United Arab Emirates

Not Free
27
100
A Obstacles to Access 12 25
B Limits on Content 9 35
C Violations of User Rights 6 40
Last Year's Score & Status
29 100 Not Free
Scores are based on a scale of 0 (least free) to 100 (most free)

header1 Overview

Internet freedom in the United Arab Emirates (UAE) remains significantly restricted. Online censorship is rampant and the online media environment lacks diverse voices. During the coverage period, a Twitter account dedicated to raising awareness about the harsh treatment people experience in prisons was suspended. Social media users were arrested or fined for their social media posts, and one man received a 10-year prison sentence for a Facebook post in which he criticized the Jordanian royal family. Government surveillance of online activists and journalists remained problematic. Reports emerged that implicated the Emirati government in several “hack-and-leak” attacks targeting journalists and activists. Further reporting alleged that authorities used NSO group spyware to spy on dissidents and harass journalists who have criticized the government online.

The UAE is a federation of seven emirates led in practice by Abu Dhabi, the largest by area and the richest in natural resources. Limited elections are held for a federal advisory body, but political parties are banned, and all executive, legislative, and judicial authority ultimately rests with the seven hereditary rulers. The civil liberties of both citizens and noncitizens—the latter of which make up an overwhelming majority of the population—are subject to significant restrictions.

header2 Key Developments, June 1, 2020 - May 31, 2021

  • On December 7, 2020, Cyber Security Chief Mohamed al-Kuwaiti announced that the government was engaged in discussions to lift the ban on some Voice-over Internet Protocol (VoIP) services such as WhatsApp calls and FaceTime, Apple’s video chat product. Both WhatsApp calls and FaceTime remained blocked at the end of the reporting period (see A3).
  • On March 14, 2021, UAE Clubhouse users reported poor sound and quality issues when accessing the app. The government denied accusations that access to the app had been deliberately restricted (see B1).
  • On July 17, 2020, Twitter blocked the “Detained in Dubai” activist account, as well as the account of its founder Radha Stirling. Twitter provided no justification for the block (see B2).
  • In October 2020, a UAE court sentenced Jordanian resident Ahmed Etoum to 10 years in prision based on Facebook posts where Etoum criticized the Jordanian royal family (see C3).
  • In December 2020, Al Jazeera reported that 36 of their journalists were targeted in cyberattacks. The attackers, who originated in the UAE and Saudi Arabia, used spyware purchased from NSO Group (see C5, C7, and C8).
  • In February 2021, a UN official called on the UAE government to release human rights activists being held in prison, including prodemocracy blogger Nasser bin Ghaith and rights activist Ahmed Mansour, both of whom are serving 10-year sentences for their online activities. Reports indicated that their treatment in UAE prisons amounted to human rights abuses, including torture (see C7).

A Obstacles to Access

A1 1.00-6.00 pts0-6 pts
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? 6.006 6.006

The UAE is one of the world’s most connected countries.

According to the most recent data from the International Telecommunication Union (ITU), internet penetration stood at 97.85 percent.1 As of January 2021, there were 9.84 million internet users in the country, a 1.6 percent increase from the previous year.2 The UAE has one of the highest mobile phone penetration rates in the region; the ITU reported mobile penetration at 206.04 percent.3

The 2020 Global Innovation Index ranks the UAE first in the Arab region in terms of information and communication technologies (ICT) indicators, including access and use indicators. The UAE also ranked top in the Arab region in generic top-level domains and in country-code top-level domains (.ae), which measure the percentage of domain registrations globally.4

In May 2019, the mobile service provider Etisalat became the first in the Middle East and North Africa region to launch fifth-generation (5G) services. The operator has partnered with Chinese smartphone manufacturer ZTE to offer the service.5 A month later, the company Du launched their 5G service, also through a partnership with ZTE.6 Moreover, Etisalat has increased its broadband speeds, offering up to 1 gigabit per second (Gbps) for certain home plans and speeds of up to 600 megabits per second (Mbps)—up from 100 Mbps—for several business services.7 In September 2020, Etisalat announced that they began rolling out 5G services on fixed-line networks. The Telecommunications Regulatory Authority (TRA) said in a separate statement that it was allocating a new frequency band to expand the scope of the 5G network.8

Damage to undersea cables occasionally disrupts connectivity,9 though no incidents were reported during the coverage period. In December 2018, various telecommunications companies, including Etisalat, signed an agreement to create a new submarine cable system by 2021 linking South Africa, the Middle East, Pakistan, and Europe. One of the stations would be based in the emirate of Fujairah.10 In September 2019, Etisalat announced that the Asia-Africa-Europe-1 (AAE-1) undersea cable had come online, the largest global submarine cable system in the world and that connects Europe and East Asia. It was launched in partnership with Etisalat and 18 other global telecommunications companies. According to Etisalat, the AAE-1 enables the company to “diversify its sources of data and increase speeds it can offer business and general public customers” by diluting the stress on its existing network created by ever-exploding volumes of transmitted data.11

In March 2020, in light of the COVID-19 lockdown, the TRA announced that any homes without internet would be provided free internet data through individuals’ mobile phones to help increase access to online learning platforms for students.12 In October 2018, Gulf Business reported that 10,800 taxis in Dubai would offer free Wi-Fi as part of a phased project that began with 500 Dubai airport taxis in 2016.13 Authorities and the local press continued to warn against using free public Wi-Fi networks due to privacy concerns.14

In December 2020, the UAE became the first country in the region to release an additional 500 megahertz (MHz) of radio spectrum frequency to the total spectrum of approximately 11.5 gigahertz (GHz) already available for Wi-Fi. This development is expected to substantially increase the speed of indoor wireless networks in the UAE to meet the increasing day-to-day demand on wireless services by individuals and the business sector, and to accommodate technologies which require faster internet speeds.15

A2 1.00-3.00 pts0-3 pts
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? 1.001 3.003

While prices are among the highest in the region, broadband is affordable for most users given the country’s high per capita income.1

In May 2019, a survey found Dubai to be the most expensive city in the world for broadband costs.2 The latest 2020 annual survey by the UK telecommunications company Cable ranked the UAE 184th out of 211 countries for broadband affordability. The study found that the average cost of broadband in the UAE per month is 408.46 dirham ($111.19), nearly 30 percent more than the global average of $78.14.3

An Etisalat post-paid mobile plan with a 4 gigabyte (GB) data allowance and 100 local minutes4 costs 125 dirhams ($34) per month, while a prepaid plan with an allowance of 3.5 GB and 175 minutes costs 75 dirhams ($20.4) per week ($81.6 per month).5 In July 2019, the TRA required Etisalat and Du to discontinue their pay-per-use data plans “in order to protect the subscribers from excessive charges.”6 In 2017, the TRA directed mobile service providers to reduce rates for UAE residents roaming within the Gulf region, resulting in an average 18 percent drop in prices for consumers.7 Later that year, Etisalat announced a 5 percent value-added tax (VAT) on all products and services beginning in January 2018.8 In March 2019, based on input from consumers, the TRA lowered the cost of cancelling a mobile contract to one month’s rental fee; the previous cost was one month multiplied by the number of months left over.9 The policy went into effect in January 2020.10

Emirati schools are increasingly connected to the internet and equipped with e-learning facilities, and many offer tablets for student use.11 There are also programs for principals to enroll in international computer-literacy training programs.12 In October 2018, the government launched Madrasa, a free digital platform estimated to provide 50 million primary and secondary school students in the region with 5,000 instructional videos, all translated into Arabic, on topics including science and mathematics.13 Since April 2020, the Ministry of Education in partnership with Al Yah Satellite Communications Company (Yahsat) began collaborating to provide high-speed satellite broadband services to students and teachers at various locations where fixed broadband services were unavailable, in an effort to extend the reach of remote schooling initiatives amid the COVID-19 pandemic. Additionally, families who lacked internet connection were provided with free internet packages through Du and Etisalat to enable online learning.14

A3 1.00-6.00 pts0-6 pts
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? 3.003 6.006

No orders to shut down ICT networks were reported during the coverage period, though authorities restrict several communication platforms.

Many popular Voice-over Internet Protocol (VoIP) services are restricted over mobile connections. Etisalat and Du are the only companies licensed to provide paid VoIP services, while the free or inexpensive over-the-top (OTT) voice-call services provided by WhatsApp, Skype, and others are only accessible through fixed-line or Wi-Fi connections. In March 2020, the TRA allowed the use of Skype for Business, Google Hangouts, Blackboard, Microsoft Teams, and Zoom “to support distance learning and working from home,” stressing that this change was an exception that would be continued “until further notice.”1

On December 7, 2020, the government’s Cyber Security Chief Mohamed al-Kuwaiti announced that authorities were engaged in discussions to lift the ban on some VoIP services, such as WhatsApp calls and FaceTime. Al-Kuwaiti stated that there are regulations in place that WhatsApp “still need[ed] to adhere to and are currently working on.” Al-Kuwaiti did not confirm the nature of the regulations he referred to, but expressed his optimism some of the VoIP bans would be lifted in 2021. As of June 20201, WhatsApp and FaceTime remain blocked.2

In August 2018, users reported that Du had unblocked the voice-chat function within various online video games.3 WhatsApp’s voice feature was blocked shortly after it was introduced in 2015,4 as was a similar feature offered by Facebook.5 Viber has been banned since 2013, along with FaceTime.6 Apple agreed to sell its iPhone products to UAE mobile phone companies without the FaceTime app preinstalled, though it can be used on phones purchased outside the country.7 The VoIP feature for Discord, a chatting app used by gamers, was blocked in 2016.8

Seeking to improve connectivity within the country, Etisalat and Du have launched their own carrier-neutral international internet exchange points (IXPs), called SmartHub and Datamena, respectively.9 Etisalat maintains a nationwide fiber-optic backbone. In 2015, the company selected TeliaSonera International Carrier (TSIC) as its preferred global internet backbone provider.10

A4 1.00-6.00 pts0-6 pts
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? 2.002 6.006

Internet service providers (ISPs) in the UAE are either fully or partially owned by the state, allowing authorities to exert control over the flow of information.

The country’s two largest mobile service providers, Etisalat and Du, are both controlled by the state. The government maintains a 60 percent stake in Etisalat through its ownership in the Emirates Investment Company,1 while a majority of Du is owned by various state companies.2 Du pays a percentage of its profits and revenue as a dividend to the government, which owns 39.5 percent of the company through its sovereign wealth fund, the Emirates Investment Authority.3 In 2015, the government announced a decision to allow up to 20 percent of Etisalat shares to be held by foreign investors.4

In 2017, the Emirates Integrated Telecommunications Company (EITC), one of the companies that owns Du, launched a new mobile service provider under the Virgin Mobile brand. Due to the EITC’s ownership of Du, the new provider was not required to obtain a separate license.5

In April 2018, Etisalat announced “the first global cybersecurity alliance” with Singapore's Singtel, Japan's Softbank, and Spanish blue-chip firm Telefonica.6 In March 2019, the American tech giant AT&T joined the alliance.7 The five companies formed the Telco Security Alliance (TSA), which collaborates at all levels to produce cutting edge security services and technologies and share network intelligence on cyberthreats. In September 2019, Etisalat Group announced that it had acquired full ownership of Help AG’s businesses in the UAE and Saudi Arabia, a cybersecurity company in the Middle East and North Africa. Etisalat said that the acquisition would allow them to diversify their “digital portfolio” and “accelerate the growth of Etisalat’s existing cyber security activities.”8

A5 1.00-4.00 pts0-4 pts
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? 0.000 4.004

Regulatory bodies frequently fail to operate in a free and fair manner.

The TRA oversees service providers and makes executive decisions regarding monitoring, filtering, and banning services and websites, without any oversight or transparency. Providers must follow the laws and regulations set by the TRA, which was established in 2003 to manage “every aspect of the telecommunications and information technology industries in the UAE.” Its objectives include ensuring quality of service and adherence to terms of licenses by licensees, encouraging telecommunications and information technology (IT) services’ expansion within the UAE, resolving disputes between the licensed service providers, establishing and implementing a regulatory and policy framework, and promoting new technologies.1

The TRA’s current chairperson is Major General Talal Hamid Belhoul, who was also appointed director general of the State Security Department in Dubai in 2017.2 The current director of the TRA, appointed in 2015, is Hamad al-Mansoori.3

B Limits on Content

B1 1.00-6.00 pts0-6 pts
Does the state block or filter, or compel service providers to block or filter, internet content, particularly material that is protected by international human rights standards? 1.001 6.006

While ISPs are required by the TRA to block content related to terrorism, pornography, gambling, and political speech that threatens the ruling order (see B3), in practice authorities also commonly block websites that criticize the government or address social taboos.

Beginning in 2017, blocking emerged as a political tool through which authorities sought to isolate Qatar, which Bahrain, Egypt, Saudi Arabia, and the UAE had accused of supporting “terrorist” groups, notably the banned Muslim Brotherhood. In 2017, authorities blocked several Qatari media sites amid this dispute, including Al Jazeera Live.1 Despite officially ending the dispute with Qatar in January 2021, a number of Qatari websites, including Al Jazeera, remained blocked at the end of the coverage period.2

The TRA reported that it had blocked 3,934 websites in 2020. Using automatic filtering systems, 64.04 percent were blocked for pornography, 13.57 percent for fraud and phishing, and 8.19 percent for bypassing blocked content. The report also mentions two unnamed websites, which were blocked upon judicial order. In 2020, the TRA blocked 27 websites categorized as “offenses against the UAE and public order.”3

The audio-only platform Clubhouse became popular in the UAE during the coverage period. On March 14, 2021, local media reported that UAE users had experienced poor sound and quality issues when accessing the app. While UAE regulators maintain that the app is not blocked, the sound disruptions could be a result of authorities attempting to restrict accessibility to the platform.4

In March 2019, the government blocked the newly established news site Al-Estiklal, which hosts content that is critical of several regimes in the region.5 Al-Estiklal was still blocked at the end of the reporting period. In April 2019, a blogger reported that the citizen media platform Global Voices was apparently blocked by Etisalat.6 As of June 2020, the website appeared to be accessible.

Many other sites critical of the government have been blocked, including the UK-based, English-language news site Middle East Eye, which was blocked in 2015 after it published articles exposing the country’s harsh surveillance practices and poor human rights record.7 The New Arab, which is based in the United Kingdom and funded by a Qatari businessman, was blocked in 2015 without explanation.8 Also in 2015, authorities blocked Arabic-language sites run by news agencies in Iran, such as Al-Alam TV, over allegations that they disseminated anti-government propaganda.9 As of June 2021, it appears all these sites are now accessible.

The Beirut-based Gulf Center for Human Rights is blocked,10 as is the LGBT+ sports news site Outsports.11 In July 2018, Canadian digital rights organization Citizen Lab reported that the website of the International Lesbian, Gay, Bisexual, Trans, and Intersex Association (ILGA) was blocked in the UAE, using internet filtering technology produced by the Canadian company Netsweeper.12

As of June 2021, several political blogs,13 a number of atheist and secular websites,14 at least one site disseminating news on Emirati political detainees and prison conditions,15 and sites related to the Muslim Brotherhood and regional nongovernmental organizations (NGOs) were blocked.16 The website of the Islamic Human Rights Commission (IHRC) was also blocked.17 In the past, internet users have reported the blocking of social media content related to political detainees,18 as well as Archive.today, a tool that retains URLs that might be modified or removed from the internet.19

Citizens use social media platforms to report blocked content and platforms, sometimes addressing their questions to the two main service providers. In December 2019, users on Twitter reported that the streaming service Spotify was blocked by Du,20 as well as the subscription-based content service OnlyFans21 and the VoIP service TeamSpeak.22 In response to an online inquiry, Du confirmed that TeamSpeak was blocked, like all other VoIP services.23

According to a 2013 Citizen Lab Report, ISPs use advanced tools such as SmartFilter, Netsweeper, and Blue Coat ProxySG to censor content.24 The organization has also documented websites that are blocked in the UAE because both SmartFilter (used by Etisalat) and NetSweeper (used by Du) have miscategorized them as pornographic.25 Citizen Lab again confirmed the use of NetSweeper in an April 2018 report.26

B2 1.00-4.00 pts0-4 pts
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content, particularly material that is protected by international human rights standards? 1.001 4.004

The TRA censors selected content on platforms such as YouTube, Facebook, and Twitter, according to local users.

Facebook occasionally receives government requests to remove content, reporting that it received 13 content removal requests from the UAE in 2020,1 and 11 removal requests—1 for a page and 10 for posts—in 2019. Facebook explained in their transparency report that the removed items contained “allegations of the UAE’s interference in Algeria’s internal affairs.” The content was reported to Facebook by the TRA.2

In 2020, Google received seven content removal requests from the UAE, categorized as fraud, impersonation, obscenity, privacy, and security. Five of the requests were submitted by the TRA, one by a UAE official, and one by a court order directed at a third party.3 In 2019, Google reported receiving 50 removal requests from the UAE regarding copyright, most of which fell under “trademark” issues.4 Twitter reported 197 content removal requests from the UAE government in the first half of 2020, 98 percent of which Twitter complied with.5

On July 17, 2020, Twitter blocked the personal account of “Detained in Dubai,” a UK-based group which reports on detention issues in Dubai. The account of its founder, Radha Stirling, was also blocked. Twitter provided no justification for its actions,6 and a statement released on the Detained in Dubai website in February 2021 claimed that Twitter had suspended Stirling’s account and other accounts run by the organization without warning. The statement also noted that Stirling was the person Princess Latifa Al Maktoum (the daughter of Dubai’s ruler Sheikh Mohammed) reached out to during her attempt escape from Dubai in 2018. Whether the suspension of the accounts is related to the group’s reporting on the Princess Latifa’s incident is unclear.7

Late in 2019, the video-chat ToTok app became popular in the country, and later around the world. The app was not blocked by local VoIP rules, and later was found out to be an Emirati app meant to spy on all conversations and messages among users, prompting its removal from the Apple and Google app stores (see C5).8

B3 1.00-4.00 pts0-4 pts
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? 1.001 4.004

Score Change: The score declined from 2 to 1 due to the TRA’s lack of transparency around decisions to block websites and remove online content.

Restrictions on digital content lack proportionality and fairness. The TRA instructs ISPs to block content related to terrorism, pornography, gambling, and political speech considered threatening to the ruling order.

In April 2021, when Clubhouse users experienced connectivity, sound, and bandwidth issues on the app, the TRA failed to provide any justification for the issues (see B1).1 Authorities from the TRA also made no comment about the February suspension of the “Detained in Dubai” Twitter account (see B2).2

Using banned VoIP services through a virtual private network (VPN) is punishable under a law that bars the use of VPNs to commit a crime, as well as cybercrime and telecommunications regulatory laws.3 Convictions under cybercrime laws can lead to a fine of between 500,000 ($136,100) and 2 million dirhams ($544,400), jail time, or both. 4

Du details the criteria it uses to block sites in a document available on its website. Prohibited content includes information related to circumvention tools, the promotion of criminal activities, the sale or promotion of illegal drugs, dating networks, pornography, LGBT+ content, gambling sites, unlicensed VoIP services, terrorist content, and material that is offensive to religion.5 Etisalat has not made a similar list available, although the company invites users to request the blocking or unblocking of sites.6 Du also allows users to send unblocking requests to a designated email address and blocking requests through an online form.7 However, neither company provides information on whether sites have been unblocked as a result of requests.8 Twitter users sometimes monitor when sites are blocked to combat the lack of transparency,9 but the TRA has also called on social media users to help report “suspicious” content for blocking.

Online content is often removed without transparency or judicial oversight. Under the cybercrime law, intermediaries, such as domain hosts or administrators, are liable if their websites are used to “prompt riot, hatred, racism, sectarianism, or damage the national unity or social peace or prejudice the public order and public morals.”10 Website owners and employees may also be held liable for defamatory material on their sites.11 Regulations instituted in October 2018 require social media influencers to identify content defined as advertisements (see B6) and allow the National Media Council to remove content that violates their guidelines.12

B4 1.00-4.00 pts0-4 pts
Do online journalists, commentators, and ordinary users practice self-censorship? 0.000 4.004

Self-censorship online has worsened in recent years due to the risks of legal action or harassment in retaliation for online activities, as well as high levels of surveillance.

Virtually nobody within the country speaks out on political and other sensitive issues.1 Local news sites, many of which are owned by the state, exercise self-censorship in accordance with government regulations and unofficial red lines. Overall press freedom is poor, and foreign journalists and scholars are often denied entry or deported for expressing their views on political topics, further chilling the environment for online expression.2

The United Arab Emirates has an advanced surveillance system, which includes all online modes as well as real life monitoring of public spaces (see C5). Media outlets in the country are either owned by the state or must abide by its image and rules in order to operate. The constitution emphasizes that freedom of expression is limited. Cases of blocking content as well as persecuting journalists are rarely handled with transparency. The judicial system plays no role in balancing powers and protecting users’ rights. With the cybercrime law and latest regulations for social media, there is no room for expression that can go without potential state retaliation, leading users to self-censor their online content.

B5 1.00-4.00 pts0-4 pts
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? 1.001 4.004

The government has allegedly manipulated the online information landscape to advance its interests.

In 2014, the government spent more than $12 million on public relations firms, which some observers suspect had been deployed to counter allegations of human rights abuses online.1 A large number of anonymously operated Twitter accounts appear dedicated to harassing and intimidating political dissidents and their families online.

Following the UAE’s decision to normalize relations with Israel, pro-Israel commentary was seen online, at times prompted by Emerati officials. In May 2021, the UAE government had reportedly licensed Emirati social media influencers to praise Israeli’s attack on the al Aqsa Mosque during a crackdown on Palestinian worshippers earlier in May.2

Government authorities frequently issue warnings to internet users about what content is considered unacceptable to post on social media. During the reporting period, a group of tourists were deported after posting photos that contained nudity to social media while on vacation in Dubai (see C3). Following the incident, the Dubai police issued an official warning against posting content that does not “reflect the values and ethics of Emirati society.”3

In September 2019, Twitter announced that it took down approximately 4,525 accounts linked to Saudi Arabia, the United Arab Emirates, and Egypt. It was found that 4,248 of these accounts were operating from the UAE. Twitter claimed all the accounts promoted “political spam.”4 In April 2020, Twitter took down a pro–United Arab Emirates network of roughly 9,000 accounts that spread propaganda about the coronavirus pandemic and criticized Turkey’s military intervention in Libya. The network had been tied to marketing firms in the region, and parts of this network had already been removed by Facebook and Twitter in 2019.5

In an article published in July 2019 by Al Jazeera, experts pointed to thousands of bot accounts attempting to influence views on the Qatar blockade crisis by spreading fake news, retweeting officials, and amplifying hashtags. While the source of these accounts is unclear, reports claim that prominent social media influencers in Saudi Arabia and the UAE posted on Twitter about bot-created subjects, which was then picked up by real people.6

B6 1.00-3.00 pts0-3 pts
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? 1.001 3.003

Authorities impose economic and regulatory constraints that limit the ability of antigovernment websites to produce content online. For example, the government reportedly pressured the Dubai-based advertising agency Echo to end its advertising contract with the US-based news outlet Watan.1

The National Media Council (NMC) is the federal government body entrusted to oversee media affairs, including licensing and regulating all printed, published, and broadcast media content in the country. The NMC is also responsible for developing the UAE’s media strategy and drafting legislation, and traditional media, such as newspapers and magazines, and digital media platforms fall under its authority.2

In March 2018, the state media oversight body, the National Media Council (NMC), announced new regulations for electronic media that would govern “all online activities, including e-commerce; publishing and selling of print, video, and audio material; as well as advertising.”3

Since May 2018, social media influencers who engage in commercial activities or promote products must apply for licenses, which are awarded based on a number of qualifications, such as age, criminal record, good reputation, and a university degree.45 In June 2019, more than 1,000 people had reportedly been granted licenses to operate as social media influencers in the UAE since the new regulation came into effect.6 The National Media council warned social media influencers that not obtaining a license would result in a 5,000 dirham ($1,361) fine. An official stated they “have a team dedicated to monitoring illegal activities on social media and other online platforms.”7

In October 2018, the council issued 19 rules for advertising, stating that “advertisements must be identified on social media clearly.” The rules also include “showing respect for the UAE’s systems and policies at an internal level and its relations with other countries, avoiding images that harm public morality, respecting intellectual property rights and a ban on tobacco advertising of any kind.” Violators could be subject to a 5,000 dirham ($1,361) fine, with additional fees if the fine is not paid within five days. Repeat violations could lead to fines of up to 20,000 dirhams ($5,444).8

B7 1.00-4.00 pts0-4 pts
Does the online information landscape lack diversity and reliability? 1.001 4.004

The blocking of antigovernment and other sensitive content (see B1) and the criminalization of VPNs limit the diversity of the online information landscape. There is virtually no space for independent media online and many local news sites and bloggers self-censor, further reducing the diversity of viewpoints online (see B4).

According to Northwestern University in Qatar’s 2018 Media Use in the Middle East survey, 71 percent of UAE nationals accessed news online.1 However, many international news websites such as Al Jazeera are blocked, limiting the diversity of content available online (see B1).

Many media outlets are directly or indirectly linked to government-owned umbrella groups.2 Traditional and online news appears in both Arabic and English, including the privately owned Al Khaleej and Gulf News websites.3

B8 1.00-6.00 pts0-6 pts
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? 3.003 6.006

Some Emiratis push back against government repression through online activism, but the repressive legal and regulatory environment limits their effectiveness. In the past, families of political prisoners frequently relied on Twitter to speak on behalf of detainees, document allegations of torture, and call for their release. However, the practice has become less frequent in recent years due to escalating arrests and prosecutions. With widespread arrests, intimidation, surveillance, and retaliation that users face for speaking out online, the only voices critical of the regime today are based abroad.

In response to the 2017 blocking of Skype, a user initiated an online petition to unblock it, which received thousands of signatures. The TRA responded by blocking Change.org, the platform on which the petition was posted.1 Laws prohibit calling for, promoting, and collecting donations online without obtaining prior permission and licensing from authorities.2

C Violations of User Rights

C1 1.00-6.00 pts0-6 pts
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? 0.000 6.006

Article 30 of the constitution states that freedom of opinion “shall be guaranteed within the limits of law.” However, many laws can effectively limit free speech online, and these rights are not respected in practice.1 Under a 1980 law, authorities can “censor local or foreign publications if they criticize domestic policies, the economy, the ruling families, religion, or the UAE’s relations with its allies.”2

The judiciary enjoys no independence in the UAE and is significantly influenced by the executive.3 Judicial bodies, judges, and lawyers have no public profiles, and are especially not able to criticize the state. The only lawyer to represent political detainees, Mohammed al-Roken, continues to serve a prison sentence for his work.4 Smear campaigns against dissidents go without investigation. Online journalists and bloggers are not allowed anonymity and are required to register for permits, as per the social media law. With the cybercrime law and hate crimes law, the regime has stifled freedom of expression in the country.

During the COVID-19 pandemic, in April 2020, the government issued a fine of up to 20,000 dirhams ($5,444) if people share medical information—including online—about the coronavirus that contradicts official statements.5

C2 1.00-4.00 pts0-4 pts
Are there laws that assign criminal penalties or civil liability for online activities, particularly those that are protected under international human rights standards? 0.000 4.004

There are a number of laws that assign criminal penalties for online activities. Since a series of regional mass uprisings in 2011, the UAE has followed countries of the Gulf Cooperation Council (GCC) in passing legislation to criminalize criticism of authorities online.1

The cybercrime law criminalizes a wide range of legitimate online activities. Hefty fines and jail sentences can be handed down for gambling online, disseminating pornographic material, or sharing content that is perceived to violate another person’s privacy.2 The cybercrime law also criminalizes offending the state and its rulers or symbols, and insulting religion. Calls to change the system of government are punishable by life imprisonment. Authorities have repeatedly warned foreign nationals that they must also follow the country’s restrictive laws.3 In 2017, the government expanded the cybercrime law to criminalize “sympathy for Qatar,” which can be punished with a 15-year prison sentence and a fine.4

In August 2018, the president amended three articles in the cybercrime law. Changes to Article 26 stipulate harsher penalties for enabling communication between terrorist groups or any other “unauthorized group.” The broadly worded amendment provides for 10 to 25 years of imprisonment and a fine between 2 million ($544,000) and 4 million dirhams ($1.1 million). It also prescribes up to five years in prison and a fine between 500,000 ($136,100) and 1 million dirhams ($272,000) for inciting hatred. The other two amendments are related to incitement, endangering national security and state interests (Article 28), and deporting foreigners (Article 42).5 In June 2019, the TRA announced that cybercrime laws and regulations would "soon be enhanced to combat the ever-growing threat of cybercrimes," as part of the new National Cybersecurity Strategy that was to be implemented across nine sectors.6

In October 2020, the Federal Public Prosecution updated Federal Law No. 5 (2020) to combat cybercrimes, including by further penalizing online activities; specifically, citizens can face imprisonment and fines of up to 500,000 dirhams ($136,100) if they carry out “cybercrimes” or make “defamatory comments” online.7

In January 2019, an official from the Interior Ministry listed ten types of social media activities considered illegal under the cybercrime law: defaming or disrespecting others, violating privacy, filming people or places and posting these videos without permission, spreading fake news and rumors, manipulating personal information, blackmail and threats, establishing websites or accounts that violate local regulations, inciting immoral acts, posting work-related confidential information, and establishing or managing websites or accounts to coordinate with terrorist groups.8

Broadly worded provisions of a 2015 hate speech law, which criminalize insults to “God, his prophets or apostles or holy books or houses of worship or graveyards,” open individuals up to criminal charges for expressing nonviolent opinions on religion. Penalties under the law range from prison terms between six months and 10 years and fines between 50,000 ($13,610) and 2 million dirhams ($544,000).9 Furthermore, while the law bans discrimination on the basis of “religion, caste, doctrine, race, color, or ethnic origin,” it does not protect those persecuted on the basis of gender or sexuality.10 The law specifically covers online and offline speech.

Terrorism offenses are punishable by life imprisonment, fines of up to 100 million dirhams ($27.2 million), and execution.11 Under the law, citizens may be charged with such broad crimes as undermining national unity, possessing materials counter to the state’s notion of Islam, and “publicly declaring one’s animosity or lack of allegiance to the state or the regime.”12

Articles 8 and 176 of the penal code are used to punish public “insults” against the country’s top officials and calls for political reform.13 Articles 70 and 71 of a 1980 publishing law prohibit criticism of the head of state, Islam, or any other religion.14 In 2016, Dubai police reiterated that posting pictures of others without permission can lead to six months in jail and a fine between 150,000 ($40,800) and 500,000 dirhams ($136,100).15

C3 1.00-6.00 pts0-6 pts
Are individuals penalized for online activities, particularly those that are protected under international human rights standards? 1.001 6.006

Score Change: The score declined from 2 to 1 because a 10-year prison sentence was given to a Jordanian man for a Facebook post in which he criticized the Jordanian royal family.

The government routinely jails individuals for posting political, social, or religious opinions online, and long prison sentences have been handed out on such charges in recent years. Online activists face arbitrary detention. Arrests for online activity continued throughout the reporting period.

In October 2020, a court sentenced Ahmed Etoum, a Jordanian citizen living in the UAE, to 10 years in prison based on his Facebook posts criticizing the Jordanian royal family and government. The court convicted Etoum of using Facebook to commit “acts against a foreign state” that could “damage political relations” with that state and “endanger national security” inside the UAE.1

In December 2018, a court rejected activist Ahmed Mansour’s final appeal of a 10-year prison sentence and 1 million–dirham ($272,200) fine. Reports also suggested that he would be subject to three years of surveillance after his release.2 He was sentenced in May 2018 on cybercrime charges following a series of closed proceedings3 and has been in detention since his 2017 arrest for “spreading sectarianism and hatred on social media,”4 after calling on Twitter for the release of human rights activist Osama al-Najjar.5 During his arrest, 12 security officers searched Mansour’s house for electronic devices, confiscating laptops and cell phones belonging to him and his family members.6 Activists said he was held in solitary confinement, and was not given access to a lawyer during his trial.7

Nasser bin Ghaith—a human rights activist and former lecturer at the Abu Dhabi branch of the Paris-Sorbonne University— was sentenced to 10 years in prison in 2017 after being convicted on a range of charges primarily related to his nonviolent speech published online.8

In February 2021, a woman was ordered to pay 20,000 dirhams ($5,444) as a compensation to a couple for positing “derogatory comments” about them on social media. UAE prosecutors charged the woman with violating the cybercrime law and defaming the couple.9

In April 2021, Dubai authorities deported 13 tourists—12 Ukrainian woman and a Russian man—for posting a picture on social media where they appear nude on one of the balconies of the Dubai marina. The tourists were accused of indecency and spreading debauchery, offenses carrying a penalty of up to six months and a fine of 5,000 dirhams ($1,361).10

In April 2020, three men were arrested in separate incidents for “mocking stay-at-home and movement restrictions”; their pictures were published in the press. Authorities said they were notified that their images would be published as part of a “name and shame” initiative started by the Dubai Police,11 used by authorities to punish those who mock the “stay home, stay safe” campaigns to combat the spread of COVID-19 by identifying and shaming violators through various online media.12 In the same month, Tariq Mehyyas, an Emirati member of the media, was arrested under hate crime charges for posting racist comments in a video targeting South Asian residents of the UAE.13

In March 2020, an American woman, who was arrested for insulting her former boyfriend over email, was released after a month in detention on cybercrime charges. The UAE cybercrime law criminalizes insulting others in any electronic format (see C2).14

In May 2019, a man was arrested in Dubai for filming and posting a viral video of a dispute between a hotel worker and a woman after she refused to pay for valet parking service. He faced charges under Article 21 of the cybercrime law for violating the privacy of others, which is punishable by up to six months in prison and a 500,000 dirham ($136,100) fine. As of June 2021, it was unclear if he had been released.15 In March 2019, a man was arrested for insulting local traditions after posting a satirical video on social media in which he wore formal Emirati clothing while surrounded by women and throwing money.16 His arrest may have been the result of user reporting.17 In January 2020, a man was fined 10,000 dirhams ($2,722) for posting a photoshopped picture of another man as a dog. The court also shut down his Instagram account and confiscated his phone.18

In July 2018, the Abu Dhabi prosecutor’s office issued an arrest warrant for three social media influencers who had participated in and posted on social media their video of a viral dance challenge online involving moving vehicles. They were charged with allegedly putting people’s lives at risk and promoting “practices that are incompatible with the UAE’s values and traditions.”19

Several foreigners were arrested for social media posts under the harsh cybercrime law. In April 2019, a British woman was arrested at an airport in Dubai for insulting Facebook comments she had posted about her former husband’s new wife. She was detained under the cybercrime law and released after paying a 3,000 dirham ($817) fine.20

Even after serving their sentences, many prisoners of conscience remain detained in “counselling centers.”21 For example, Osama al-Najjar was detained in a counselling center despite having served out his three-year sentence.22 Al-Najjar was finally released in August 2019,23 having been sentenced in 2014 to three years in prison and fined 37,000 dirhams ($10,070) for Twitter posts in which he alleged that his father, who was imprisoned during the UAE 94 trial (in which 94 democracy activists were tried on trumped-up coup charges in 2013), was tortured by security forces.24 He was found guilty of belonging to the banned political group al-Islah, spreading lies, and instigating hatred against the state through Twitter.2526

C4 1.00-4.00 pts0-4 pts
Does the government place restrictions on anonymous communication or encryption? 1.001 4.004

Several laws limit anonymous communication online.

Amendments to the cybercrime law passed in 2016 state that use of hiding one’s identity “by using a false [internet protocol (IP)] address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery” can face a fine of between 500,000 ($136,100) and 2 million dirhams ($544,000), as well as prison time.1 The clause may refer to VPNs used to circumvent censorship, which help disguise the user’s location. A prison sentence was not specified in the law. However, considering that cyberviolations are now treated as crimes rather than misdemeanors, prison terms for those convicted would likely be at least three years.2 The TRA clarified that “companies, banks, and institutions are not prohibited from using VPNs,” adding that “the law can be breached only when internet protocols are manipulated to commit crime or fraud.”3 Also in 2016, authorities blocked the encrypted messaging app Signal.4

On February 23, 2021, Digital 14—a UAE-based cybersecurity firm owned by Abu Dhabi Developmental Holding company (ADQ) and chaired by Tahnoon Bin Zayed Al Nahyan, the National Security Advisor of UAE—announced the launch of KATIM, a mobile phone and messaging application with end-to-end encryption. KATIM was made available to businesses and government entities operating in the UAE.5 Tahnoon has been linked to the controversial ToTok app, which was removed from the Apple and Google app stores due to privacy concerns (see C5).6

In 2014, the Interior Ministry announced plans to link identification cards with internet and mobile service, in order “to crack down on child abusers.” An official stated: “By linking ID cards with internet service providers, people’s identities will be linked to the websites they visit.”7 In order to retain service, mobile phone users were required to reregister personal information as part of the 2012 TRA campaign, “My Number, My Identity.”8 Cybercafé customers are also required to provide their ID and personal information.9

C5 1.00-6.00 pts0-6 pts
Does state surveillance of internet activities infringe on users’ right to privacy? 0.000 6.006

State surveillance is widespread and infringes on users’ right to privacy. Whether there is any meaningful legal oversight of government surveillance operations is unclear.

A report published on February 6, 2021 by the New York Times revealed that the UAE established “an electronic spy network” that included former US National Security Agency members. According to the report, the network spied on Qatar with the aim to prove the country was financing terrorist groups through the Muslim Brotherhood.1 The Times investigation revealed that the UAE offered generous compensation to the members of the spy network.

In December 2020, Al Jazeera published a report claiming that several their journalists were hacked using NSO Group spyware, which was acquired by the UAE and Saudi Arabia. The report references an investigation conducted by the Canada-based cybersecurity watchdog Citizen Lab, which detailed how authorities used Pegasus spyware from NSO Group – an Israeli company – to infect the mobile phones of 36 journalists and media staff at the Al Jazeera media network. Citizens Lab traced the “zero-click” hacking technique whereby hackers from the UAE and Saudi Arabia accessed the victims’ phones (see C7 and C8).2

In a 2018 report by Citizen Lab, a Canadian internet watchdog, the UAE is listed as one of 45 countries worldwide in which devices were likely breached by Pegasus, a targeted spyware software developed by the NSO Group.3 Moreover, documents leaked in August 2018, which were used in two lawsuits against NSO Group, showed that the UAE had been using Pegasus spyware for at least a year, targeting foreign government officials, journalists, and activists.4 In July 2021, an investigation published by The Guardian provided further evidence that the UAE government had purchased the Pegasus spyware.5

In December 2019, the New York Times reported that the VoIP app “ToTok” gives UAE spies access to citizens’ conversations, movements, and other personal data, like photos. Shortly after, the app was removed from both the Apple and Google app stores (see B2). The app’s publisher, Breej Holding Ltd, is affiliated with UAE-based cybersecurity firm DarkMatter, which is allegedly under investigation by the United States’ Federal Bureau of Investigation for possible cybercrimes.6 The founders of the app called the allegations against ToTok “vicious rumors.”7 An investigative report published in January 2020 by Citizen Lab found that three companies connected to ToTok are directly linked to UAE National Security Advisor Tahnoon bin Zayed al-Nahyan (see C4).8

A Reuters investigation published in January 2019 revealed that a group of former US intelligence agents were part of Project Raven, an Emirati hacking program that allowed the UAE to surveil militants and other governments, as well as dissidents, political opponents, activists, and journalists. Some of the latter targets were foreigners. The project was ultimately transferred from a US contractor to DarkMatter in 2016.9 One of the tools used from 2016 to 2017 enabled DarkMatter to hack into targets’ iPhones and access their information. The UAE had also bought the hacking platform, called Karma, from an unnamed vendor.10 The project operatives were ordered to monitor social media platforms and target individuals who, according to security forces, had insulted the government. One of the operatives said, “Some days it was hard to swallow, like [when you target] a 16-year-old kid on Twitter.”11

In August 2018, Google said that its Chrome and Android browsers would mark all websites that had been certified by DarkMatter as unsafe.12 In July 2019, Mozilla said it was “rejecting the UAE’s bid to become a globally recognized internet security watchdog, empowered to certify the safety of websites for Firefox users.” Mozilla made the decision based on reports that DarkMatter had been linked to the state-run hacking program.13

In February 2018, Faisal al-Bannai, the founder of DarkMatter, denied activists’ allegations that the firm was involved in hacking activities. About 80 percent of DarkMatter’s customers are UAE government agencies, including the Dubai police. Al-Bannai has suggested that the police are capable of compiling hours of surveillance video in order to track anyone in the country.14 In October 2019, al-Bannai announced that he was “in the process of concluding purchase agreements with multiple parties to divest all assets and capabilities in the UAE and internationally.”15

C6 1.00-6.00 pts0-6 pts
Does monitoring and collection of user data by service providers and other technology companies infringe on users’ right to privacy? 0.000 6.006

ISPs and mobile service providers are not transparent about the procedures authorities use to access users’ information.

Service providers reportedly monitor content on behalf of the police and security forces. Etisalat is required, through its license, to store call logs and possess equipment that allows the TRA to access “its network and the retrieval and storage of data for reasons of public interest, safety, and national security.”1 Metadata and call information from the VoIP services offered by Etisalat and Du can be obtained by the government.2

In July 2020, the Dubai International Financial Centre (DIFC) approved the Data Protection Law No. 5 of 2020. The regulations in the law apply to businesses that process personal data and mandate the appointment of data protection officers for DIFC entities. Furthermore, the regulations include a maximum fine of $100,000 for any data breaches.3 Other rules ensure compliance from data controllers and processors, such as a mandate to conduct data protection impact assessments and contractual obligations that protect individuals and their personal data.4

Though the UAE has joined a wave of countries enacting data protection policies, the government’s history of surveilling citizens and targeting dissidents raise questions about the legitimacy of the new data protection law (see C5 and C7). For example, the newly adopted Internet of Things (IoT) regulatory framework has serious privacy implications. The framework requires entities that offer IoT services, regardless where they are headquartered, to register with the UAE government. The IoT regulatory policy paper retains the government’s right to process “data within the purview of the legislative powers provided to them.” Further, any “secretive, sensitive and confidential” data for individuals and business would be stored within the UAE; no definition of secretive, sensitive, or confidential data is provided.5

Authorities at times request user data from international platforms. In its transparency report, Google claimed to have received three emergency data disclosure requests between January 2020 and June 2020. One request was made to Twitter during the same period.6

C7 1.00-5.00 pts0-5 pts
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in relation to their online activities? 2.002 5.005

Some online activists face enforced disappearances and torture in retaliation for their activities.1

Nasser bin Ghaith, who was sentenced to 10 years in prison in 2017 in part for Twitter posts critical of the Egyptian government, reported that he was detained in poor conditions and subject to torture while on trial, including extended periods in solitary confinement.2 He has gone on several hunger strikes since 2017 and has been denied access to medical care (see C3).3

Activist Ahmed Mansour, who was detained in 2017 in connection with his social media use and later sentenced to 10 years’ imprisonment in May 2018, began a hunger strike in March 2019 to bring attention to his case and substandard prison conditions, including torture (see C3).4 As of February 2020, Mansour was reported to have been on a five-month liquid only hunger strike.5 He had been harassed for years by the government prior to his imprisonment: authorities froze his bank accounts, put him under a travel ban, denied him a passport, and attempted to hack into his email accounts. When arresting him, security forces searched Mansour’s house and confiscated all electronic devices belonging to him and his family members.6 In February 2021, a United Nations (UN) official called on the UAE government to release human rights activists being held in prison, including bin Ghaith and Mansour, citing prison conditions that amount to human rights abuses.7

Female activists have been harassed online by government officials in an attempt to silence them. In December 2020, Ghada Ouiess, a high-profile Lebanese journalist, filed a lawsuit against Crown Prince Mohamed bin Zayed alleging that he, among other defendants, shared photos of her online in retaliation for her reporting on the Saudi regime. Ouiess is just one of many journalists who were targeted in a “hack-and-leak” attack, where attackers used NSO Group spyware to hack mobile phones and spy on dissidents (see C5 and C8).8 Other activists who have been allegedly targeted by the UAE include Alaa al-Siddiq, an Emirati activist and the director of human rights group, ALQST, and prominent Saudi women’s rights activist, Lina al-Hathloul.

Political dissidents and their families are frequently harassed and intimidated on Twitter. In December 2019, Human Rights Watch reported that dissidents and their family members report being targeted and surveilled, constantly summoned by authorities and interrogated for their opinions, intimidated, and asked to spy on their communities.9 In October 2019, Amnesty International shared a statement by WhatsApp about NSO spyware which had been sent on the app to 100 activists in the UAE, Mexico, and Bahrain (see C5).10

C8 1.00-3.00 pts0-3 pts
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? 2.002 3.003

The UAE reported a 250 percent increase in cyberattacks during the reporting period.

Mohamed al-Kuwaiti, the head of the Government Cyber Security agency, stated that the UAE had become a target of “huge attacks” from “activists” after it established formal ties with Israel in August 2020. Al-Kuwaiti added that the financial sector and health sector received the most attacks.1

Activists have faced repeated technical attacks designed to deceive them into downloading spyware. In December 2020, reports alleged that several prominent journalists and activists were targeted by a “hack-and-leak” campaign, perpetrated by authorities in the UAE and Saudi Arabia (see C5 and C8).2 In May 2019, reports emerged that NSO Group, whose spyware enabled various countries to surveil journalists and activists, exploited a security flaw in WhatsApp to hack into targets’ mobile devices. The flaw may have been used to hack the UAE’s targets (see C5).3 In 2016, a report from the New York Times asserted that the UAE government paid the Italian cybersecurity firm Hacking Team more than 2,328,000 dirhams ($633,700) to target 1,100 devices with spyware.4 Through a forensic investigation by cybersecurity expert Bill Marczak, human rights activist Ahmed Mansour discovered that he had been repeatedly targeted with sophisticated spyware from hackers at FinFisher and Hacking Team.

A January 2019 Reuters report documented how former United States intelligence analysts are now working as hackers within the UAE as part of a clandestine spy group called Project Raven, which was then moved to the UAE cybersecurity firm DarkMatter (see C5). These hackers use state-of-the-art technology to hack into phones and spy on enemies of the state, including journalists, activists, and political rivals.5

In February 2020, a trial in London began in which Farhad Azima, an Iranian-American businessman, alleged that the Emirate of Ras Khaima had hacked his emails, as they battled him over a hotel contract. According to his lawyer, if the judge rules in Azima’s favor, he would be the first person to successfully sue a foreign government for hacking.6 Azima ultimately lost the dispute to Ras al Khaimah in 2020 and was ordered to pay $4.1 million in compensation.7

In 2016, an official with DarkMatter said that 5 percent of global cyberattacks targeted victims in the UAE.8 The TRA said it had “successfully foiled 1,054 cyberattacks” targeting private companies and government entities that year.9 Also in 2016, Dubai police arrested foreign hackers accused of extorting over email five senior officials who worked for the president of the United States.10

On United Arab Emirates

See all data, scores & information on this country or territory.

See More
  • Global Freedom Score

    17 100 not free
  • Internet Freedom Score

    27 100 not free
  • Freedom in the World Status

    Not Free
  • Networks Restricted

    No
  • Websites Blocked

    Yes
  • Pro-government Commentators

    Yes
  • Users Arrested

    Yes