Ooredoo Q.P.S.C.
Headquartered in Qatar and majority-owned by the Qatari government, Ooredoo provides telecommunications services such as mobile, broadband, and fiber in 10 countries in the Middle East, North Africa, and south and southeast Asia. In the first quarter of 2021, it had 121 million users.
Despite minor improvements, Ooredoo remained in last place for the fifth consecutive time since it was added to our ranking in 2017. Since the 2020 RDR Index, Ooredoo has begun publishing ESG reports and made its first general commitment to “safeguarding human rights.” However, the company still lacked general transparency about its policies and practices affecting users’ freedom of expression and privacy. A joint 2020 report by Access Now and ImpACT International highlighted how Ooredoo Tunisia provided poor privacy protection to its users.
This year, Ooredoo was one of two telecom companies we rank, along with Telenor, to exit Myanmar as a result of overbroad government pressure following the military junta’s 2021 coup. This exit came amid continued government pressure on telecom companies to install spyware to eavesdrop on users and keep tabs on political opponents. The company announced the sale of its Myanmar-based operations to a Singapore-based technology firm in September. Ooredoo’s departure has raised concerns from civil society about potential human rights risks. Civil society groups have expressed worry that user data might become more easily accessible to the military government.
In 2021, there were at least 23 network shutdowns reported in nine MENA countries. Ooredoo operates in four of these countries, including Algeria, Iraq, Oman, and Palestine. Nonetheless, except for disclosing some possible reasons for network disruptions, the company shared nothing about how it responds to government demands to shut down networks or to access user information. Although the Qatar government permits the use of some VoIP services such as Zoom and WebEx, the use of WhatsApp and Skype is restricted for general mobile users. Ooredoo announced earlier this year that it would begin offering postpaid users access to WhatsApp without consuming data from their plans. This practice is a violation of network neutrality principles, as it provides preferential treatment to Ooredoo’s postpaid customers over its prepaid customers. There was also no evidence that Ooredoo conducted any risk assessment on zero rating before launching this program.
Qatar is hosting the 2022 FIFA World Cup from November 20 to December 18. Hundreds of thousands of soccer fans and tourists are flooding into the country. Once there, visitors must download the Hayya ID app, which is mandatory to enter the country, get into stadiums, and use public transportation. Concerns have been raised about the privacy rights of app users because of the app’s overbroad access requests, along with the country’s history of invasive surveillance and human rights abuses. Ooredoo announced that it is providing World Cup visitors with free Hayya SIM offers to attract new users.
The 2022 Telco Giants Scorecard covers policies that were active on June 1, 2022. Policies that came into effect after June 1, 2022, were not evaluated for this scorecard.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Ooredoo earned the lowest governance score of all the telcos we rank. It revealed little about what governance processes it has in place to ensure respect for users’ freedom of expression and privacy. According to its ESG report, the company assessed risks, but there was no evidence of any human rights risk assessments of relevant government regulations and policies, of processes for enforcement of the company’s policies or assessments of its targeted advertising, algorithmic systems, and zero-rating programs (G4).
Ooredoo performed only slightly better than Airtel (the lowest-performing company in this category), on policies and practices affecting users’ freedom of expression. It shared scarce information about its policies for content and account restrictions (F3a). The company did not publish any policy disclosing how it implements its targeted advertising system and how advertising content is moderated (F1b, F1c, F2b, F2c, F3b, F3c). It also did not release any data about the nature and the volume of restricted content, accounts, or advertisements (F4a, F4b, F4c). Finally, Ooredoo offered no information about third-party requests to restrict content or accounts (F5a, F5b, F6, F7).
Ooredoo disclosed less about its policies and practices affecting users’ privacy than any other telecom companies evaluated. Its privacy policy revealed only limited information about how the company collects (P3a) and shares user information (P4). It provided no clues about how the company infers user information (P3b), how long the company retains user data (P6), what options users have to control their own data (P7), or how to access this data (P8). Ooredoo was also silent on third-party requests for user information. It disclosed nothing about its mechanisms for addressing security vulnerabilities (P14) and data breaches (P15).