The Digital ID Landscape in the GCC: A Mapping of Programs, Regulations, and Human Rights Risks [Report 2021]

This report analyzes the implementation of digital ID systems in countries of the Gulf Council Cooperation (GCC), also referred to in this report as the “Gulf”. The GCC is an intergovernmental political and economic union made up of Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and The United Arab Emirates. The purpose of this report is to map the different digital ID initiatives in the Gulf and their impacts on privacy and human rights. It is an initial step of a larger research SMEX is aiming to map digital ID across the broader Arab region. This report is specifically focused on Digital ID systems as promulgated by multiple UN agencies.

It begins by generally explaining what Digital ID programs are and the standards and best practices needed that allow them to work safely and with consideration for individuals’ rights. It draws upon these standards to compare it to the reality of implementation in the Gulf.

The report sets out the key authorities and service providers in each country and compiles all relevant legislation surrounding electronic transactions, personal data, right to privacy, government surveillance, and cybercrime and cybersecurity to map the regulatory landscape of digital ID in these countries (Chapter 3). The legislation was then analyzed, and legal and regulatory shortcomings were outlined in the next chapters. In Chapter 4, we explain how existing legal frameworks are falling short of protecting data processed by digital ID systems and adequately providing users with remedy mechanisms. In Chapter 5, we look at the data collected by (digital) identification systems in the Gulf and identify and analyze measures to ensure privacy of the data and user rights over the data. Chapter 6 identifies (potential) implications for the right to non-discrimination.

Methodology 

We conducted desk research to collect information and data to map the different digital ID systems in the GCC, relevant legislation and regulations and how they compare to existing international best practices and standards. In the first step of primary data collection, information on digital ID programs in each GCC country were collected: authorities that initiated or implemented them, service providers involved in their rollout, relevant regulations and laws, types of data collected by the systems, user rights to access and control their data, security features and measures, forms of oversight over the data and and any documented cases or potential implications for human rights.

A review and a quality control were then conducted to improve and expand the collected information to include oversight over ID, relevant cybercrime legislation and cybersecurity strategies and legislations and practices that enable or exclude marginalized groups in identification systems (such as stateless people and people living with disabilities). A review of existing standards and best practices for digital identification systems was also conducted, which helped us identify shortcomings in digital ID systems in the GCC and draft this report.

The Digital ID Landscape In the GCC 1

This page is available in a different language العربية (Arabic) هذه الصفحة متوفرة بلغة مختلفة

SMEX

SMEX is a registered Lebanese NGO that works to advance self-regulating information societies in the Middle East and North Africa.