Tunisia’s data protection authority is in the process of amending the country’s 2004 privacy law, which will regulate the use of personal data.
Hacking into activists’ emails, tapping into dissidents’ phone calls, or installing surveillance cameras in the homes of political opponents were common practices during the reign of Zeine el-Abidin Ben Ali. Amending this particular law section related to the processing of personal data by public entities, would place the State and its organs under the scrutiny of the INPDP.
A fifteen-member commission, dubbed the National Authority for the Protection of Personal Data (INPDP), authorises and supervises the processing of personal data by either public or private entities. It also has the power to grant or withdraw data processing licenses.
The National Constituent Assembly (NCA) — responsible for drafting the country’s new constitution — will have to discuss and approve amendments before going into effect. Amendments will mainly remedy two major flaws in the current law: the authority’s managerial structure as well as the state’s ability to circumvent parts of the law aimed at protecting privacy.
By amending the law, the INPDP seeks to guarantee its independence from government interference and control. The law today threatens the commission’s independence, as Article 78 of the law stipulates that representatives from the Prime Minister’s office, and the ministries of Defence, the Interior, Scientific Research, Health and two MPs have to be appointed to the INPDP’s management. Once the NCA approves amendments, political affiliation will no longer be a part of appointment criteria.
Section one of the fifth chapter of the Data Protection Act outlines the collection and processing of personal data by public bodies. Unlike private companies, public institutions are not required to obtain verbal and written consent from data subjects when collecting and processing data. Data subjects are also barred from accessing information held by public authorities.
“Public entities represent the largest data bank. The state hold in its hands most of the data to be processed, so it has to be submissive to the authority”, said Mokhtar Yahyaoui, President of the INPDP.
“No one shall escape the supervision of the authority”, he added.
Tunisia’s new constitution will also guarantee the right “to privacy, secrecy of correspondence, privacy of the home, and protection of personal data”. Protection of privacy, however, was still guaranteed under the last Constitution — but now the state will be held accountable.
