In recent years the State of Qatar (“Qatar”) has adopted a regulatory framework to ensure efficient implementation of the Cyber and Information Technology Security Standards and Practices (“Framework”). For example in 2014, Qatar successfully launched Law No 14 of 2014 promulgating the Cybercrime Prevention Law (“Anti-Cybercrime Law”) which set out the types of cybercrimes and relevant sanctions. In 2016 in order to strengthen measures applicable to data protection and cope with international standards applicable to data and information security, Qatar took further steps and issued Law No 13 of 2016 Promulgating the Privacy of Personal Data Law (“Data Privacy Law”). Furthermore, the Qatar Penal Code (Law No 11 of 2004) which recently amended Article 333 applies additional criminal sanctions to the invasion of personal privacy through the use of technology.
By adopting the Framework Qatar seeks to achieve four important goals:
Encourage the use of information technology;
Ensure sufficient protection against any form of cybercrimes; and
Provide proper redemption measures against cyber-attacks.
In applying the legislation to promote cyber and information security, the Qatar government takes a two-pronged approach through separate ministries:
Prevention: The aspects of prevention, including spreading awareness about cyber security requirements, information technology policies, best practices in the field of communication technology and methods of reporting suspicious operations or transactions, are mainly under the mandate of the Ministry of Transport and Communication (“MOTC”). Corporate entities, as well as individuals, may request the assistance and advice of the Qatar Computer Emergency Response Team (also known as “QCert”) at the MOTC, which is specialized and dedicated to evaluating actual or potential cyber threats.
Action: The Ministry of Interior (“MOI”) is mandated to oversee and implement the Anti-Cybercrime Law in matters governed by its provisions. Any violation or breach occurring under the said law, or cases arising under the Data Privacy Law, should be reported to the Department of Criminal Investigation at the MOI.
Sanctions applicable under the Anti-Cyber Crime Law and the Data Privacy Law vary between the imposition of fines, or imprisonment, or both.