The Technology, Media and Telecommunications Review: Egypt

Overview

The technology, media and telecommunications (TMT) sector in Egypt has been governed exclusively by the Telecommunications Law No. 10 of 2003 (the Telecommunications Law) for nearly two decades. However, the vast increase in the use of information technology, coupled with Egypt's plan to build a comprehensive digital presence, led Egypt to introduce a number of technology-related laws that will revolutionise the TMT sector.

In addition, with the covid-19 pandemic, minimising social contact has become a necessity and working from home and e-learning part of our 'new normal'. It has therefore become a priority to develop and enhance the telecommunications infrastructure.

Regulation

i The regulators

There are three main authorities regulating telecommunications, media and IT services in Egypt:

  1. The National Telecom Regulatory Authority (NTRA) was established by the Telecommunications Law and is subordinate to the Minister of Communications and Information Technology. The NTRA is responsible for regulating and monitoring the telecommunications sector. It ensures open competition, the protection of consumers and national security, and the implementation of universal telecommunications services. The NTRA is the only authority that has the power to issue licences and permits for constructing and operating any activity related to the telecommunications sector. The NTRA comprises of various bodies, including but not limited to, the Frequency Regulation Committee and the Egyptian Computer Emergency Readiness Team (EG-CERT). The EG-CERT was established in 2009 and is responsible for providing computer and information security incident support, defence against and analysis of cyberattacks.
  2. The Data Protection Centre (the Centre), subordinate to the Minister of Communications and Information Technology, is yet to be established in accordance with the provisions of the new Personal Data Protection Law No. 151 of Year 2020 (the Data Protection Law).2 The Centre will be mainly responsible for monitoring compliance with the Data Protection Law. The Centre will have the powers to issue licences, permits and accreditations for regulated activities and persons as well as investigating controllers3 and processors4 and to issue administrative sanctions.
  3. The Supreme Council for Media Regulation (SCMR), established by Law No. 92 of 2016 which was later amended by the Media and Journalism Law No. 180 of 2018 (the Media and Journalism Law), is an independent body responsible for regulating the media sector. The SCMR aims to guarantee the freedom of journalism and media while ensuring an environment of free competition.

The main sources of law

For a long time, the prevailing legislation regulating the telecommunications and information technology sector in Egypt was the Telecommunications Law adopted in 2003.

With the technological revolution that Egypt has witnessed these past few years, new laws were adopted to keep up with global changes. The Cyber and Information Technology Crimes Law No. 175 of 2018 (the Cybercrimes Law) was enacted along with its Executive Regulations5 to regulate internet activity and to prevent any crimes that might be committed via the internet.

Moreover, the Data Protection Law was adopted in August 2020 marking the first law in Egypt specifically dedicated to the regulation of personal data6 collection, retention, processing and transferring.

Finally, the media and journalism sectors are regulated by the Media and Journalism Law and its Executive Regulations7 regulate media and broadcasting activities in Egypt.

ii Regulated activities

Telecommunications sector

The Telecommunications Law regulates any type of telecommunications services.

Most telecommunications activities require a licence from the NTRA, which offers four different categories of licences that vary depending on the service:

  1. fixed services licences;
  2. wireless services licences;
  3. international services licences; and
  4. licences to construct, operate and lease infrastructure for telecom networks.

To this end, the applicant must submit an application to the NTRA containing all the necessary requirements (each licence or application consists of different requirements). After reviewing the application, the NTRA, if satisfied, gives its approval within 90 days.

Technology

The Cybercrimes Law regulates the activities of service providers, which are defined as 'any natural or legal person that provides users with informational technology and telecommunication services and includes those who process or store the information by themselves or their representatives in any of such services or information technology'.8 The required licences for these types of activities are the same as those for operating a telecommunications service or processing personal data.

Moreover, the Data Protection Law regulates the electronic processing of personal data whether partially or entirely by any recipient, controller or processor. In order to collect, store and process personal data, controllers and processors must obtain licences,9 permits10 or accreditations11 from the Centre. After receiving the application, the Centre has 90 days to issue its final decision.

The yet to be issued executive regulations of the Data Protection Law will specify the exact types, categories and levels of these licences, permits and accreditations, the procedures, as well as the conditions of their issuance and their scope of application, in exchange for fees that will range between 500,000 Egyptian pounds (permits and accreditations) and 2 million Egyptian pounds (licences).

Media sector

The authorisations in the media sector are subject to the provisions of the Media and Journalism Law. On the one hand the SCMR must be notified of any person, entity, or corporation willing to establish a newspaper or a website proposing journalistic content. However, on the other hand a licence is required for establishing media outlets or a website containing media content from the SCMR. The SCMR must issue its decision within 90 days from the day the application is submitted and if no decision is issued, the application is deemed rejected.

iii Ownership and market access restrictions

Article 3 of Law No. 72 of 2017 (the Investment Law) ensures foreign investors are granted the same treatment as nationals with regard to their investments in Egypt. Therefore, companies established in Egypt can be wholly owned by non-Egyptian shareholders except (1) those operating in the Sinai Peninsula; (2) in specific industries where certain national protections are offered, such as the export-import, commercial agency and media12 legislation. In addition, activities relating to telecommunications in general are subject to extensive regulatory and security screening prior to the issuance of the required governmental approvals. For example, in 2020, the General Authority For Investment and Free Zones (GAFI), announced that companies having media and advertising activities as one of their objectives, will be required to obtain authorisations from national security authorities (in addition to the customary national security clearance required from all founders of companies in Egypt). Furthermore, foreign investors can be subject to different regulations if they are investing in Egyptian free zones.

More so, with the adoption of the Data Protection Law, foreign controllers and processors subject to the provisions of this law, are required to appoint a representative in Egypt to serve as the point of contact with the Data Protection Centre.

iv Transfers of control and assignments

In principle, licences awarded by the NTRA cannot be transferred to another entity unless authorised by the NTRA. In principle and in accordance with the conditions set by the NTRA's board of directors, licences awarded by NTRA cannot be transferred to another entity unless authorised by the NTRA.13

On the other hand, all mergers and acquisitions transactions are subject to the review of the Egyptian Competition Authority if the companies involved in the transaction have an annual turnover exceeding 100 million Egyptian pounds.14 Furthermore, if the transaction concerns a transfer of shares over 20 million Egyptian pounds, the Egyptian stock exchange pricing committee should be notified. The procedure for review can vary depending on the type of companies involved in the transaction or the sector and there is no specific timing for reviewing such transactions as it varies from case to case.

Furthermore, licensed media companies are restricted from transferring licences, whether partially or entirely, or entering into any merger or acquisition without the SCMR's prior written authorisation.15

Telecommunications & internet access

i Internet and internet protocol regulation

Fixed services licences

Internet and telephony services are governed by the Telecommunications Law and these services cannot be provided to the public freely. Entities wishing to provide these services are required to obtain a licence from the NTRA pursuant to Article 21 of the Telecommunications Law. The NTRA is the only authority that can issue such licences and has the powers to determine its requirements according to Article 22 of the Telecommunications Law.

As previously mentioned, the NTRA is entitled to award four different categories of licences: (1) fixed services licences; (2) wireless services licences; (3) international services licences; and (4) licence to construct, operate and lease infrastructure for telecom networks. For the purpose of this section, we will be discussing the fixed services licences.

A fixed services licence comprises two sub-categories, one for telephony services (i.e., landline service licences) and one for internet services (i.e., data services licences). These licences differ in scope. Landline service licences give the licencee the right to set up and establish the core infrastructure of telecom networks, to offer fixed local and international telephony services as well as fax (this licence is only awarded to Telecom Egypt (TE))16 or to provide a fixed service using the core infrastructure of licences to set up and establish the infrastructure of telecom networks.17

Whereas data services licences give the licencee the right to set up, manage and operate the core infrastructure necessary for offering internet services only and does not include the right to offer voice telephony services.

Prospective licencees are generally required to submit an application to the NTRA18 containing:

  1. a detailed description of the company;
  2. relevant documents showing that the applicant has relevant experience in the field of establishing or operating telecommunication networks;
  3. a detailed business plan and feasibility study; and
  4. information showing that the applicant has adequate financial capacity and solvency to carry out all the terms, conditions and obligations set forth in the licence.19

Where the NTRA is satisfied with the project, it will issue its decision within a period not exceeding 90 days from the date the applicant submitted all requested documents to the NTRA, otherwise the application shall be considered rejected.20 This approval also includes the terms and conditions thereof that may vary from one service to another. However, in general, the licencee must provide the service to users without any discrimination, abide by the service quality and efficiency standards, and comply with all sanitary, environmental, planning and construction safety regulations, among other things.

Sub-sea cables

Sub-sea cables are becoming increasingly important to Egypt's telecommunications sector. Through its state-owned TE, the country launched various projects to accommodate and construct the required infrastructure for sub-sea cables passing through Egypt.21 In order to be able to operate sub-sea cables, entities must obtain a submarine cable network licence.

This type of licence requires further licensing obligations. Notably the applicant must:

  1. form a consortium which includes one or two entities that hold a submarine cable network licence in Egypt and a regional or international operator;
  2. provide all technical descriptions regarding the submarine cables, landing points and the description of the infrastructure that will be constructed and operated;
  3. comply with the environmental regulations, national security, the safety at sea, the seashore protection, the offshore petroleum structures and pipelines and any other infrastructure in the Egyptian territorial waters;
  4. commit to paying an appropriate financial security as determined by the NTRA; and
  5. commit to making the required upfront payment as well as the annual licensing fees, the royalty fees and the right-of-way fees to the NTRA.

That said, only TE has obtained such a licence, which was issued for the purposes of 'building and operating submarine fiber-optic cables, landing stations and [establishing a] right of way'.

ii Universal service

Availability of universal service is one of the four principles of any telecommunication service22 that the Ministry of Communications and Information Technology (MCIT) has been trying to implement since the adoption of the Telecommunications Law in 2003 and it forms part of the Egyptian Information Society Initiative.23 The Telecommunications Law introduced the Universal Service Fund (USF), established in 2005, with an initial budget of 50 million Egyptian pounds.24 Pursuant to Article 9 of the Telecommunications Law, the NTRA is responsible for managing that fund that aims mainly to fund (1) infrastructure projects required for establishing the universal service rule and (2) projects of the telecommunication and information national plan.

The NTRA plays an important role with regard to universal service since it is responsible for setting the universal service policy, defining the unserved areas, determining universal service projects annually, and for defining financing mechanisms for universal service projects.25

For the purpose of ensuring universal access of information and telecommunication services, in 2014 the government allocated 30 million Egyptian pounds from the USF to provide mobile telecommunication services in three areas in South Sinai.26

Furthermore, in 2012, TE started a National Broadband Plan (eMisr National Broadband Plan)27 aiming to expand the geographical coverage of broadband infrastructure, increase the broadband subscriber base and provide citizens in non-economically viable rural areas with the means to access broadband services. These targets should be met by 2021 with 90 per cent of Egyptian households having access to broadband services.

iii Restrictions on the provision of service

Net neutrality

There are no specific regulations on net neutrality in Egypt. However, Article 65 of the Constitution states that 'all individuals have the right to express their opinion through speech, writing, imagery, or any other means of expression and publication'. Moreover, the state shall protect citizens' rights to use all forms of public means of communication.28 Furthermore, and seeing telecommunication services must be based on transparency,29 and since network service providers must provide internet connectivity services to the users without discrimination for any reason,30 in principle internet service providers cannot control or choose any content provided by network users.

Nonetheless, the newly enacted Cybercrimes Law prohibits network users from posting any content that violates the moral values of Egyptian society or the sanctity of private life31 and grants investigative authorities the power to request the competent court to order the blocking of a website (regardless of location of its streaming) that displays any phrases, numbers, images, films, promotional materials that constitute one of the crimes listed in the law and threaten national security, or endanger the state's national security or economy. However, in cases of an emergency or risk of imminent damage, the authority with judicial arrest powers may request the NTRA to request the service provider to temporarily block the website or content. The service provider must abide by the NTRA's instructions.32

Notwithstanding the above, service providers can be requested to monitor content via court order or for the purpose of an investigation according to the Constitution, the Criminal Code, the Telecommunications Law, the Cybercrimes Law and the Data Protection Law.

Unsolicited phone calls, faxes, emails and texts

Before the Data Protection Law, no specific provisions governed unsolicited phone calls, faxes, emails and texts. Only the Telecommunications Law provided that any telecommunication service would protect users' rights without specifying what these rights were.33 In addition, Article 76 of the Telecommunications Law stipulates that without prejudice to the right for suitable indemnity, a penalty of confinement to prison and/or a fine not less than five hundred pounds and not exceeding twenty thousand pounds shall be inflicted on whoever (1) uses or assists in using illegitimate means to conduct telecommunication correspondence; and (2) premeditatedly disturbs or harasses a third party by misusing telecommunication equipment. Now, however, the Data Protection Law regulates direct electronic marketing in Articles 17–18. These Articles lay down the conditions for such activity and require that:

  1. prior consent of the data subject be obtained;
  2. the communication include the place of origin and identity of the sender;
  3. the sender have a valid address to be reached at;
  4. the marketing material contain a reference demonstrating that the purpose of the communication is for direct marketing; and
  5. mechanisms to enable the data subject to reject the electronic communication or to renounce the consent to send the personal data be provided in a clean and user-friendly manner.

Additionally, the Cybercrimes Law prohibits any person from (1) sending repeated unsolicited emails or (2) allowing access to personal data to a website for purposes of marketing without the data subject's consent. These crimes are subject to a penalty of imprisonment for not less than six months or a fine not less than 50,000 Egyptian pounds and not exceeding 100,000 Egyptian pounds or both.34

iv Security

In general, since 2016 Egypt has been adopting new laws and regulations restricting national security authorities' powers by providing a process for the collection of personal data without infringing upon private lives.

Cybersecurity

Cybersecurity is a growing concern in Egypt. With the increase of cyberattacks in all forms, Egypt promulgated the first Cybercrimes Law to ensure cyberspace security and prevent any crimes that can be committed using information technology.

The Cybercrimes Law applies to service providers, as described above.35 This Law has a broad jurisdictional scope since it does not only apply to crimes committed in Egypt but also crimes committed by non-Egyptians outside Egypt whenever the act is penalised in the jurisdiction in which it is committed under certain conditions.36

For the purposes of limiting security breaches and attacks, service providers are required under Article 2 of the Cybercrimes Law to ensure the confidentiality of the collected data. This obligation has been strengthened with the adoption of the newly promulgated Cybercrimes Executive Regulations.37

The Cybercrimes Law aims to penalise illegal acts relating to financial fraud;38 breach of the sanctity of private life;39 or any other act that endangers the vital interests of the state.40 Penalties range from fines to severe imprisonment. Moreover, and aside from criminal penalties, the Cybercrimes Law offers the possibility for the competent investigative authority to block access to any website that commits one of the crimes mentioned in the law pursuant to Articles 7 and 8.

The EG-CERT is the competent body when it comes to cyberattacks and cybersecurity. It handles incidents and attacks targeting the Egyptian critical information infrastructure41 and mitigates cyber threats. To exercise its powers fully, service providers managing critical information infrastructure are required to notify EG-CERT of any security breach pursuant to Article 3 of the Cybercrimes Executive Regulations. The EG-CERT serves also as the point of contact for international cooperation in cybercrimes matters.

While correspondences and communications' interception is prohibited under the Constitution,42 investigative authorities have judicial arrest powers to collect or seize data, to inspect and penetrate databases, and to order service providers to submit any data or information possessed in relation to an information system, as well as the service users' data43 and to provide national security authorities with all the technical capacities allowing these entities to exercise their powers.44 Furthermore, and pursuant to Article 3 of the issuance articles of the Data Protection Law, controllers and processors must comply with any request from national security entities to submit any personal data. The same obligations can be found under Articles 19 and 64(2) of the Telecommunications Law. Moreover and in accordance with the Criminal Procedures Code No. 150 of 1950 (the Criminal Procedures Code), investigative authorities have the right to seize correspondences and to intercept any communications45 on the condition that the investigations leading to the order to conduct any of the foregoing to be serious and credible.46

Privacy and data protection

For a long time, Egypt did not have any special regulations on data protection and personal data was only protected under general and sectorial provisions (e.g., the Egyptian Constitution,47 civil law48 and criminal law49). Given the importance of personal data, Egypt finally promulgated and published the first Data Protection Law in 2020. This Data Protection Law is largely based on the provisions of the General Data Protection Regulation (GDPR); however, some differences exist. In accordance with the Articles of the issuance articles, the Data Protection Law will come into force three months following its publication and its executive regulations will be issued within six months of it coming into force. Entities affected by its provisions will be given one year from the date of publication of the executive regulations50 to comply with its provisions.

The main aim of the Data Protection Law is to ensure the protection of personal data which is defined in the law as 'any data relating to an identified or identifiable natural person, who can be identified directly or indirectly by reference to an identifier'.51 This Law applies to any personal data processed electronically, partially, or entirely by any recipient, controller, or processor.52 However, contrary to the GDPR, the Data Protection Law does not apply to personal data kept by financial institutions.53

As in the GDPR, personal data must be collected and processed lawfully, only for legitimate purposes, and must not be stored for a period longer than the period necessary to fulfil the purpose of its collection or processing.54 The Data Protection Law empowers data subjects to have control over their personal data since data cannot be collected without the data subject's consent (except in some cases).55 Data subjects have the right to access, correct and erase the data, to object to data collection and to be made aware of any breach or violation of their personal data.56

As mentioned above, one of the main provisions of this law is that it establishes a Data Protection Centre (the Centre), for the purpose of monitoring and ensuring compliance with the provisions of the law. The Centre will have the powers to issue licences, permits and accreditations for regulated activities and persons, to supervise the entities subject to the provisions of this law, etc.57 On the other hand, controllers and processors subject to the provisions of the GDPR can process personal data without the obtainment of any licence since the GDPR establishes a system of accountability.58 Only when the processing will result in a high risk to the rights and freedoms of natural persons, a data impact assessment must be carried out and if the risk remains, the controller shall, prior to processing, seek the consultation of the Supervisory Authority.59

In order to ensure compliance with the provisions of the Data Protection Law, controllers and processors are under the obligation to appoint a data protection officer.60 Other than ensuring that personal data are processed in accordance with the provisions of the law, the data protection officer is the point of contact to the Centre as well as affected individuals.61

Failing to comply with the provisions of the Data Protection Law exposes the controller or processor to administrative62 and criminal63 penalties that can go up to imprisonment. Unlike the Data Protection Law, the sanctions in the GDPR are significantly higher and can reach up to €20 million or in the case of an undertaking, up to 4 per cent of the total worldwide annual turnover of the preceding financial year, or whichever is higher.64 In addition, the GDPR does not include any custodial sentences.

Regarding the protection of children online, the new Data Protection Law, under the first Article, considers children's data as sensitive data that require further protection. For the purposes of ensuring such protection, any children's data processing should not take place without the parents' or legal guardian's consent.65 Furthermore, the child's participation in any game or competition should not be conditioned by the collection of any data that exceeds what is necessary. Moreover, the Child's Law66 punishes any person that uses information technology in order to make, store, process, show, print or publish any pornographic visuals to incite children to work in prostitution, pornography or to commit crimes or illegal acts.67

Spectrum policy

i Development

Pursuant to Article 51 of the Telecommunications Law, the NTRA is the competent authority to deliver licences for spectrum use. The management of the Egyptian radio frequency spectrum is entrusted to the Radio Spectrum Resource Management Team at the NTRA as well as the Frequency Regulation Committee that was established by virtue of Article 18 of the Telecommunications Law.

In September 2020, the NTRA, through a frequency bidding, granted mobile companies operating in Egypt the right to restructure their frequency map.68

Furthermore, Egypt is currently investing in the development of sub-sea cables in order to improve internet and telecommunications services. The MCIT and the NTRA are preparing to launch 5G services shortly (see Section IV.iii).

ii Flexible spectrum use

Similar to telecommunications licences and pursuant to Article 57 of the Telecommunications Law, spectrum licences cannot be exchanged or granted to unlicensed entities unless they receive the NTRA's prior approval.

iii Broadband and next-generation mobile spectrum use

The NTRA awarded 4G licence to all four telecommunications operators in Egypt (TE, Orange, Vodafone and Etisalat) in 201669 before launching 4G mobile services in 201770 over a 10MHZ channel. After deploying 4G technology in Egypt, the MCIT and the NTRA started to prepare for the implementation of 5G. The Minister of Communications and Information Technology has stated in the 2018 Cairo International Exhibition and Conference on Information and Telecommunications Technology (Cairo ICT 2018), that Egypt will be ready to launch 5G by 2020. Furthermore, TE signed a memorandum of understanding with Ericsson in 2019 to upgrade TE's Cloud Core Network and to run tests ahead of deploying 5G services.71

Moreover, while Egypt does not have a particular framework to handle the internet of things (IoT) and machine to machine (M2M) services for the time being, the NTRA is currently discussing new regulations that will specifically deal with IoT and M2M services.

Furthermore, to improve telecommunications services, TE started a plan to replace all copper cables with fiber-optics. TE is also participating in major sub-sea cables projects (such as the 2Africa project), which are expected to have a great impact on the growth of 4G and 5G in the region and will provide fixed broadband services access for hundreds of millions of people.

iv Spectrum auctions and fees

Egypt auctions spectrum to licence holders.72

Media

i Restrictions on the provision of service

Media service providers are required to store broadcast programmes for at least one year and a copy shall be submitted monthly to the SCMR.73 Media service providers must also appoint a broadcasting manager pursuant to Article 57 of the Media and Journalism Law. Moreover, media content cannot be broadcast on smartphones unless authorised by the SCMR.74

As a general rule and pursuant to Articles 2 and 3 of the Media and Journalism Law, freedom of journalism and media is a constitutional right and it is prohibited to censor Egyptian journalism and media outlets, nonetheless certain restrictions are imposed on media service providers. For example, (1) media service providers are prohibited from publishing or broadcasting any content or advertisement that might violate the provisions of the Constitution, the law, the obligations resulting from the code of conduct or any content violating public order or promotes discrimination, racism or violence; (2) they are also prohibited from broadcasting pornographic content or material that offends religions;75 and (3) they may not broadcast false news, engage in slander and defamation or breach the sanctity of private life.76

The SCMR has issued a list of guidelines regulating religious, sports, children's programmes77 as well as advertising content. In addition, it engages in licensing websites that engage in advertising activities.78

ii Internet-delivered video content

For the past decade Egypt, has witnessed a robust expansion in internet usage. Service providers, whether media outlets or telecommunication operators have been working together on making the transition from broadcast video distribution to internet video distribution in order to reach as many consumers as possible.

Given the increase of online subscribers, service providers were able to provide a platform dedicated to video content. This in turn led telecommunication operators to offer tailored packages to consumers, depending on their need, usage and financial capabilities. For example, telecommunication operators offering consumers a number of affordable data packaging and payment plans allowing them to use various social media platforms or media streaming platforms.

Additionally, the consumer is not only offered a variation of data plans and tailored packages, but streaming platforms offer him, for a higher payment plan, ad-free content.

In conclusion, with the existence of numerous data packages in addition to targeting based advertising, most consumers are satisfied with the video content being offered as they may choose which package suits them best – from both a practical and financial standpoint.

The year in review

Egypt is currently improving its TMT sector by introducing new legislation:

  1. Data Protection Law;
  2. Cybercrimes Executive Regulations;
  3. E-commerce draft law.

Egypt is also participating in major telecommunications projects, such as the 2Africa project, as well as launching spectrum auctions.

Furthermore, Egypt is moving towards digitalising its authorities and services to attract foreign investors and to simplify the process for interested parties.

Conclusions and outlook

In addition to the ambitious introduction of technology-related laws starting in 2018, Egypt is currently working on issuing an E-commerce Law regulating online purchases. As a result of the covid-19 pandemic, online transactions have significantly increased in Egypt and these will benefit from adequate regulation.

Finally, given the new nature of the aforementioned laws, only through implementation and practice can their strengths and weaknesses be identified.

Footnotes

1 Tarek Badawy is a partner, Salma Abdelaziz is a senior associate and Hoda ElBeheiry is an associate at Shahid Law Firm.

2 Data Protection Law, Article 19.

3 A controller is any natural or legal person, by virtue of law or based on the nature of its business, which has the right to obtain personal data and to determine the means and methods on how to store the data or process it and have control over it.

4 A processor is any natural or legal person, based on the nature of its business, which processes personal data for himself or on behalf of the controller based on an agreement between them and based on the controller's instructions.

5 Prime Minister Decree No. 1699 of 2020, 27 August 2020.

6 'Personal data' is defined in Article 1 of the Data Protection Law as 'any data relating to an identified or identifiable natural person, who can be identified directly or indirectly by reference to an identifier'.

7 Prime Minister Decree No. 418 of 2020, 16 February 2020.

8 Cybercrimes Law, Article 1.

9 A licence is an official document issued by the Centre to legal persons, which grants the licencee the right to engage in the activities of collecting, storing, transferring, processing electronic personal data or carrying out online marketing activities or all of the above. It also determines the obligations of the licencee according to the rules, conditions, procedures, and technical standards specified in the executive regulations. The licence period is for three years and renewable for other periods.

10 A permit is a temporary official document similar to a licence; the only difference is that it can be issued to natural or legal persons. The permit is valid for one year and may be renewed for similar periods.

11 An accreditation is a certificate issued by the Centre stating that the natural or legal person has fulfilled all the technical, legal and organisational requirements specified in the executive regulations, according to which the person is qualified to provide consultancy services in the field of data protection.

12 Media and Journalism Law, Article 52.

13 Telecommunications Law, Article 31.

14 In 2019, for the first time, the Egyptian Competition Authority reviewed the merger of Uber and Careem even though the companies' annual turnover did not exceed 100 million Egyptian pounds.

15 Media and Journalism Law, Article 63. The SCMR is the competent authority to determine the necessary requirements for such transactions pursuant to Article 19 of the Media and Journalism Executive Regulations.

16 TE was established in 1998 by virtue of Law No. 19 of 1998, which converted the National Telecommunications Authority into an Egyptian joint stock company by the name of Telecom Egypt (i.e., TE). TE is responsible for establishing, owning, operating and developing the telecommunication networks to transfer and facilitate telecommunications and information technology services inside and outside of Egypt, and performing all other services that may be provided using such networks.

17 The Rules & Conditions of The Award of Licence to Establish Telecom Networks and Provide Telecom Services in A.R.E., NTRA. February 2019.

18 Telecommunications Law, Article 22.

19 More specific requirements may vary depending on the licence.

20 Telecommunications Law, Article 22.

21 '2Africa Cable' is one of the largest sub-sea cables projects in the world connecting 23 countries in Africa, the Middle East and Europe with a cable length of 37,000km. It is expected to enhance connectivity across Africa and the Middle East. The project is funded by a consortium of companies including China Mobile International, Djibouti Telecom, Facebook, MTN Global Connect, Orange, Saudi Telecom Company, TE, Vodafone and WIOCC. Alcatel Submarine Networks has been chosen to build the cables and the system is supposed to be operational by 2023/2024, http://ir.te.eg/en/CorporateNews/PressRelease/126/2Africa-a-transformative-subsea-cable-for-future-internet-connectivity-in-Africa-announced-by-global-and-African-partners, https://enterprise.press/stories/2020/07/15/could-egypt-make-better-use-of-its-position-as-a-subsea-internet-cable-hub-18969/.

22 Telecommunications Law, Article 2.

23 The Egyptian Information Society Initiative is part of Egypt's Vision 2030 to build a digital Egypt by 2030. It aims to introduce digital transformation, digital skills and jobs and digital innovation.

24 The USF is funded from public resources (NTRA budget's surplus) and private resources (Universal Service obligations stipulated in operators' licences (up to 0.5 per cent of their Adjusted Gross Revenues)). https://tra.gov.eg/en/regulation/Pages/universal-service.aspx.

25 ibid.

26 ibid.

28 Constitution, Article 57.

29 Telecommunications Law, Article 2.

30 The Rules & Conditions of The Award of Internet Connectivity Services (Class A) & VoIP Services Provision Licence in A.R.E., NTRA, February 2019.

31 Cybercrimes Law, Articles 25–26.

32 ibid, Article 7.

33 Telecommunications Law, Article 2.

34 Cybercrimes Law, Article 25.

35 ibid, Article 1.

36 ibid, Article 3.

37 Cybercrimes Executive Regulations, Articles 2 and 3.

38 Cybercrimes Law, Article 23.

39 ibid, Article 25.

40 ibid, Article 34.

41 Critical information infrastructure is defined in article 1 of the Cybercrimes Executive Regulations as 'a group of systems, networks or crucial informational assets that any illegal disclosure, interference, modification or unauthorized access with its specifications; or any illegal access to the stored and processed data and information, or any other illegal act would influence the State's services and its essential facilities and could result in economic and social damages on the national level'. Is considered critical information infrastructure all that relates to energy, telecommunications, financial and health sectors, public transportation, national security, etc.

42 Article 57 of the Constitution states that: 'The right to privacy may not be violated, shall be protected and may not be infringed upon. Postal, telegraphic and electronic correspondences, telephone calls, and other means of communication are inviolable, and their confidentiality is guaranteed. They may not be confiscated, revealed or monitored except by virtue of a reasoned judicial order, for a definite period, and only in the cases defined by Law'.

43 Cybercrimes Law, Article 6.

44 ibid, Article 2. III. It should be noted that the vague wording of this provision opens the possibility that users' communications could be monitored and intercepted.

45 Criminal Procedures Code, Articles 95 and 206.

46 Judgment of the Court of Cassation dated 1 January 2015, Criminal Circuit, Case No. 26806 / 84 JY.

47 Constitution, Articles 57 and 99.

48 Civil Code, Article 163.

49 Penal Code, Article 309 bis.

50 Data Protection Law, Article 4 of the issuance articles.

51 ibid, Article 1.

52 ibid, Article 1 of the issuance articles.

53 ibid, Article 3 of the issuance articles.

54 ibid, Article 3.

55 ibid, Article 6.

56 ibid, Article 2.

57 ibid, Article 19.

58 GDPR, Articles 35–36.

59 According to Article 51 of the GDPR, Member States are required to establish independent Supervisory Authorities 'responsible for monitoring the application of the GDPR, in order to protect rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the [European] Union'.

60 Data Protection Law, Article 8.

61 ibid, Article 9.

62 ibid, Article 30.

63 ibid, Articles 35 to 48.

64 GDPR, Article 83.

65 Data Protection Law, Article 12.

66 Law No. 12 of 1996.

67 Child's Law, Article 116 bis A.

73 Media and Journalism Law, Article 64.

74 ibid, Article 67.

75 ibid, Articles 4–6.

76 ibid, Articles 19–20.

77 SCMR Decision No. 62 of 2019, 5 September 2019.

78 Media and Journalism Law, Article 59.

Get unlimited access to all The Law Reviews content