Etisalat by e&
Headquartered in the United Arab Emirates (UAE), e& (previously known as Etisalat Group) offers mobile, fixed broadband, and technology services to 159 million users across the Middle East, Africa, and Asia.
The company previously known as Etisalat, which became e& after a rebranding in 2021, came in at the bottom of our ranking once again due to its lack of transparency across all categories. The “global technology and investment conglomerate’’ continued its expansion into new markets and services, including cloud storage, cybersecurity, and AI. In May, it acquired a stake of nearly 10% in multinational telecommunications group Vodafone and, in November 2021, it acquired 100% of elGrocer, an online marketplace for groceries operating across the UAE.
This growing expansion is cause for concern, given the company’s history of putting business before human rights and the repressive regulatory environment of its home market. Censorship and surveillance in the country are rampant. The company now known as e& provided no information about its processes for handling government demands to block content and hand over user information either from UAE authorities or from the governments of the foreign countries in which it operates. Indeed, five countries where e& operates have ordered network shutdowns since the 2020 RDR Index, including two that had not previously done so (Burkina Faso and Niger). Yet the company continued to provide no information about how it processes these shutdown orders, who issues them, and whether it notifies users directly when it shuts down a network or restricts access to a service.
The company continued to violate network neutrality principles by charging its users in the UAE an extra $14 monthly to access the voice and video calling features of VoIP apps approved by the country’s Telecommunications and Digital Government Regulatory Authority (other VoIP apps are blocked). These apps included e&’s GoChat Messenger, an all-in-one app providing video and voice calling that was launched in July, as well as access to a range of other services that allow users to transfer money, pay bills, and play games. Similar apps in the UAE have raised concerns among human rights and privacy advocates in the past, given the country’s wide-reaching surveillance apparatus.
The 2022 Telco Giants Scorecard covers policies that were active on June 1, 2022. Policies that came into effect after June 1, 2022, were not evaluated for this scorecard.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Out of 10 indicators in this category, e& received credit on only four. It disclosed a general commitment to human rights in line with the UN Global Compact, but without mentioning freedom of expression or privacy (G1). For the first time, it disclosed management oversight of some privacy issues, including of security and safeguarding of customer data (G2). It disclosed that it trains employees on privacy and that it has a whistleblower program through which employees can report “leakage of confidential information.’’ Neither of these programs covered freedom of expression.
The company’s performance in this category was extremely poor. It did provide users with easy to understand terms of service that included some information about the types of content and activities it prohibits and how it enforces these rules (F3a), but it disclosed nothing about its policies for ad content and targeting (F3b, F3c). It also did not disclose a policy for responding to government demands to restrict content and accounts (F5a, F5b). While it provided unclear explanations for why it may restrict access to networks and VoIP applications, it did not describe at all its process for responding to this type of overbroad orders (F10).
Though it did publish resources to help users protect themselves against fraud and scams (P18), e& failed to make any other progress in this category. The company’s privacy policy provided a limited description of the information it collects (P3a). The company stated that users can access their own information (P8), but that it may also share information with government authorities (P4). It provided no other details about its handling of user information, including which information it infers (P3b) or the retention periods for this data (P7). Finally, the company was not transparent about its handling of government surveillance demands (P10a, P10b).