Introduction
Over the past few years, most member countries of the Gulf Cooperation Council (GCC)1 – Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the UAE – have enacted or updated existing cybercrime laws as part of their efforts to address what is acknowledged as a growing security threat.2 Although cybersecurity technology remains the primary investment in countering cybercrime, there is an increasing awareness among the region’s policymakers of the important role of legislative frameworks in preventing and in combating cybercrime. However, most GCC cybercrime legal frameworks are still an incomplete step. They do not elaborate on elements – such as the procedural powers, electronic evidence, jurisdiction and international cooperation – that are essential for the law to play its proper role in guiding national investigations and prosecutions and in facilitating mutual legal assistance in transnational investigations. Instead, the focus is primarily on criminalization of acts that are considered as cybercrime, with many provisions on forbidden speech. GCC cybercrime laws expand the definition of cybercrime to a wide array of forms of expression using vaguely worded provisions that leave the door open to confusion and abuse. Furthermore, the laws impose increased penalties especially on speech criticizing or challenging the ruling establishment. In their current shape, therefore, cybercrime legal frameworks in most GCC countries have an adverse impact on freedom of expression and do not best fulfil their stated intention of combating cybercrime.
The ongoing pace of technological developments and the large opportunities for further digital growth, in conjunction with high internet adoption rates and consumer complacency, are all contributing to the growth of cyber risk in the GCC region. As the governments of the GCC countries continue to invest in and develop their digital economies and smart infrastructures, and as citizens inevitably use the internet and online services in almost every aspect of their daily lives, the potential impact of cybercrime is not just financial: there are major operational disruption and safety risks to consider. There is thus a critical need for the governments of the GCC countries to update their anti-cybercrime capacities, including by means of training their judiciary and law enforcement agencies, creating more awareness at every level, pioneering public-private partnerships and, importantly, revising their cybercrime legal frameworks.
About this paper
This paper forms part of a research project that examines cybercrime laws in the GCC. Its aim is to assess whether these laws are fit for purpose, and to gauge their impact on the economy, security and civil liberties. Previous work within the project has explored the impact of GCC cybercrime laws on the economy, in particular on the digital economy and on the future and security of the smart infrastructures.3
This paper examines the impact of cybercrime laws in the GCC with a focus on civil liberties, notably on freedom of expression online. By focusing on the structure and content of the laws and assessing how they compare with relevant international law, the case is made that most cybercrime laws in the GCC raise concerns when viewed through the lens of international human rights law standards. Indeed, these laws play a major role in curtailing freedom of expression and do not offer the needed guide for law enforcement and the judiciary in their efforts to investigate, prosecute and adjudicate cybercrime.