Across the Middle East and North Africa (MENA), data protection legislation is still in its infancy, and it remains a low priority in countries where data protection laws are either very weak or non-existent. Nevertheless, governments have been quick to introduce proposals for use of technology that are data-heavy, such as national digital identity programs, biometric passports, and e-health services, disregarding how technology can be used to infringe citizens’ privacy or exploit their personal data. Where data protection laws do exist, enforcement is problematic. National security agencies often enjoy unrestricted access to citizens' personal data, and private companies exploit and sell this information for profit without users’ knowledge or consent.

In this report, the authors explore these issues and propose safeguards and policy recommendations for those involved in the collection and processing of personal data: governments, private companies, and international aid organisations. Jordan, Lebanon, Palestine and Tunisia are the countries of focus.