In the summer of 2020, the Egyptian parliament passed the Personal Data Protection Law, the first law of its kind regulating the use of citizens’ data. In a previous article by Business Forward, we covered the details of the law.
In that article, Business Forward spoke to Moustafa Moharram, founder and chief executive officer of Moharram & Partners, a public policy firm that facilitates discussions between the government and private sector companies on trying to find consensus on policies and regulations.
According to Moharram, the Egyptian parliament drafted the law in consultation with society’s relevant stakeholders, a first for Egypt.
Moharram & Partners facilitated discussions between the government and Big Tech companies including Google, Microsoft, Amazon, Facebook, and Twitter regarding the Personal Data Protection Law.
These discussions included the first public-private dialogue session at the Ministry of Communication and Information Technology, as well as the very first hearing session at the Egyptian parliament for tech companies to provide comments, feedback, and recommendations to the House of Representatives’ ICT Committee.
Business Forward spoke to Moharram at length to give a behind-the-scenes look at how the law came to be and what is currently being discussed.
What were some of the main requests by the private sector in these discussions?
Discussions around data protection are very technical, but generally speaking, the most important thing to know is that a data protection framework is extremely important for Big Tech investment in any country. That’s one of the very first things that a [Big Tech] company looks into before deciding to invest in data centers or even expanding its presence whether in the form of centers for excellence or other types of direct investment. It’s also critical for different technologies that are provided. [The Personal Data Protection Law] is the legal infrastructure for all kinds of data transfers and its regulation is very important for tech companies to make sure that they are complying. At the same time, this law is enabling for tech.
What were the main concerns and/or objections from the government’s side of the discussion?
[It was] three sets of goals. The first one is regulating the use of data and data collection and its processing. This is very important for us as citizens because many are concerned about their data being misused by companies or different entities working in the commercial sphere. Data is personal and is important to be protected from a government perspective.
The other thing that is equally important is the investment component. One of the main objectives behind the initiation of this law was actually to make sure the Egyptian legal regime is complying with the GDPR [General Data Protection Regulation]. The GDPR is the European guidelines for data protection and it was issued in 2018. It was very important for many countries to adapt their legal regimes to be up to the GDPR’s standards. Without adapting your laws to be consistent with the GDPR, it would have been very difficult for Egypt to attract investment and would have restricted the ability of Egyptian companies working in tech to work with their European counterparts. That was a very important consideration.
The third one is that during the past few years we’ve seen increasing interest from the Egyptian government in this idea of Egypt being a regional hub for information and communication technology, as well as [becoming] a data passage. Because of the strategic location of Egypt, data going from [Europe to Africa and Asia would pass through]. Something that comes with this is data centers. Many of the big companies including Google, Microsoft and Amazon own some of the biggest data centers around the world so Egypt is very much interested in being a hub for data centers and a passage for the international flow of data.
Were ethics a big part of the discussions and the details of the law?
Generally speaking, of course, the law is all about the ethical use of data but in technical terms, that’s not how the law expresses it. There was a lot of discussions about what would be considered as consent. One of the main issues of data privacy around the world is you consenting to the use of your data. That’s one of the questions that was extensively discussed between the government and the tech companies, as well as citizens’ rights regarding their data.
Were there any bottlenecks or disagreements during these discussions?
In the initial stage of the discussions there were disagreements between different parties regarding different aspects of the law. Tech companies wanted to make sure that the law was consistent with the GDPR. As we moved along and went for private-public dialogues and as discussions evolved, the good thing was that the parties managed to overcome their differences and reach consensus on the key issues.
It’s important to note that we’ve got a very bad habit in Egypt of not consulting with societal stakeholders before the issuance of laws. This trust is extremely important to be done in a systemic way where stakeholders are to provide comments, feedback and discussions on different laws. This makes the law more practical and executable and actually helps the government in shaping better policies. Also, it helps promote Egypt as an investment destination with big companies and foreign investors.
Were there any small and medium-sized enterprises (SMEs), specifically local ones, involved in the discussions?
That’s a very important question. Big companies were represented in the discussions, as well as some of the industry associations [whose] members are small and medium-sized enterprises, the Chamber of Information Technology and the American Chamber of Commerce. Those discussions were attended by industry associations that made sure to represent everybody.
In my point of view, there wasn’t enough representation of Egyptian startups. [They] are important because they give additional dimensions to the conversation that [should be] taken into consideration. To give you an example, this law provides certain requirements for companies to adhere to. When the law is based on conversations with big companies, usually they have the capabilities and expertise to ensure compliance. This is not always the case when it comes to startups and small companies, which are an important driver of the economy. That’s why [we need] to give them a voice and to make sure that they are heard so as not to be surprised that some of the aspects of this law might harm their business.
What is currently being discussed with regards to the law?
Any law in Egypt [goes through] two main stages. One [is the] law itself which was passed last summer. And then there’s something called the executive regulations. These are basically putting together different operational aspects related to the implementation of the law. The Ministry of Communication and Information Technology is currently discussing and drafting these executive regulations.
Some conversations have started between the [ministry] and different stakeholders. When we started working on the law itself, the process of consultation with the private sector was new to Egypt. This process hadn’t been done in a systematic way before. We’re very happy that now everyone saw the benefit of this exercise. The [ICT ministry] took the initiative this time to invite different stakeholders from the telecoms, tech companies and associations to come and meet them before even drafting the executive regulations. This is an important development related to the culture of policy making in Egypt and how we do things. We’re very proud that in our little way, we were part of this.