State of Surveillance Tunisia
The State of Surveillance in Tunisia is the result of an ongoing collaboration by Privacy International and partners.
Key privacy facts
1. Constitutional privacy protection: The constitution contains an explicit protection of the right to privacy.
3. Data protection agency: Tunisia has a data protection agency, the National Authority for Personal Data Protection (INPDP).
4. Recent scandals: The government submitted a bill in 2016 requiring citizens to carry biometric identification cards to replace the existing paper ID cards. Faced with growing opposition, the text was finally withdrawn in January 2018.
5. ID Regime: Tunisians over 18 need a National Identification Card.
Right to Privacy
The Constitution of the Second Republic of Tunisia was adopted in January 2014 with a large majority, two years after the popular uprising that removed President Ben Ali from power.
The new constitution established human rights as a supreme guiding principle. Article 24 enshrines the right to privacy, making the State responsible for:
"... protect[ing] the privacy and inviolability of the home and confidentiality of correspondence, communications and personal data."
Article 32 guarantees the right of access to information, stating:
“The state guarantees the right to information and the right of access to information and communication networks.”
However, Article 49 underlines the limitations to those rights:
“The limitations that can be imposed on the exercise of the rights and freedoms guaranteed in this Constitution will be established by law, without compromising their essence. Any such limitations can only be put in place for reasons necessary to a civil and democratic state and with the aim of protecting the rights of others, or based on the requirements of public order, national defence, public health or public morals, and provided there is proportionality between these restrictions and the objective sought.
Judicial authorities ensure that rights and freedoms are protected from all violations.
No amendment may undermine the human rights and freedoms guaranteed in this Constitution.”
Finally, Article 128 establishes the Human Rights Commission to oversee respect for human rights and to conduct investigations into alleged human rights violations.
Regional and international conventions
Tunisia is a signatory of a number of international instruments with privacy implications, including:
- the International Covenant on Civil and Political Rights (ICCPR);
- the International Covenant on Economic, Social and Cultural Rights;
- the European Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data;
- African Union Convention on Cyber Security and the Protection of Personal Data (Law No 42);
- The African Charter on the Rights and Welfare of the Child;
- the Convention on the Rights of the Child;
- the United Nations Convention against Transnational Organized Crime and
- The United Nations Convention Against Corruption.
The Tunisian telecom regulator, Instance Nationale des Télécommunications (INT), estimates that internet penetration rates have reached 32% for broadband (950,000 subscriptions) and 71% for mobile data (8 million subscriptions) in July of 2018.
Four internet service providers (ISPs) share the market of telephony and mobile internet: Ooredoo Tunisie (43% of market share), Orange Tunisie (31%), Tunisie Télécom (26%) and Lycamobile.
Seven ISPs share the fixed broadband market: Topnet (58%), Globalnet (16%), Orange Internet (12%), Hexabyte (8%), Ooredoo Internet (3%), FSI Publics (2%), and Tunisie Télécom (1%).
A large corpus of laws and amendments governs the telecommunications sector in Tunisia. Though no legislation addresses the intelligence sector per se, many do have privacy implications. These include:
- Law No. 67-29 on the Organisation of the Judiciary;
- Code of Criminal Procedures (1968);
- Law No. 88-145, Establishing the Centre for Studies and Research on Telecommunications (CERT);
- Decree No. 90-1195 Relating to the National Security Council;
- Law No. 92-117 Relative to the Protection of Consumers;
- Law No. 94-36 on Intellectual (Literary and Artistic) Property;
- Law No. 1998-38 on the Code of the Post;
- Law No. 2000-83 on Trade and Electronic Commerce;
- The Telecommunications Code (Law No. 2001-1);
- Decree 2001-2727 Establishing the Conditions and Procedures For the Use of the Means of Encryption Through Telecommunications Networks;
- Organic Law No. 2004-63 on the Protection of Personal Data;
- Decree No. 2005-3176, Amending Decree No. 89-238, Establishing the Higher Communication Council;
- Decree No. 2005-1894 Establishing the Electronic Administration Unit;
- Decree No. 2007-3003 Establishing the Operational Modalities of the National Authority For the Protection of Personal Data;
- Decree No. 2007-3004 Establishing the Conditions of, and Procedures of Reporting and Authorization For the Processing of Personal Data;
- Decree No 2011-116 Establishing the High Authority for Audiovisual Communication (HAICA);
- Decree-Law No. 2011-41 on the Access to Administrative Documents of Government Bodies;
- Decree No 2011-115 Relating to Freedom of the Press, Printing and Publishing;
- Chapters 1, 2, 6 General Report of the National Authority for the Reform of Information & Communication (2012);
- Article 23 of Organic Law No. 2012-23 on the High Independent Authority For the Elections;
- Decree No. 2012-2361, Laying Down the Specification for Telecommunications Service Providers;
- Article 2 of Organic Law No. 2013-53 on the Establishment of Transitional Justice and its Organization;
- Bill 2013-13 Amending and Supplementing Certain Provisions of the Code of Criminal Procedures;
- Decree No 2013-4506 Establishing the Technical Telecommunications Agency (ATT);
- Law No. 2013-10 Amending and Supplementing the Telecommunications Code;
- Article 14 of Organic Law No. 2013-43 on the National Authority for the Prevention of Torture;
- Order of the Minister of Information and Communications Technologies of 29 July 2013 Approving the Specifications Relating to the Exploitation of Public Internet Centers;
- Decree No. 2014-53 Amending and Supplementing Decree No. 2008- 3026 Laying Down the Terms and Conditions of Operating Public Telecommunications Networks and Access Networks;
- Decree No. 2014-4208 Creating the Agency of Intelligence and Security for the Defence (ARSD);
- Decree No. 2014-412 on the Conditions of Operating a Virtual Network of Telecommunications;
- Decree No. 2014-4773 on the Conditions for Granting Authorization for the Activity of Internet Service Provider;
- Government Decree No. 2015-1774 Establishing the Procurement Rules, Execution and Control of Contracts Related to the Specific Missions of the Technical Agency for Telecommunications (ATT);
- Law No. 2015-26 on the Fight Against Terrorism; and
- Law No. 2016-22 on the Right of Access to Information.
Intelligence and security agencies
The DSE, the largest intelligence agency under President Ben Ali was abolished immediately after the revolution in 2012. During the months that followed the end of the previous regime, the Minister of Interior, Farhat Rajhi, froze the activities of several intelligence services. The Directorate General of Anti-Terrorist Prevention (DPAT) and the Joint Committee For Intelligence and Border Control (CCRF) headed by the Central Directorate of General Intelligence (DCRG) were also disbanded.
The Tunisian interim government was quickly faced with a serious security crisis, having to strengthen its intelligence capabilities in the face of mounting jihadist attacks and security challenges, while also ensuring that past abuses would not be repeated.
By the spring of 2012, the government embarked on drafting plans for the creation of a new spy agency —the National Intelligence Agency (ANR), which would be devoted to the defense of national security.
By late November 2014, the government also set up a new military intelligence agency called Agence des Renseignements et de la Sécurité pour la Défense (ARSD) working under the authority of the Ministry of Defence. The new body replaces the old regime's military intelligence apparatus.
The same month, the Ministry of the Interior announced the creation of a central Strategic Planning Unit to drive a strategic reform plan aimed at the security sector. The Unit was created with the support of the British government. The Unit would work to improve “the Ministry’s efficiency and effectiveness, to manage risk, pre-emptively tackle security threats through forward planning, address key threats such as border security and terrorism, and improve security for all Tunisians.” The UK-funded plan was implemented by British security company Aktis Strategy.
In December 2014, the government of then-Prime Minister Mehdi Jomaa decided to consolidate the intelligence structure in an effort to coordinate the fight against jihadism and organized crime, bringing together the Interior, Defence, Justice and Foreign Affairs under two “poles”: the Pôle sécuritaire (security unit) and Pôle Judiciaire (judicial unit).
In November 2015, a deadly blast ripped through a bus carrying security officers tasked with guarding the Tunisian President. A state of emergency was declared for a period of a month. A few days afterwards, Abderrahmen Ben Hadj, a former security official during the Ben Ali era, was appointed to lead “State Security,” raising fears of a return to the repressive practices of the past.
Plans for the creation of a national intelligence agency finally came to fruition in November 2016 with the official creation of the Centre National du Renseignement (CNR). The agency, still not operational at the time of publication of this report, will be headed by a director who’s appointed by the President of the Republic with strict controls by the Ministry of Interior and parliament.
In July 2017, NATO announced plans to create an "Intelligence Fusion Center" in Tunisia. According to media reports, the planned center will serve as an intelligence gathering outpost for the transatlantic alliance.
The Tunisian armed forces have historically been subordinated to civilian authority. They have provided a critical internal security function during the transitional period following the revolution. In recent years their role subsided in favor of the Ministry of Interior.
Internal security forces
The internal security forces under the authority of the Ministry of Interior include:
- the police, operating in urban areas;
- the National Guard, or gendarmerie, which operates in rural areas;
- the Judicial Police, the investigative arm of the judiciary and the security services;
- the Intervention Forces (SWAT forces); and
- the Presidential Guard Forces, whose duty is to protect the President and his family.
Under President Ben Ali’s rule, political opponents were placed under physical and electronic surveillance. 'Big Brother' had an
alias among Tunisians: “Ammar 404,” named for the error message all too common under Ben Ali when Tunisian internet users would attempt to connect to a censored website.
Dissident bloggers and activists were often arrested and forced to give away their passwords under the threat of arrest or torture. Through the mid-2000s, the regime reportedly used off-the-shelf spy solutions such as Postfix, a free, open-source mail management program, that helps scan email traffic.
Emails of political dissidents were routinely hacked or intercepted in transit using deep-packet inspection (DPI) technology —sometimes their content was tampered with. DPI infrastructure was provided to the Tunisian government by the American companies Blue Coat System and Netapp and by the German company Utimaco Gmbh.
Trovicor, a former subsidiary of Siemens AG and Nokia Siemens Network, a company headquartered in Munich, specializing in computer monitoring techniques, also provided the government with voice and data interception technologies. The company also provided Tunisia's phone companies with eavesdropping capabilities and maintained their technical ability to feed data to listening stations, one of which was Ben Ali's own presidential palace.
Another company, Sundby ETI A/S, a Denmark-based subsidiary of BAE Systems, supplied the government with mobile data interception technlogy. ETI’s flagship product (thought to be named “X-Stream”) is said to be capable of tracking users’ browsing habits and recording logs of emails.
In September 2013, Wikileaks published the “Spy Files”, a trove of documents from 92 global intelligence contractors. The documents appear to show evidence that tha thet German company ATIS Huer sold a surveillance system named Klarios to Ben Ali’s government. The system “integrate[d] lawful interception and monitoring.” It included “satellite monitoring, data retention and traffic monitoring.”
The monitoring of the Web was made easy by the very infrastructure of Tunisia’s data flow. The government channelled virtually all traffic through the National Internet Agency (ATI). Created by Ben Ali in 1996, was the principal national internet service provider that also acted as an internet exchange point and the official registrar and manager of national domain names.
Run by the Ministry of Communications, it served for over a decade as the epicenter of internet censorship and surveillance. After the revolution, the agency opened its doors and, under a new leadership, tried to change its mission to become a champion of technological innovation.
Surveillance oversight, checks and balances
The government announced the creation of the Technical Agency for Telecommunications (ATT), through Decree No. 2013-4506 in November 2013.
The ATT, which works under the supervision of the Ministry of Communication and Information Technologies, is the technical arm of the judicial branch. In practice, it conducts communications surveillance operations on behalf of the prosecution to collect electronic data that can later serve as evidence before the courts.
Due to the relative legal vacuum still surrounding the issue of privacy and the lack of a clear legal definition of cybercrime, in addition to the lack of transparency surrounding the agency’s work (Article 5 of the decree creating the ATT states that it is not open to public scrutiny) many in Tunisia have viewed the powers granted the agency with apprehension.
The government embarked in January 2014 in the drafting of a “cyber law” that could govern the work of the ATT. An oversight committee made up of government representatives appointed from the ministries of ICT, human rights and transitional justice, interior, national defense, and justice was later established pursuant to Decree 2014-2891 to supervise the work of the agency.
Security and intelligence operations
In the summer of 2015, a new piece of legislation was enacted by the parliament: Law No. 26 on the Fight Against Terrorism. The new law describes the legal framework for the interception and the monitoring of communications as part of criminal investigations relating to a terrorist threat.
Lawful surveillance is subject to the oversight and authority of the judicial branch. It must be warranted by a judicial order issued by either an Investigative Judge or the Prosecutor of the Republic. The order must identify the specific types of communications subject to interception and/or monitoring for a period that cannot exceed four months every time it is granted, and that can only be renewed once.
As part of its investigative prerogatives, the ATT is allowed to collect personal data from the servers of telecom operators and internet service providers. The law requires investigators, however, to keep a written record of their surveillance operation at all times.
Government agents and officials are subject to up to one-year in prison if they conduct surveillance without prior judicial authorization.
The new law also set up the National Commission to Fight Terrorism, an anti-terrorist standing committee tasked with leading the anti-terrorism effort. Privacy advocates have, however, strongly denounced "the vast powers the law has granted security forces." They identified a number of provisions within the law that, they say, may open the door for abuse. For example, the new legislation provides wide-ranging immunity to investigators. It provides vast discretionary powers to the police. It challenges, in the name of vague concepts like “national security” and “public order”, many of the achievements brought about by the 2014 Constitution and the data protection law—in particular, it threatens the right to privacy by making surveillance, especially the use of techniques like wiretapping, administratively simple. It also sidelines the data protection authority, INPDP, which was not made party to the anti-terrorist standing committee.
The International Commission of Jurists has denounced the anti-terrorism legislation because of its infringements on the right to privacy.
Faced with mounting opposition, Tunisia’s Justice Minister finally announced in May 2018 plans to review the anti-terrorism and anti-money laundering laws “in line with domestic and international legislation.”
Safeguards regarding service providers
The Instance Nationale des Télécommunications (INT) is the telecommunications regulator. The authority was created pursuant to Article 63 of the Telecommunications Code enacted in 2001.
The INT is involved in promoting the development of the sector. It adjudicates competition matters between market players. In addition, the INT is endowed with law enforcement powers. It investigates telecommunications operators and monitors their compliance with the law in terms of quality and safety of service.
However, many of INT’s injunctions against offending operators have remained unanswered, raising serious questions about the authority’s ability to enforce its decisions.
Surveillance case law
We are not aware of any specific examples of surveillance case law in Tunisia. Please send any tips or information to: firstname.lastname@example.org
Examples of surveillance
Under the government of President Ben Ali, multiple examples of surveillance of citizens were reported. Bloggers and activists were arrested and detained and requested to disclose their email and social media account passwords. Diplomatic cables from the US embassy in Tunisia released by WikiLeaks in September 2011 seem to have documented surveillance of activists who had been trying to reach out to foreign diplomats for help. One cable condemned “a culture of paranoia about dealing with foreign governments” originating from the Ministry of Interior.
Other cables describe the surveillance of election observers during the 2009 national elections and that of human rights groups.
After the revolution, in May 2016, the government announced the installation of over 1,000 surveillance cameras in 300 “electronic checkpoints” all across the capital city, Tunis, and in “sensitive” governorates across the country in Kasserine, Kef, Jendouba and Sidi Bouzid. Little is known of any oversight mechanism regarding this measure.
Data protection laws
The National Authority for Personal Data Protection (INPDP) was created in 2004 pursuant to Law No. 63 which established the personal data protection regime. In 2007, Decree No. 3003 defined its organization and functioning.
A draft law on the protection of personal data designed to replace Law No. 63 was finally approved in March 2018 and came into force on May 25, 2018. The new law is intended to bring the Tunisian legislation in line with Convention 108 of the Council of Europe for the Protection of Individuals with regard to the Automatic Processing of Personal Data to which Tunisia is party.
It requires private data controllers to apply for authorisation from the INPDP prior to processing personal data or transferring it abroad. The INPDP is also mandated to investigate privacy violations and to report those violations to the government. It can also bring violators before the courts.
The new law, which introduces new definitions and expands the scope of the protection of personal data, has encountered criticism from advocates of a broader right of access to information. Shortly after the adoption of the law, members of the Tunisian Access to Information Commission stated that the law represented "a serious regression of the right of access to information ... and a violation of the transparency and accountability principles concerning the management of public facilities."
In early 2018, the decision by the Truth and Dignity Commission (IVD), an independent body tasked with investigation and adjudication of human rights violations committed by the Tunisian State since 1955, to launch a call for tenders for the creation of a web platform for the storage and archiving of its video files, raised the alarm among civil society groups who pointed to the risks that this decision may represent for "the privacy of the witnesses,” and “for the country's digital sovereignty” if a foreign company is retained.
The trove of video files amounts to an estimated 80,000 gigabytes documenting over 40,000 hearings carried out by the IVD since June of 2014.
At the time of publication of this report it was unclear whether the IVD had pursued its public tender process.
In November 2017, Mr. Chawki Gaddes, President of the INPDP, launched a lawsuit against OVH Tunisie, subsidiary of the company OVH, a French cloud computing company.
Mr. Gaddes declared that OVH Tunisie had violated the Tunisian data protection law by committing “three offenses punishable by a prison sentence.”
The first, according to Mr. Gaddes, is related to the very nationality of the CEO of the company, a French national. Which is contrary to Art. 22 of Law No. 63 that requires that the person be of Tunisian nationality.
The second offense concerns the non-disclosure of the location where the data of the company’s Tunisian customers is stored. "OVH Tunisia has not informed its customers of the storage location of their data and has not obtained their consent," said Mr. Gaddes to news website Tunisie Haut Débit.
The final offense is related to the transfer of data from Tunisian customers abroad without requesting authorization from the INPDP in violation of Art. 52 of Law No. 63.
OVH Tunisie and its legal representative risks up to one year in prison and a fine of 5,000 dinars ($ 1,700).
At the time of publication it was not clear what the lawsuit has resulted in.
Freedom of information
Under President Ben Ali, there was no legal framework to guarantee freedom of information. It took the revolution for laws restricting both freedom of expression and information to be abrogated and for a new culture of accountability and transparency to emerge.
Decree-Law No. 41 on the Access to Administrative Documents of Government Bodies was issued only a few months after the toppling of the old regime. It came into effect on 26 May 2011
Under the new law, citizens were able to access “all documents produced or received by government agencies as part of their public service duty, whatever the date of the said documents, their form or medium.” The government followed up one year later with a directive (No. 25) calling on all government institutions and agencies to grant citizens access to publicly held information. The directive defined the scope of administrative information that the government must make public if requested.
As early as November 2011, the restrictive Press Code in force under the previous government was abrogated. Decree No 2011-115 Relating to Freedom of the Press, Printing and Publishing was enacted reaffirming the right of access to information and granting journalists explicit protections with regards to their sources.
A new constitution adopted in January 2014 stated in its Article 32 that "The state guarantees the right to information and the right of access to information and communication networks.” After much debate, Law No. 2016-22 on the Right of Access to Information was finally adopted by parliament in March 2016. An independent authority to oversee the proper implementation of the law, the Instance Nationale d’Accès à l'Information (INAI), headed by Mr. Imed Hazgui, was established in September 2017.
Public institutions subject to the law include the Presidency, the Prime Minister’s office, the judiciary, the parliament, local and regional governorates, as well as all publicly-funded organisations, including NGOs that receive state subsidies.
Requirements that requesters provide their ID number were dropped, as were requirements that requests for information be justified. The onus is on the state to justify a refusal to disclose publicly-held information. Requesting information is free of charge.
Limitations on the right to access information are fairly limited but remain open to interpretation. According to Article 24:
“The relevant body shall not refuse access to information unless such access could damage the public security or the national defense or International related relations or Rights of others in protecting their private life and personal data and their intellectual property rights.”
These limitations are not absolute, however. The law underlines the fact that exemptions shall be subject to a “prejudice test”: the damage that can be caused by the disclosure of the information “shall be submitted to the evaluation of the general public” before providing or refusing the access. Also taken into account is “the proportionality between the interests to be protected and the purpose of the request.”
Consumer protection Consumer protection law in Tunisia dates back to 1992. Law No. 63 (2004) establishing the data protection authority, INPDP, has offered a legal framework for ensuring that the processing of consumers’ personal data is in line with their fundamental rights. In a public statement, Chawki Gaddes, the head of the INPDP, laid out an assessment of the complaints received by his organisation. Most were related to “harassment through unsolicited SMS text messages”. The INPDP also identified a series of behaviors prejudicial to the privacy of consumers. For example, some banks published clients’ national ID numbers, which were consequently made available online and easily retrievable through popular web search engines. The INPDP also established that 92 % of respondents to market surveys were not given the opportunity to consent to, or otherwise reject the use of their personal data. Also, membership forms provided to clients often did not provide an option for consumers to decide on the fate of their personal data.
The INPDP also identified the widespread illegal practice of tying the provision of services and advantages by companies to a client’s acceptance of the processing of personal data or their use for purposes other than those for which they were collected. In another case, the INPDP found that the health data of patients was posted on the website of a private testing laboratory.
Human rights provisions
Article 128 of the Tunisian Constitution establishes the Human Rights Commission, an authority with investigative and law enforcement powers, responsible for making sure that the government as well as the private sector respect citizens’ fundamental rights, including the right to privacy.
Moreover, Organic Law No. 2013-53 on the Establishment of Transitional Justice stipulates that, even in the context of the right of access to information, the protection of privacy and the protection of the dignity of victims are paramount. It states:
"The revelation of the truth about violations is a right guaranteed by the law for all citizens, taking into account the interests and dignity of victims and without prejudice to the protection of personal data"
Finally, Article 14 of Organic Law No. 2013-43 on the National Authority for the Prevention of Torture protects whistleblowers who reveal serious human rights violations:
"While respecting legislation on the protection of personal data, no person can be prosecuted for having disclosed information or exposing secrets relating to the practice of torture or informing about its authors."
Data breaches: case law
We are not aware of any specific examples of case law related to data breaches in Tunisia. Please send any tips or information to: email@example.com
Examples of data breaches
We are not aware of any specific examples of data breaches in Tunisia. Please send any tips or information to: firstname.lastname@example.org
ID cards and databases
In December 2014, the Tunisian government revealed plans for the introduction of an electronic ID card and biometric passports by the end of 2016. The new biometric documents (containing each a photograph and scanned fingerprints) would gradually replace the current identity papers.
Laying the ground for the introduction of biometric ID, the government submitted a bill in 2016 to parliament to amend a 1993 law on national identification cards requiring citizens to carry biometric identification cards. The bill received a strong opposition from civil society groups who pointed to the absence of strong data protection safeguards and from the data protection agency, INPDP, who protested for not having been consulted over the bill.
Faced with growing opposition, the text was finally withdrawn in January 2018.
The High Independent Authority for the Elections (ISIE) is a constitutional body created in 2012. It is responsible for the monitoring of elections in Tunisia.
Election law (Organic Law No. 2012-23) stipulates in Article 23 that "It is forbidden to use personal data collected from the High Independent Authority for the Elections outside of the electoral process, in accordance with the legislation on the protection of personal data."
In 2014, the ISIE recommended the adoption of a system with a unique identifier (or IUC) for voters. The IUC identifier could draw data from a set of documents including the national ID card, the passport, the civil registration record. The ISIE made its recommendations as part of a final report on the parliamentary and presidential elections of 2014. The system was first introduced in hte municipal elections of October 2016.
This decision raised serious concerns among privacy advocates who denounced the legal vacuum surrounding the proposed system.
SIM card registration
Mobile phone customers in Tunisia are required to present documentary evidence to prove their identity upon purchase of a SIM card. Telecom operators keep records of customers’ data, including identities, dates of birth, postal addresses, and national identity numbers (CIN).
In March 2014, the government tightened the rules required for allocating SIM cards. Pursuant to that effort, in July 2014, the telecom regulator INT threatened operators who failed to comply with the regulations with sanctions. Orange Tunisia, in particular, was required to impose stricter rules in identifying its customers.
Policies and Sectoral Initiatives
The National Agency for Computer Security (ANSI) was created in 1999 pursuant to Decree 99-2768.
Its role is the controlling the nation's information systems and ensuring the implementation of a general security strategy. It does also conduct periodic audits of the systems.
ANSI also hosts "TunCERT", the emergency response team responsible for monitoring and supervising responses to cyber attacks. TunCERT also offers advice on how to prevent such attacks on vulnerable or sensitive infrastructure.
A draft law on cybercrime has been under development since 2014. The public had the opportunity to take a look at an early draft of the law when it was leaked to the media in the summer of 2014.
The leak raised concerns among freedom of expression and privacy advocates who saw in the vague provisions an open door for abuse. The draft included heavy prison sentences and hefty fines for the spreading of content “showing obscene acts and assaulting good morals,” or that which “incites to immorality.” The draft also seems to grant the government broad discretionary powers and unwarranted access to The government promised in late 2015 to submit the bill to public debate and to include civil society organisations before submitting the text to the parliament for adoption. The bill, however, remained dormant until May 2018 when it was announced that a revised draft was approved by the cabinet and that it had been referred to parliament for final review before adoption.
The Telecommunications Code, first enacted in 2001, details the conditions and procedures pertaining to the encryption of communications.
Under the Code, the unauthorized use of cryptography is punishable by up to 5 years in jail. Any use of such means requires a prior permission from the authorities. The Agence Nationale de Certification (ANC) is the authority that can grant such permissions.
Many freedom of expression and privacy advocates including members of the press have called for an amendment of the law that would decriminalize the use of encryption.
Licensing of industry
The end of the government’s monopoly over the telecom market dates back to 1997, with the signature of a convention with the World Trade Organization. This convention created a roadmap for the liberalization of the sector.
The Telecommunications Code was promulgated shortly afterwards, in 2001, and the National Telecommunications Authority (INT), the telecom regulator, was created.
In 2017, Tunisia ranked 99th among 176 other nations on the United Nations International Telecommunications Union’s ICT Development Index, a benchmarking tool based on 11 major information and communications technologies (ICT) indicators used to measure ICT performance in and between countries.
As early as 2005, a special unit attached to the Prime Minister's office was created to coordinate and spearhead efforts to develop an “electronic government” program to make more services available online and boost the government’s digital readiness.
After more than a decade, the results are somewhat mixed. According to the World Economic Forum's Networked Readiness Index, regarded as one of the most an authoritative indicators of the propensity of countries to exploit the opportunities offered by ICTs, most of the progress in Tunisia was achieved in terms of the affordability of the service (the cost of accessing ICTs). Much remains to be done, however, in terms of government usage (in 2018, the index ranks the country 58th out of 143 countries assessed), the political and regulatory environment and the infrastructure and digital content.
Health sector and e-health
The World Health Organization’s Global Observatory for eHealth, the latest report of which was published in 2015, identified a number of shortcomings when it comes to eHealth in Tunisia. These include the lack of a national health information system policy or strategy, the absence of systematic electronic health records, the lack of use of eLearning in health sciences, and the lack of governing rules in the use of big data in the health sector notably by the private sector.
In August 2016 a pilot e-Health program entitled “Yezzi!” (“Enough!”) was launched using text messages aimed at helping smokers quit. The program was developed in cooperation with the World Health Organisation and the International Telecommunication Union. Text messages were sent to participants upon request for information or help. They include tips on withdrawal procedures and interactive motivational messages. The phone-based system is being backed by mass-media campaigns.
Very little is known, however, about the precautions taken by the Ministry of Health, which is leading the project, to protect personal data. Very little is known either about the involvement, or lack thereof, of the INPDP in the project.
We are not aware of any specific examples of smart policing in Tunisia. Please send any tips or information to: email@example.com
We are not aware of any specific examples of privacy issues in transport in Tunisia. Please send any tips or information to: firstname.lastname@example.org
We are not aware of any specific examples of smart city issues in Tunisia. Please send any tips or information to: email@example.com
In December 2017, the Associated Press reported that Tunisia was establishing an electronic surveillance system along its 300-mile eastern border following attacks by jihadists believed to have received training in Libya. The project, funded by Germany and other European governments and managed by the U.S. government's Defense Threat Reduction Agency, is seeking “ways to prevent extremists and migrants from slipping across into the country and to halt the flow of migrants across the Mediterranean from Africa.” In addition, the U.S. Department of Defense is reportedly spending “$20 million on advanced, high-tech sensors and cameras” to bolster the border surveillance system.
We are not aware of any specific examples of privacy issues related to emergency response in Tunisia. Please send any tips or information to: firstname.lastname@example.org
Humanitarian and development programmes
We are not aware of any specific examples of privacy issues related to humanitarian and development programmes in Tunisia. Please send any tips or information to: email@example.com
We are not aware of any specific examples of privacy issues related to social media use in Tunisia. Please send any tips or information to: firstname.lastname@example.org