Telecommunications company

Etisalat Limited

Etisalat UAE

Key findings

  • Etisalat made no commitment to respect human rights and disclosed little about policies affecting users' freedom of expression and privacy.
  • The company disclosed no information about how it handles and complies with government and private requests to restrict content or accounts, or for user information.
  • Despite legal constraints on companies in the UAE, Etisalat should make its privacy policies available to users and provide more information about what the company does to keep user information secure.
Services evaluated
Etisalat UAE
Etisalat UAE
Etisalat UAE



Etisalat ranked ninth out of the 10 telecommunications companies evaluated and received the second-lowest score in the Index overall. Etisalat is a majority state-owned company, operating in a political and regulatory environment not conducive to companies making public commitments to human rights, including to freedom of expression and privacy. The 2016 Freedom on the Net report by Freedom House rated the UAE’s internet environment as “Not Free.” However, Etisalat could still improve its disclosures despite these constraints. For example, it could clarify which privacy policy applies to its services. In addition, the company disclosed nothing about how it responds to government and private requests for user information. Given that the company is majority state-owned and that the overall operating environment discourages transparency—and in some cases, such as for police investigations or court trials, legally prohibits it—it is unlikely Etisalat would be able to disclose this information about government requests. However, Etisalat could disclose its processes for receiving and complying with private requests for content restriction or user information. It could also provide more information about its security policies, as there is no law for instance prohibiting companies from disclosing their processes for responding to data breaches.

Etisalat Group establishes and operates telecommunication and fiber optics networks, along with a broad suite of other services in the United Arab Emirates and in 16 other countries in the Middle East, Africa, and Asia. Its operations include operation and management of telecom networks as well as media services, connectivity services, and consulting.

Diversified Telecommunication Services
USD 42,622 million



Etisalat performed poorly in the Governance category, receiving the fifth-lowest score of all 22 companies, ahead of Mail.Ru, Axiata, Ooredoo, and Baidu.

Etisalat provided no formal commitment to respect users’ freedom of expression and privacy as human rights (G1), and disclosed no senior-level oversight over these issues (G2). The company revealed no evidence of a human rights due diligence process (G4) or of engaging with stakeholders on freedom of expression or privacy issues (G5). It received some credit for disclosing a grievance and remedy mechanism, though the company did not explicitly state that this process includes complaints relating to free expression or privacy (G6).

Freedom of expression


Etisalat received the fifth-highest score of the 10 telecommunications companies evaluated in the Freedom of Expression category, ahead of Ooredoo, MTN, Axiata, and Bharti Airtel.

Content and account restriction requests: Like most telecommunications companies, Etisalat UAE provided almost no information about how it handles government or private requests to restrict content or accounts (F5-F7). For fixed-line broadband services, the company stated that it reviews users’ requests to block or unblock internet content under the UAE's “Internet Access Management Policy,” which prohibits certain types of content, but provides no additional information about how it responds to content-blocking or account restriction requests for its mobile services (F5). Likewise, Etisalat did not publish any data about government or private requests to restrict content or accounts that it receives or complies with (F6, F7).

Network management and shutdowns: Etisalat UAE was among the lowest-scoring companies on these indicators, though it offered slightly more disclosure than Ooredoo (F9-F10). Etisalat failed to disclose any information about its network management policies (F9) and had only vague disclosure of policies related to network shutdowns (F10).

Identity policy: Etisalat UAE disclosed that it requires pre-paid mobile service users to provide government-issued identification (F11). The UAE Telecom Regulatory Authority (TRA) requires all mobile phone service subscribers to do so.



Etisalat received the second-lowest score of the 10 telecommunications companies evaluated in the Privacy category, slightly ahead of Ooredoo.

Handling of user information: Etisalat UAE disclosed almost nothing on these indicators, scoring better than only Ooredoo (P3-P8). The company’s privacy policy referred only to the Etisalat UAE website and online services with no indication of whether this policy applies to mobile or fixed-line broadband services. It therefore received no credit on indicators addressing company disclosure of what types of user information it collects, for what purpose, and for how long it retains it (P3, P5, P6). The company did, however, receive some credit for disclosing that it shares user information with authorities if legally required and in cases of national security (P4).

Requests for user information: Etisalat UAE did not provide any information about how it handles requests for user information from governments and private parties, making it one of three companies, along with Ooredoo and Axiata, that received no credit on these indicators (P10-P11).

Security: Etisalat UAE had almost no disclosure on these indicators, scoring better than only Ooredoo (P13-P18). It disclosed that it has policies in place limiting employee access to user data but provides no additional information regarding its internal processes for ensuring that user data is secure (P13). It disclosed nothing about policies for addressing security vulnerabilities (P14) or for responding to data breaches (P15). There are no apparent legal obstacles to disclosing this information.