Telecommunications companies

Ooredoo Q.P.S.C.

Rank: 12th
Score: 9%

Headquartered in Qatar and majority-owned by the Qatari government, Ooredoo provides telecommunications services such as mobile, broadband, and fiber in 10 countries in the Middle East, North Africa, and south and southeast Asia. In the first quarter of 2021, it had 121 million users.

Despite minor improvements, Ooredoo remained in last place for the fifth consecutive time since it was added to our ranking in 2017. Since the 2020 RDR Index, Ooredoo has begun publishing ESG reports and made its first general commitment to “safeguarding human rights.” However, the company still lacked general transparency about its policies and practices affecting users’ freedom of expression and privacy. A joint 2020 report by Access Now and ImpACT International highlighted how Ooredoo Tunisia provided poor privacy protection to its users.

This year, Ooredoo was one of two telecom companies we rank, along with Telenor, to exit Myanmar as a result of overbroad government pressure following the military junta’s 2021 coup. This exit came amid continued government pressure on telecom companies to install spyware to eavesdrop on users and keep tabs on political opponents. The company announced the sale of its Myanmar-based operations to a Singapore-based technology firm in September. Ooredoo’s departure has raised concerns from civil society about potential human rights risks. Civil society groups have expressed worry that user data might become more easily accessible to the military government.

In 2021, there were at least 23 network shutdowns reported in nine MENA countries. Ooredoo operates in four of these countries, including Algeria, Iraq, Oman, and Palestine. Nonetheless, except for disclosing some possible reasons for network disruptions, the company shared nothing about how it responds to government demands to shut down networks or to access user information. Although the Qatar government permits the use of some VoIP services such as Zoom and WebEx, the use of WhatsApp and Skype is restricted for general mobile users. Ooredoo announced earlier this year that it would begin offering postpaid users access to WhatsApp without consuming data from their plans. This practice is a violation of network neutrality principles, as it provides preferential treatment to Ooredoo’s postpaid customers over its prepaid customers. There was also no evidence that Ooredoo conducted any risk assessment on zero rating before launching this program.

Qatar is hosting the 2022 FIFA World Cup from November 20 to December 18. Hundreds of thousands of soccer fans and tourists are flooding into the country. Once there, visitors must download the Hayya ID app, which is mandatory to enter the country, get into stadiums, and use public transportation. Concerns have been raised about the privacy rights of app users because of the app’s overbroad access requests, along with the country’s history of invasive surveillance and human rights abuses. Ooredoo announced that it is providing World Cup visitors with free Hayya SIM offers to attract new users.

Key takeaways

  • For the first time, Ooredoo committed to “safeguarding human rights” in its inaugural ESG report, but the company did not expand on what this commitment entails.
  • Ooredoo did not make any commitment to net neutrality. The company also shared nothing about its process for responding to government shutdown orders or how many such orders it received or complied with.
  • Ooredoo failed to provide any information about how it handles government demands for content takedowns, account restrictions, or user information. It was also unclear whether the company responds to any private requests for such information.

Key recommendations

  • Detail a commitment to human rights. Ooredoo should commit explicitly to respecting users’ rights to privacy and freedom of expression, in accordance with international human rights standards.
  • Be transparent about government censorship demands. Ooredoo should publish policies clearly outlining its processes for responding to government demands to block websites and restrict access to networks and services.
  • Be transparent about the handling of user information. Ooredoo should describe which types of user information it shares and with whom as well as how long it retains this information.

Services evaluated:

  • Ooredoo Qatar (Prepaid mobile)
  • Ooredoo Qatar (Postpaid mobile)
  • Ooredoo Qatar (Fixed-line broadband)
  • Operating company evaluated: Ooredoo QatarFor telecommunications companies, the RDR Index evaluates relevant policies of the parent company, the operating company, and selected services of that operating company.
  • Market cap: $6.58 billion (as of November 4, 2022)
  • QSE, based in Doha: ORDS
  • Read more about how stock structures can be a barrier to shareholder participation
  • Website: https://www.ooredoo.qa

The 2022 Telco Giants Scorecard covers policies that were active on June 1, 2022. Policies that came into effect after June 1, 2022, were not evaluated for this scorecard.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

  • Lead researchers: Jie Zhang, Farah Rasmi

Changes since 2020

  • Ooredoo published its first annual ESG report and identified “safeguarding human rights” as one aspect of its “sustainability framework.”
  • Ooredoo made it easy to access its “General Terms and Conditions” by adding it to the company’s homepage.
  • Ooredoo’s privacy policy, previously only available in English, is now also offered in Arabic, the official language of Qatar.
  • Ooredoo improved its transparency with regard to security oversight: The company disclosed the existence of an internal team managing data security issues and conducting regular audits. The company also commissioned external audits, earning it ISO certificates.

Scores since 2017

100%0%201720182019202020225%5%5%6%9%
Most companies’ scores dropped between 2019 and 2020 with the inclusion of our new indicators on targeted advertising and algorithmic systems. To learn more, please visit our Methodology development archive.
Governance8%
Freedom of expression4%
Privacy12%

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 8%

Ooredoo earned the lowest governance score of all the telcos we rank. It revealed little about what governance processes it has in place to ensure respect for users’ freedom of expression and privacy. According to its ESG report, the company assessed risks, but there was no evidence of any human rights risk assessments of relevant government regulations and policies, of processes for enforcement of the company’s policies or assessments of its targeted advertising, algorithmic systems, and zero-rating programs (G4).

Freedom of expression 4%

Ooredoo performed only slightly better than Airtel (the lowest-performing company in this category), on policies and practices affecting users’ freedom of expression. It shared scarce information about its policies for content and account restrictions (F3a). The company did not publish any policy disclosing how it implements its targeted advertising system and how advertising content is moderated (F1b, F1c, F2b, F2c, F3b, F3c). It also did not release any data about the nature and the volume of restricted content, accounts, or advertisements (F4a, F4b, F4c). Finally, Ooredoo offered no information about third-party requests to restrict content or accounts (F5a, F5b, F6, F7).

Privacy 12%

Ooredoo disclosed less about its policies and practices affecting users’ privacy than any other telecom companies evaluated. Its privacy policy revealed only limited information about how the company collects (P3a) and shares user information (P4). It provided no clues about how the company infers user information (P3b), how long the company retains user data (P6), what options users have to control their own data (P7), or how to access this data (P8). Ooredoo was also silent on third-party requests for user information. It disclosed nothing about its mechanisms for addressing security vulnerabilities (P14) and data breaches (P15).