamation; and (e) incitement to discrimination, hostility or violence.(21) 

Even legislation that does criminalise these forms of expression needs to be precise, have adequate and effective safeguards against abuse or misuse in order to meet the requirements of legality and necessity. For example, in the case of restrictions on child pornography, the Special Rapporteur noted that the safeguards should include oversight and review by an independent and impartial tribunal or regulatory body.(22)  In 2018, the Special Rapporteur stated: “Broadly worded restrictive laws on “extremism”, blasphemy, defamation, “offensive” speech, “false news” and “propaganda” often serve as pretexts for demanding that companies suppress legitimate discourse.”(23)

Criminalisation of online speech can occur through the application of cybercrime legislation or through the application of non-internet-specific criminal provisions.  A 2019 report on ‘Cybercrime Laws in Arab Countries’ concluded:

There is a lack of legislative discipline in terms of “the generality” of criminalisation in many Arab  laws in a way that may allow the expansion of the provisions of the criminalisation and punishment beyond what the legislator intended. (24)

For more on the criminalisation of online speech, see Module 3 of Media Defence’s Advanced Modules on Digital Rights and Freedom of Expression Online.

Cyberstalking and online harassment

Online harassment is becoming increasingly prevalent with the spread of social media, which can provide especially fertile ground for it.  Cyberstalking is undue harassment and intimidation through electronic communications, such as text messages, phone calls or social media posts, and it can severely restrict the enjoyment by the victims of their rights online, particularly if they come from vulnerable and marginalised groups, including women and members of sexual minorities.  Research has shown that online harassment is often focused on personal or physical characteristics, with political views, gender, physical appearance and race being among the most common.(25)  Furthermore, women encounter sexualised forms of online harassment at much higher rates than men.(26)

A worrying new trend: non-consensual dissemination of intimate images

A particular form of online harassment that has emerged as a concerning new trend is the non-consensual public sharing online of private and sexually explicit images, mostly of women, often by former partners in retaliation for a break-up or other falling out, or for the purposes of extortion, blackmail or humiliation.  However, the cybercrimes legislation in only a few countries specifically provides for offences related to non-consensual dissemination of intimate images (NCII), often leaving victims with insufficient recourse against perpetrators due to gaps in legal protection.

Morocco promulgated Law 103.13 concerning Combating Violence Against Women in 2018.

An important aspect of the new law was that Art. 503(1)(1) of the law expanded the Moroccan Penal Code’s definition of sexual harassment to incorporate written messages by phone or any other electronic device, recordings, and procurement or creation of images of a sexual nature for sexual purposes. Article 447(2) of the law also criminalises the distribution of another’s messages and photos without prior consent and the dissemination of false allegations aimed at harming or defaming someone’s private life by any means, including digital tools.(27)

 

The importance of a name

 

The non-consensual dissemination of intimate images is often referred to as ‘revenge porn’.  However, activists and researchers have universally rejected the term as being misleading.(28)  Firstly, the word ‘revenge’ implies that the victim has committed a harm worth seeking revenge for. Secondly, ‘porn’ conflates the practice with the consensual production of content for mass consumption, which NCII decidedly is not.  Thirdly, the term “repackages an age-old harm as a new-fangled digital problem,” belying the long history that exists of images of women being distributed non-consensually across a range of mediums.(29) Lastly, the term oversimplifies the offence by ignoring a range of aggressors and motivations and invoking a moralist reaction against the victim.(30)

Ongoing harassment and attacks on members of the media have also become a particularly worrying trend.

Cyberbullying

It is also worth noting that the crime of cyberbullying, which is the sending of intimidating or threatening messages, often via social media, and which is prevalent among children and young adults.  According to the United Nations Children’s Fund (UNICEF):

[Cyberbullying] can take place on social media, messaging platforms, gaming platforms and mobile phones.  It is repeated behaviour, aimed at scaring, angering or shaming those who are targeted.  Examples include:

(a) spreading lies about or posting embarrassing photos of someone on social media;

(b) sending hurtful messages or threats via messaging platforms;

(c) impersonating someone and sending mean messages to others on their behalf.

Face-to-face bullying and cyberbullying can often happen alongside each other.  But cyberbullying leaves a digital footprint — a record that can prove useful and provide evidence to help stop the abuse.(31)

The scale of the problem is significant and growing.  A study by UNICEF and the UN Special Representative of the Secretary-General (SRSG) on Violence against Children found that one in three young people in 30 countries reported being a victim of online bullying.(32)

Adequate legislation to penalise cyberbullying in the MENA region is sorely lacking, with the number of instances on the rise and with current legislation outdated or insufficient to protect against it and to hold perpetrators accountable.(33) In some cases, cyberbullying is determined under provisions of the Cybercrimes laws related to extortion, such as in the United Arab Emirates, but this is obviously inadequate protection where extortion is not demanded. Article 42 of the Federal Decree-Law No. (34) of 2021 On Countering Rumors and Cybercrimes of the United Arab Emirates states that a perpetrator of an action that could be considered to be extortion ‘shall be punished by imprisonment for a period of two years at most and a fine not less than AED 250,000 and not in excess of AED 500,000, or either of these two penalties’. Accordingly, threatening to bully someone unless money is received may lead to severe penalties – the act of bullying does not have to occur, it can simply be threatened. As stated above, this is inadequate in the sense that extortion must be the objective and cyberbullying on its own is not criminalised.(34)

Other violations

The Budapest Convention on Cybercrime defines the following types of cybercrimes:

  • Illegal access to a computer system;
  • Illegal interception;
  • Data interference;
  • System interference;
  • Misuse of devices;
  • Computer-related forgery;
  • Computer-related fraud;
  • Child pornography;
  • Offences related to infringements of copyright and related rights.(35)

Although these definitions date to 2001, much of what constitute cybercrimes today is still covered by these categories and provisions.

States in the Middle East and North Africa region have experienced rapid growth in access to the internet in recent years. This increased digitalisation of society has afforded increased opportunities for citizens to exercise their rights to freedom of expression and to information. However, with increasing digitisation also come new security threats and, in turn, new rights concerns raised by many states’ approaches to emerging threats.  

At the national level, across the Middle East and North Africa, governments have adopted new cybercrimes legislation, often to keep pace and continue to protect against crimes committed online. Initially, this was seen as a positive step towards widening digital rights after the Arab Spring Protests in 2011, with the introduction of constitutional amendments that sought to address the widening of rights as compared with the curtailment of rights under autocratic regimes.  However, many States in the region have experienced backsliding with many of the amendments being undone, reversed, or merely cosmetic, with newer laws overriding the initial positive developments. While the adoption of cybercrime laws has been important and useful in theory, the lack of compliance with obligations under international treaties and conventions has meant that the rights and protections have not been fully realised, largely owing to judicial institutions that lack full independence and a judicial tradition that is rather literalist and conservative in its rights-based jurisprudence.

As a result, cybercrimes legislation is increasingly being used to unjustly regulate internet content as well, including undesirable criticism or dissent. Access Now notes that one of the main concerns about the plethora of laws that are currently being enacted to regulate cybercrimes is that many of them lack clear definitions and are susceptible to being used to over-regulate online content and restrict freedom of expression.(36)  This is a growing concern among human rights defenders as many have been subjected to a wave of arrests and convictions in what is an escalating assault on freedom of expression using cybercrime laws.  Many of the laws are vague and overbroad and lack clear definitions, leaving them open to arbitrary and subjective interpretations.  Some common examples of overbroad provisions are those that criminalise spreading false information or harming national unity.

Steps to Take in Response to Online Harms

This section lays out practical approaches to dealing with various online harms.

  • Tell the story and engage in advocacy.  While ensuring that the identity of the victim or survivor is fully protected, identify the online harms which were committed and brief the press and start an advocacy campaign. Too often, reporting is limited on online harms, which enables these practices to grow.

  • Consider domestic legal challenges.  Many cybercrimes laws in the Middle East and North Africa arguably breach fundamental rights and freedoms, especially in their vagueness and generality.  In such cases, recourse to the courts may provide relief, especially in constitutional democracies.

  • Approach UN mechanisms.  In cases where cybercrimes legislation is being used to unjustly violate rights and freedoms, and domestic courts have been unwilling to provide an adequate remedy, impacted individuals or groups may consider whether they can file an individual complaint with a competent international treaty body, such as the UN Human Rights Committee.  For residents of states which have not recognised a relevant UN treaty body’s jurisdiction over individual complaints, individuals may still seek to raise their concerns through communications to UN special rapporteurs or, in the case of arbitrary detentions under cybersecurity legislation, with the UN Working Group on Arbitrary Detention. (For more on UN Mechanisms, see Module 11 of this course.)

Consider obtaining an interdict/injunction or harassment order.  A harassment or protection order can be an inexpensive civil remedy which can be useful in cases where the behaviour may not constitute a crime but may impact negatively on the rights of a person.  The order prohibits a person from harassing another person, and breaching it constitutes an offence, which is usually punishable by a fine or a period of imprisonment.  Many anti-harassment acts include bullying and cyberstalking. As a comparative example, Singapore’s Protection from Harassment Act includes certain cybercrimes, such as ‘doxxing’ (the publication of personal information or images with the intention of harassing or causing violence).(37)

Report behaviour to the relevant platform that was used.  Most social media platforms have mechanisms for reporting illegal or unethical behaviour, which may result in content being taken down or action taken against the offending user.  It may help to review the relevant platforms’ terms of use prior to reporting to identify the most salient term or condition that has been violated.(38)

Conclusion

Although the rise of cybercrimes must be addressed, the growing trend of using cybercrimes legislation to clamp down on dissent and the freedom of expression is deeply concerning.  While the internet is a rapidly evolving space, legislation can and should be designed to include specific protections against online harms both at an individual level, such as cyberbullying, cyberstalking, and at a societal level, such as regulating the flow and use of personal data.  In doing so, there is a need for countries in the MENA region to ensure that any initiatives are compliant with their obligations in international law and with international human rights standards, including not unjustifiably restricting freedom of expression and privacy rights.  Here, the need for better jurisprudence on appropriately determining proportionality in the restriction of rights is urgent, especially since many cybercrime laws are effectively used to unjustifiably restrict the freedom of expression. Social media companies also have a role to play in ensuring that their platforms are not used for the distribution of illegal and harmful content.  In addition, governments, internet companies and civil society have a role to play in increasing digital literacy, in particular knowledge of available means to enhance the security of online communications. 

  • 1. Global News Wire, ‘Cybercrime To Cost The World $10.5 Trillion Annually By 2025’ (2020) (accessible at: https://www.globenewswire.com/news-release/2020/11/18/2129432/0/en/Cybercrime-To-Cost-The-World-10-5-Trillion-Annually-By-2025.html).
  • 2. United Nations General Assembly, Human Rights Council, 17th Session, ‘Report of the Special Rapporteur on freedom of expression’ at p. 10 (2011) (accessible at: https://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf).
  • 3. Article 19, ‘Freedom of Expression and ICTs: overview of international standards’ at p. 25 (2018) (accessible at: https://www.article19.org/wp-content/uploads/2018/02/FoE-and-ICTs.pdf).
  • 4. Id
  • 5. ITU Definition of Cybersecurity, (accessible at: https://www.itu.int/en/ITU-T/studygroups/2013-2016/17/Pages/cybersecurity.aspx).
  • 6. UN General Assembly, Fifty-seventh session, ‘Resolution on the Creation of a global culture of cyber security, at p 3 (accessible at: https://digitallibrary.un.org/record/482184?ln=en).
  • 7. Council of Europe, ‘Budapest Convention and Related Standards’, (accessible at: https://www.coe.int/en/web/cybercrime/the-budapest-convention).
  • 8. Council of Europe, ‘Parties/Observers to the Budapest Convention and Observer Organisations to the T-CY’ (https://www.coe.int/en/web/cybercrime/parties-observers?wpisrc=nl_cybersecurity202).
  • 9. See Article 19’s briefing, ‘The Council of Europe Convention on Cybercrime and the First and Second Additional Protocol’ (2022) (accessible at: https://www.article19.org/wp-content/uploads/2022/06/Budapest-Convention-analysis-May-2022.pdf).
  • 10. Cybercrimes Laws are promulgated in: Algeria (Law No. 09-04, 2009: https://sherloc.unodc.org/cld/uploads/res/document/journal-officiel-aout-2009_html/Journal_officiel_Aout_2009.pdf); Bahrain (Legislative Decree No. 28 of 2002 on Electronic Transactions: https://cyrilla.org/api/files/1588685951956vq7j5tpaitp.pdf); Egypt (Law No. 175 of 2018 regarding Anti-Cyber and Information technology Crimes: https://natlex.ilo.org/dyn/natlex2/natlex2/files/download/108464/175-2018.pdf); Iraq (Draft bill on Cyber Combatting Crimes: https://menarights.org/sites/default/files/2020-11/New%20version_CyberCrimeDraftLaw%282%29.pdf); Jordan (Law No. 17 of 2023 on Cybercrimes: https://www.josa.ngo/publications/33); Kuwait (Law No. 63 of 2015 Regarding Anti-Information technology Crime: https://www.moj.gov.kw/EN/NPCPTP/Legislations/Law63-2015.pdf); Lebanon (Law No. 81 Relating to Electronic Transactions and Personal Data: https://smex.org/wp-content/uploads/2018/10/E-transaction-law-Lebanon-Official-Gazette-English.pdf); Libya (Law No. 5 of 2022 on Combatting Cybercrimes: https://lawsociety.ly/legislation/%d9%82%d8%a7%d9%86%d9%88%d9%86-%d8%b1%d9%82%d9%85-5-%d9%84%d8%b3%d9%86%d8%a9-2022-%d9%85-%d8%a8%d8%b4%d8%a3%d9%86-%d9%85%d9%83%d8%a7%d9%81%d8%ad%d8%a9-%d8%a7%d9%84%d8%ac%d8%b1%d8%a7%d8%a6%d9%85-%d8%a7/); Mauritania (Law No. 2016-007 on Cybercrime: https://mtnima.gov.mr/sites/default/files/loi_2016_-_007_relative_la_cybercriminalite.pdf); Oman (Royal Decree No. 12 of 2011 Issuing the Cybercrime Law: https://www.mtcit.gov.om/ITAPortal/Data/English/DocLibrary/FID20114117574666/Royal%20Decree%20No%20122011%20-%20Issuing%20the%20Cyber%20Crime%20Law.pdf); Palestine (Law Decree No. 10 of 2018 on Cybercrime: https://security-legislation.ps/wp-content/uploads/sites/4/2021/07/Law-by-Decree-No.-10-of-2018-on-Cybercrime.pdf); Qatar (Cybercrime Prevention Law, No. 14 of 2014: https://www.cra.gov.qa/-/media/System/F/5/5/8/F55881326A3857EEA2FDC4ECD9E188E0/2014-Law-No-14-Cybercrime-Prevention-Law-unofficial-translation-EN.ashx); Saudi Arabia (Anti Cybercrime Law 2007: https://laws.boe.gov.sa/BoeLaws/Laws/LawDetails/25df73d6-0f49-4dc5-b010-a9a700f2ec1d/2); Syria (Online Communication and Combating Cybercrime Law No. 17 of 2012: https://cyrilla.org/api/files/1518438172414prkgh7nkh4btvulp7zj8aor.pdf); Sudan (Cybercrime Law 2020, amending the Cybercrime Law 2018); Tunisia (Decree-Law No. 54 of 2022 on Combatting Crimes related to Information and Communication Systems: https://www.carthage.tn/sites/default/files/public/%D9%85%D8%B1%D8%B3%D9%88%D9%85%20%D8%B9%D8%AF%D8%AF%2054%20%D9%84%D8%B3%D9%86%D8%A9%202022.pdf): UAE (Federal Decree-Law No. 34 of 2021 on Countering Rumours and Cybercrimes).
  • 11. Parties/Observers to the Budapest Cybercrime Convention: https://www.coe.int/en/web/cybercrime/parties-observers. Israel has several laws that cover electronic crimes, but no specific Cybercrime Law.
  • 12. Media Defence, ‘Training manual on digital rights and freedom of expression online, at pp 62 (2020) (accessible at: https://www.mediadefence.org/resource-hub/resources/media-defence-training-manual-on-digital-rights-and-freedom-of-expression-online/).
  • 13. For an overview of regional developments in this context, see GSMA’s ‘Data Privacy Frameworks in MENA: Emerging Approaches and Common Principles’ (June 2019), here: https://www.gsma.com/about-us/regions/middle-east-and-north-africa/wp-content/uploads/2019/06/GSMA-Data-Privacy-in-MENA-Full-Report.pdf
  • 14. Israel tells court would stop forcing Palestinian laborers to give access to phone data’. Haaretz. May 15, 2020. https://www.haaretz.com/middle-east-news/palestinians/.premium-over-50-000-palestinians-forced-to-give-phone-data-to -israel-1.8844580
  • 15. ‘Israel tells court would stop forcing Palestinian laborers to give access to phone data’. Haaretz. May 15, 2020. https://www.haaretz.com/middle-east-news/palestinians/.premium-over-50-000-palestinians-forced-to-give-phone-data-to -israel-1.8844580
  • 16. Decision of the Israeli High Court, 17 May 2020 – not available publicly. https://hamoked.org/document.php?dID=Updates2175
  • 17. Mustafa Hussein Hassan Mustafa vs. Ministers of Interior and Finance. Administrative Court, Egypt. 28 February 2017.
  • 18. Forbes, ‘California Begins Enforcing Broad Data Privacy Law – Here’s What You Should Know’ (2020) (accessible at: https://www.forbes.com/sites/siladityaray/2020/07/01/california-begins-enforcing-broad-data-privacy-law---heres-what-you-should-know/?sh=1279e683de5c).
  • 19. The Guardian, ‘California's groundbreaking privacy law takes effect in January. What does it do?’ (2019) (accessible at: https://www.theguardian.com/us-news/2019/dec/30/california-consumer-privacy-act-what-does-it-do).
  • 20. Article 19, ‘Freedom of Expression and ICTs’ (2018) (accessible at: https://www.article19.org/wp-content/uploads/2018/02/FoE-and-ICTs.pdf).
  • 21. United Nationals Special Rapporteur on the Right to Freedom of Opinion and Expression, Frank La Rue, (2011) para 25 (accessible at: https://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf).
  • 22. Id. at para. 71.
  • 23. United Nations Special Rapporteur on the Right to Freedom of Opinion and Expression, (2018) para 13 (accessible at: https://freedex.org/wp-content/blogs.dir/2015/files/2018/05/G1809672.pdf.)
  • 24. Shqair, Yahya. Cybercrime Laws in Arab Countries Focus on Jordan, Egypt and the UAE (2019), p. 53. https://en.arij.net/wp-content/uploads/sites/3/2019/12/Cyber-Crime-Laws-in-the-Arab-world-Policy-paper-by-ARIJ.pdf. See also: ‘Cybercrime Legislation in the GCC Countries: Fit for Purpose?’ (2023), Chatham House.
  • 25. Pew Research Center, ‘Online harassment 2017, (2017), (accessible at: https://www.pewresearch.org/internet/2017/07/11/online-harassment-2017/).
  • 26. Id.
  • 27. See: ‘Spaces of Violence and Resistance: Women’s Rights in the Digital World (2021), EuroMed Rights. https://euromedrights.org/wp-content/uploads/2021/06/Online-gender-violence-in-MENA-region.pdf, and La Réponse Du Secteur De La Justice Aux Violences Faites Aux Femmes Au Maroc (2023). https://www.dcaf.ch/sites/default/files/publications/documents/VAW-morocco_FR.pdf
  • 28. GenderIT, ‘"Revenge Porn": 5 important reasons why we should not call it by that name’ (2019) (accessible at: https://www.genderit.org/articles/5-important-reasons-why-we-should-not-call-it-revenge-porn).
  • 29. Id
  • 30. Association for Progressive Communications, ‘Online gender-based violence: A submission from the Association for Progressive Communications to the United Nations Special Rapporteur on violence against women, its causes and consequences’ (2017) at p.21 (accessible at: https://www.apc.org/sites/default/files/APCSubmission_UNSR_VAW_GBV_0_0.pdf)).
  • 31. UNICEF, ‘Cyberbullying: What is it and how to stop it’ (accessible at: https://www.unicef.org/end-violence/how-to-stop-cyberbullying).
  • 32. UNICEF, ‘UNICEF poll: More than a third of young people in 30 countries report being a victim of online bullying’ (2019) (accessible at: https://www.unicef.org/press-releases/unicef-poll-more-third-young-people-30-countries-report-being-victim-online-bullying).
  • 33. ‘Cyberbullying on the rise in Yemen’, 11 April 2024. Al-Aghbari, I., Carnegie Endowment. https://carnegieendowment.org/sada/2024/04/cyberbullying-on-the-rise-in-yemen?lang=en
  • 34. Federal Decree-Law on Countering Rumors and Cybercrimes (2021), https://uaelegislation.gov.ae/en/legislations/1526
  • 35. Council of Europe, ‘The State of Cybercrime Legislation in Africa – an Overview’ at p. 2 (2015) (accessible at: https://rm.coe.int/16806b8a79) at p 3.
  • 36. Access Now, ‘When “cybercrime” laws gag free expression: stopping the dangerous trend across MENA’ (2018) (accessible at: https://www.accessnow.org/when-cybercrime-laws-gag-free-expression-stopping-the-dangerous-trend-across-mena/).
  • 37. See Singapore Legal Advice, ‘Guide to Singapore’s Protection from Harassment Act (POHA)’ (2022) (accessible at: https://singaporelegaladvice.com/law-articles/singapore-protection-harassment-act/).
  • 38. Complaints platforms are available: Facebook: https://www.facebook.com/help/263149623790594; Instagram: https://help.instagram.com/192435014247952; Twitter: https://help.twitter.com/en/rules-and-policies/twitter-report-violation#:~:text=Open%20the%20profile%20you'd,the%20issue%20you're%20reporting; YouTube: https://support.google.com/youtube/answer/2802027?co=GENIE.Platform%3DAndroid&hl=en-GB; and TikTok: https://support.tiktok.com/en/privacy-safety/report-inappropriate-content-default.