Telecommunications companies

Etisalat by e&

Rank: 11th
Score: 13%

Headquartered in the United Arab Emirates (UAE), e& (previously known as Etisalat Group) offers mobile, fixed broadband, and technology services to 159 million users across the Middle East, Africa, and Asia.

The company previously known as Etisalat, which became e& after a rebranding in 2021, came in at the bottom of our ranking once again due to its lack of transparency across all categories. The “global technology and investment conglomerate’’ continued its expansion into new markets and services, including cloud storage, cybersecurity, and AI. In May, it acquired a stake of nearly 10% in multinational telecommunications group Vodafone and, in November 2021, it acquired 100% of elGrocer, an online marketplace for groceries operating across the UAE.

This growing expansion is cause for concern, given the company’s history of putting business before human rights and the repressive regulatory environment of its home market. Censorship and surveillance in the country are rampant. The company now known as e& provided no information about its processes for handling government demands to block content and hand over user information either from UAE authorities or from the governments of the foreign countries in which it operates. Indeed, five countries where e& operates have ordered network shutdowns since the 2020 RDR Index, including two that had not previously done so (Burkina Faso and Niger). Yet the company continued to provide no information about how it processes these shutdown orders, who issues them, and whether it notifies users directly when it shuts down a network or restricts access to a service.

The company continued to violate network neutrality principles by charging its users in the UAE an extra $14 monthly to access the voice and video calling features of VoIP apps approved by the country’s Telecommunications and Digital Government Regulatory Authority (other VoIP apps are blocked). These apps included e&’s GoChat Messenger, an all-in-one app providing video and voice calling that was launched in July, as well as access to a range of other services that allow users to transfer money, pay bills, and play games. Similar apps in the UAE have raised concerns among human rights and privacy advocates in the past, given the country’s wide-reaching surveillance apparatus.

Key takeaways

  • The company now known as e& did not provide any evidence of engaging with multi-stakeholder initiatives regarding how its business operations and products may affect users’ freedom of expression and information and privacy rights, as well as their right to non-discrmination.
  • The company did not disclose its process for handling government demands to remove content and accounts or to access user data. While it is a criminal offense in the UAE not to comply with government blocking orders, there is no law prohibiting the company from disclosing how it handles these demands or its compliance rates with either government or private content-blocking requests.
  • The conglomerate lacked transparency about its security policies. It disclosed having a security team in place that conducts internal security audits as well as commissioning third-party audits, but it failed to share anything about its policies for addressing security vulnerabilities or handling data breaches.

Key recommendations

  • Conduct human rights due diligence. The company should conduct robust human rights impact assessments to help it assess, understand, and mitigate the risks to privacy, freedom of expression, and non-discrimination posed by its business operations and services, especially as it develops new services and enters new markets. The scope of these assessments should include the company’s targeted advertising policies and its development and use of algorithmic systems.
  • Disclose processes for responding to government demands. The company should publish policies clearly outlining its processes for responding to government demands to block websites, restrict access to networks and services, and hand over user information.
  • Improve security policies. The company should disclose policies for responding to data breaches and addressing security vulnerabilities. It should also provide users with better resources and information to protect themselves from cybersecurity risks.

Services evaluated:

  • Etisalat UAE (Prepaid mobile)
  • Etisalat UAE (Postpaid mobile)
  • Etisalat UAE (Fixed-line broadband)
  • Operating company evaluated: Etisalat by e& For telecommunications companies, the RDR Index evaluates relevant policies of the parent company, the operating company, and selected services of that operating company.
  • Market cap: $46.93 billion (as of November 4, 2022)
  • ADX, based in Abu Dhabi: EAND
  • Read more about how stock structures can be a barrier to shareholder participation
  • Website: https://www.etisalat.ae

The 2022 Telco Giants Scorecard covers policies that were active on June 1, 2022. Policies that came into effect after June 1, 2022, were not evaluated for this scorecard.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Veszna Wessenauer, Afef Abrougui

Changes since 2020

  • The global technology and investment group disclosed management-level oversight over security and customer data for all services.
  • The company now known as e& disclosed that it engages in zero-rating practices, but provided justifications for only some of the programs it offers.
  • The company provided educational materials for users to protect themselves from scam and fraud.

Scores since 2017

100%0%201720182019202020228%8%8%10%13%
Most companies’ scores dropped between 2019 and 2020 with the inclusion of our new indicators on targeted advertising and algorithmic systems. To learn more, please visit our Methodology development archive.
Governance18%
Freedom of expression9%
Privacy15%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 18%

Out of 10 indicators in this category, e& received credit on only four. It disclosed a general commitment to human rights in line with the UN Global Compact, but without mentioning freedom of expression or privacy (G1). For the first time, it disclosed management oversight of some privacy issues, including of security and safeguarding of customer data (G2). It disclosed that it trains employees on privacy and that it has a whistleblower program through which employees can report “leakage of confidential information.’’ Neither of these programs covered freedom of expression.

Freedom of expression 9%

The company’s performance in this category was extremely poor. It did provide users with easy to understand terms of service that included some information about the types of content and activities it prohibits and how it enforces these rules (F3a), but it disclosed nothing about its policies for ad content and targeting (F3b, F3c). It also did not disclose a policy for responding to government demands to restrict content and accounts (F5a, F5b). While it provided unclear explanations for why it may restrict access to networks and VoIP applications, it did not describe at all its process for responding to this type of overbroad orders (F10).

Privacy 15%

Though it did publish resources to help users protect themselves against fraud and scams (P18), e& failed to make any other progress in this category. The company’s privacy policy provided a limited description of the information it collects (P3a). The company stated that users can access their own information (P8), but that it may also share information with government authorities (P4). It provided no other details about its handling of user information, including which information it infers (P3b) or the retention periods for this data (P7). Finally, the company was not transparent about its handling of government surveillance demands (P10a, P10b).