United Arab Emirates

Not Free
28
100
A Obstacles to Access 12 25
B Limits on Content 9 35
C Violations of User Rights 7 40
Last Year's Score & Status
27 100 Not Free
Scores are based on a scale of 0 (least free) to 100 (most free). See the research methodology and report acknowledgements.

header1 Overview

Internet freedom in the United Arab Emirates (UAE) remains significantly restricted. Online censorship is rampant, and the online media environment lacks diversity. During the coverage period, social media users were arrested or fined for their posts, and one journalist received a prison sentence for a Facebook post in which he criticized the Nepalese embassy in the UAE. Government surveillance of online activists and journalists continued during the coverage period. Furthermore, three former US intelligence employees were fined after providing the UAE government with hacking software that was used to target perceived opponents of the government, including prodemocracy activists. Two new laws were passed that could further restrict online expression. The vaguely worded cybercrime law includes criminal penalties for those who share “fake news” online, while a newly introduced data protection law has problematic exemptions that could present risks to online privacy and further entrench government surveillance.

The UAE is a federation of seven emirates led in practice by Abu Dhabi, the largest by area and the richest in natural resources. Limited elections are held for a federal advisory body, but political parties are banned, and all executive, legislative, and judicial authority ultimately rests with the seven hereditary rulers. The civil liberties of both citizens and noncitizens, who make up an overwhelming majority of the population, are subject to significant restrictions.

header2 Key Developments, June 1, 2021 - May 31, 2022

  • In September 2021, authorities eased Voice over Internet Protocol (VoIP) service restrictions for visitors of the Expo 2020 Dubai world fair, who were able to access WhatsApp voice calls and Skype within site grounds (see A3).
  • During the coverage period, automated social media accounts were used to manipulate the online narrative by pushing progovernment rhetoric around several global events, including the Russian invasion of Ukraine, Tunisia’s political crisis, and the coup d’état in Sudan (see B5).
  • In January 2022, the UAE implemented amendments to the 2012 cybercrime law that bans residents from posting or sharing “fake news and rumors” online (see C2).
  • In September 2021, three former US intelligence employees associated with Project Raven, a hacking project that was managed by Emirati firm DarkMatter, were fined for violating export control regulations after providing the UAE government with hacking software that was used against a wide range of targets (see C5).
  • A new data protection law took effect in January 2022. Although the law is similar to other global data protection laws, significant exclusions raise concerns for user privacy (see C6).

A Obstacles to Access

A1 1.00-6.00 pts0-6 pts
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? 6.006 6.006

The UAE is one of the world’s most connected countries. As of January 2022, there were 9.94 million internet users in the country and internet penetration stood at 99 percent. The UAE’s mobile penetration rate of 169 percent is one of the highest in the region.1

Internet speeds are also reliable. As of May 2022, the median mobile and broadband download speeds stood at 125.27 megabits per second (Mbps) and 112.83 Mbps, respectively. The median mobile and broadband upload speeds stood at 20.30 megabits per second (Mbps) and 80.07 Mbps, respectively.2 According to the International Institute for Management Development’s World Digital Competitiveness Ranking 2021, the UAE ranks first in the world in terms of wireless broadband usage, fourth in terms of internet usage, and 12th in terms of mobile broadband subscribers.3 The World Bank’s GovTech Maturity Index described the UAE as “one of the [region’s] most mature countries in citizen-centric online public services” and ranked near the top of the global index on the criterion of e-governance.4

The mobile service provider Etisalat became the first in the Middle East and North Africa region to launch fifth-generation (5G) services in May 2019, and Du followed suit a month later. Both companies partnered with Chinese smartphone manufacturer ZTE to offer the service.5 In September 2020, Etisalat announced that it began rolling out 5G services on fixed-line networks. The Telecommunications and Digital Government Regulatory Authority (TDRA)—then known as the Telecommunications Regulatory Authority (TRA)—said that it was allocating a new frequency band to expand the scope of the 5G network that same month.6 In 2021, 5G coverage reached 91 percent of the population. Etisalat announced that there were 850,000 5G subscribers by the end of the third quarter of 2021.7

Damage to undersea cables occasionally disrupts connectivity. In June 2022, after the coverage period, the Asia-Africa-Europe-1 (AAE-1) undersea cable, a 25,000 kilometer submarine cable that links Asia, the Middle East, Africa, and Europe and is owned by Etisalat and 18 other global telecommunications companies, was cut, leading to worldwide outages and network issues. The issue was mediated within hours, though issues persisted for some providers across Europe, Africa, and the Middle East.8 The AAE-1 cable is considered the largest global submarine cable system in the world. Etisalat additionally uses AAE-1's capacity to bolster service for 5G customers and internet of things (IoT) users.9

In March 2020, during the COVID-19 lockdown, the TDRA announced that homes without internet access would be provided free internet data through individuals’ mobile phones to help increase access to online learning platforms for students.10 Authorities and the local press continued to warn against using free public Wi-Fi networks due to privacy concerns.11

A2 1.00-3.00 pts0-3 pts
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? 1.001 3.003

While prices are among the highest in the region, broadband access is affordable for most users given the country’s high per capita income,1 which is estimated at 70,300 Emirati dirhams ($19,100) as of 2019.2

The 2022 annual survey by the UK telecommunications company Cable ranked the UAE 209th out of 220 countries for broadband affordability. According to the survey, broadband access in the country cost $156.66 per month on average, more than double the regional average of $60.61.3

An Etisalat postpaid mobile plan with a 2 gigabyte (GB) data allowance and 100 local minutes costs 125 dirhams ($34) per month,4 while a prepaid plan with an allowance of 1 GB costs 30 dirhams ($8.16) per month.5 In July 2019, the TDRA required Etisalat and Du to discontinue their pay-per-use data plans “in order to protect the subscribers from excessive charges.”6 Etisalat announced a 5 percent value-added tax (VAT) on all products and services beginning in January 2018.7 In January 2020, the TDRA lowered the cost of cancelling a mobile contract to one month’s rental fee; the previous cost was one month multiplied by the number of months left over.8

Emirati schools are increasingly connected to the internet and equipped with e-learning facilities, and many offer tablets for student use.9 There are also programs for principals to enroll in international computer-literacy training programs.10 In October 2018, the government launched Madrasa, a free digital platform estimated to provide 50 million primary and secondary school students in the region with instructional videos, all translated into Arabic, on topics including science and mathematics.11 Since April 2020, the Ministry of Education and Al Yah Satellite Communications Company (Yahsat) have provided high-speed satellite broadband services to students and teachers in areas where fixed-line broadband services were unavailable, in an effort to extend the reach of remote schooling initiatives amid the COVID-19 pandemic. Additionally, families who lacked an internet connection were provided with free internet packages through Du and Etisalat to enable online learning.12

A3 1.00-6.00 pts0-6 pts
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? 3.003 6.006

No orders to shut down information and communication technologies (ICT) networks were reported during the coverage period, though authorities restrict several communication platforms.

Many popular VoIP services are restricted over mobile connections. Etisalat and Du are the only companies licensed to provide paid VoIP services, while the free or inexpensive over-the-top (OTT) voice-call services provided by WhatsApp, Skype, and others are only accessible through fixed-line or Wi-Fi connections. In March 2020, the TDRA allowed the use of Skype for Business, Google Hangouts, Blackboard, Microsoft Teams, and Zoom “to support distance learning and working from home,” stressing that this change was an exception that would be continued “until further notice.”1

In September 2021, authorities eased their restrictions on VoIP services for Expo 2020 Dubai visitors, who were able to use VoIP services including WhatsApp voice calls and Skype within site grounds. The TDRA did not respond to a press query on whether the VoIP access would be permanent.2 It is unclear whether the restrictions were reinstated after the expo closed in March 2022.3

WhatsApp’s voice feature was blocked shortly after it was introduced in 2015,4 as was a similar feature offered by Facebook.5 Viber has been banned since 2013, along with FaceTime.6 Apple agreed to sell its iPhone products to UAE mobile service providers without the FaceTime app preinstalled, though it can be used on phones purchased outside the country.7 The VoIP feature for Discord, a chatting app primarily used by video gamers, was blocked in 2016.8

Seeking to improve connectivity within the country, Etisalat and Du have launched their own carrier-neutral international internet exchange points (IXPs), called SmartHub and Datamena, respectively.9 Etisalat maintains a nationwide fiber-optic backbone. In 2015, the company selected TeliaSonera International Carrier (TSIC) as its preferred global internet backbone provider.10

A4 1.00-6.00 pts0-6 pts
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? 2.002 6.006

Internet service providers (ISPs) in the UAE are either fully or partially owned by the state, allowing authorities to exert control over the flow of information.

The country’s two largest mobile service providers, Etisalat and Du, are both controlled by the state. The government maintains a 60 percent stake in Etisalat and a 50.1 percent stake in Du through its ownership in the Emirates Investment Company.1 Various state-owned companies maintain stakes in Du.2

Etisalat and Du hold an effective duopoly of the telecommunications industry. However, numerous foreign and local entities operating in the audiovisual media sector are licensed and regulated by the UAE government via the TDRA, which is the country’s sole ICT regulator. Entities may appeal TDRA decisions, but there is no standardized legal process for appeals, which are evaluated by TDRA committees (see B3).3

A5 1.00-4.00 pts0-4 pts
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? 0.000 4.004

Regulatory bodies frequently fail to operate in a free and fair manner.

The TDRA—formerly known as the TRA—oversees service providers and makes executive decisions regarding monitoring, filtering, and banning services and websites, without any oversight or transparency (see B3). Providers must follow the laws and regulations set by the TDRA, which was established in 2003 to manage the UAE’s ICT sector. In April 2021, the authority’s name was changed to include “Digital Government” to reflect its digital governance services.1 Its objectives include ensuring quality of service and adherence to terms of licenses by licensees, encouraging ICT expansion within the UAE, resolving disputes between the licensed service providers, establishing and implementing a regulatory and policy framework, and promoting new technologies.2

The TDRA’s current chairperson is Major General Talal Hamid Belhoul, who was also appointed director general of the State Security Department in Dubai in 2017.3 In July 2021, Majed Sultan al-Mesmar was appointed director general of the TDRA.4 As per Decree No. 3 (2003) Regarding the Organisation of the Telecommunications Sector, the TDRA board rotates every four years. The authority’s director general is appointed by federal decree, and his functions and responsibilities are determined by the UAE Executive Order, thus limiting the body’s independence.5

B Limits on Content

B1 1.00-6.00 pts0-6 pts
Does the state block or filter, or compel service providers to block or filter, internet content, particularly material that is protected by international human rights standards? 1.001 6.006

While ISPs are required by the TDRA to block content related to terrorism, pornography, gambling, and political speech that threatens the ruling order (see B3), in practice authorities also commonly block websites that criticize the government or address social taboos.

Beginning in 2017, blocking emerged as a political tool through which authorities sought to isolate Qatar, which Bahrain, Egypt, Saudi Arabia, and the UAE had accused of supporting “terrorist” groups, notably the banned Muslim Brotherhood. In 2017, authorities blocked several Qatari media sites amid this dispute, including Al Jazeera Live.1 Despite officially ending the dispute with Qatar in January 2021, a number of Qatari websites, including Al Jazeera, remained blocked.2

The TDRA reported that it had blocked 883 websites via automatic filtering in the first quarter of 2022. Some9 percent were blocked for “pornography, nudity, and vice,” 42.7 percent for “impersonation, fraud, and phishing,” 3.6 percent for “drugs,” 2 percent for “promotion of or trading in prohibited commodities and services,” and 1 percent for “bypassing blocked content.” Additionally, the TDRA blocked 2 websites for “offenses against the UAE and public order.”3

In August 2021, the Open Observatory of Network Interference (OONI) published a report examining the blocking of LGBT+ websites in six countries including the UAE. The report found that 51 unique URLs related to LGBT+ content, including some international sites, were inaccessible in the UAE; a news site that covered LGBT+ issues, asylum, and migration was among the unavailable sites. However, the report noted that 13 blocked sites were not active, suggesting that local ISPs were relying on outdated blocking lists (see B3).4

In recent years, the audio-only platform Clubhouse has become popular in the UAE. In March 2021, local media reported that UAE users had experienced poor sound and quality issues when accessing the app. While UAE regulators maintained that the app was not blocked, the sound disruptions could be a result of authorities attempting to restrict accessibility to the platform.5

As of June 2022, several political blogs,6 a number of atheist and secular websites,7 at least one site disseminating news on Emirati political detainees and prison conditions,8 and sites related to the Muslim Brotherhood and regional nongovernmental organizations (NGOs) were blocked.9 The website of the Islamic Human Rights Commission (IHRC) was also blocked.10 In the past, internet users have reported the blocking of social media content related to political detainees,11 as well as Archive.today, a tool that retains URLs that might be modified or removed from the internet.12 The Beirut-based Gulf Center for Human Rights is also blocked.13

Many other sites critical of the government have been blocked. The government has previously blocked UK-based, English-language news site Middle East Eye after it published articles exposing the country’s harsh surveillance practices and poor human rights record.14 In 2015 a Qatari-funded outlet, the New Arab, was blocked without explanation.15 Also in 2015, authorities blocked Arabic-language sites run by news agencies in Iran, such as Al-Alam TV, over allegations that they disseminated antigovernment propaganda.16 These sites were apparently accessible in the UAE as of June 2022.

According to a 2013 Citizen Lab report, ISPs use advanced tools such as SmartFilter, Netsweeper, and Blue Coat ProxySG to censor content.17 The organization has also documented websites that are blocked in the UAE because both SmartFilter (used by Etisalat) and NetSweeper (used by Du) have miscategorized them as pornographic.18 Citizen Lab again confirmed the use of NetSweeper in an April 2018 report.19

B2 1.00-4.00 pts0-4 pts
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content, particularly material that is protected by international human rights standards? 1.001 4.004

The TDRA censors selected content on platforms such as YouTube, Facebook, and Twitter, according to local users.

Facebook occasionally receives government requests to remove content. Between July and December 2021, Facebook reported that it received three content removal requests from the UAE government, including requests to restrict seven pages and groups and two profiles.1 Facebook disclosed that the requests related to violations of Federal Law No. 5 (2012), which restricts sales and promotion of regulated goods such as sex toys.2

In 2021, Google received 18 content removal requests from the UAE. The nature of this content included fraud, national security, obscenity, privacy, regulated goods and services, trademarks, and defamation.3 According to Google, they have received requests to satirical content against the ruling family as well as a video which shows a member of the royal family torturing a worker in his farm.

Twitter reported receiving 148 content removal requests from the UAE government between January and December 2021 and complied with 88.5 percent of them.4

In July 2020, Twitter blocked the account of “Detained in Dubai,” a UK-based group which reports on detention issues in Dubai. The account of its founder, Radha Stirling, was also blocked. Twitter provided no justification for its actions,5 and a statement released on the Detained in Dubai website in February 2021 claimed that Twitter had suspended Stirling’s account and other organization-run accounts without warning. The statement also noted that Princess Latifa al-Maktoum, the daughter of Dubai ruler Sheikh Mohammed bin Rashid al-Maktoum, reached out to Stirling during her escape attempt from Dubai in 2018. Whether the suspension of the accounts is related to the group’s reporting on that incident is unclear.6

B3 1.00-4.00 pts0-4 pts
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? 1.001 4.004

Restrictions on digital content lack proportionality and fairness. The TDRA instructs ISPs to block content related to terrorism, pornography, gambling, and political speech considered threatening to the ruling order.

In April 2021, when Clubhouse users experienced connectivity, sound, and bandwidth issues on the app, the TDRA failed to provide any justification for the issues (see B1).1 Authorities from the TDRA also made no comment about the February 2021 suspension of the “Detained in Dubai” Twitter account (see B2).2

Using banned VoIP services through a virtual private network (VPN) is punishable under a law that bars the use of VPNs to commit a crime, as well as cybercrime and telecommunications regulatory laws.3

Du details the criteria it uses to block sites in a document available on its website. Prohibited content includes information related to circumvention tools, the promotion of criminal activities, the sale or promotion of illegal drugs, dating networks, pornography, LGBT+ content, gambling sites, unlicensed VoIP services, terrorist content, and material that is offensive to religion.4 Etisalat has not made a similar list available, although the company invites users to request the blocking or unblocking of sites.5 Du also allows users to send unblocking requests to a designated email address and blocking requests through an online form.6 However, neither company provides information on whether sites have been unblocked as a result of requests.7 Twitter users sometimes monitor when sites are blocked to combat the lack of transparency,8 but the TDRA has also called on social media users to help report “suspicious” content for blocking.

Online content is often removed without transparency or judicial oversight. Under the cybercrime law, intermediaries, such as domain hosts or administrators, are liable if their websites are used to “prompt riot, hatred, racism, sectarianism, or damage the national unity or social peace or prejudice the public order and public morals.”9 Website owners and employees may also be held liable for defamatory material on their sites.10 Regulations instituted in October 2018 require social media influencers to identify content defined as advertisements (see B6) and allow the National Media Council (NMC) to remove content that violates their guidelines.11

B4 1.00-4.00 pts0-4 pts
Do online journalists, commentators, and ordinary users practice self-censorship? 0.000 4.004

Self-censorship online has worsened in recent years due to the risks of legal action or harassment in retaliation for online activities, as well as high levels of surveillance.

Virtually nobody within the country speaks out on political and other sensitive issues.1 Local news sites, many of which are owned by the state, exercise self-censorship in accordance with government regulations and unofficial red lines. Overall press freedom is poor, and foreign journalists and scholars are often denied entry or deported for expressing their views on political topics, further chilling the environment for online expression.2

According to OONI’s August 2021 report on LGBT+ online censorship, the UAE’s highly controlled online environment contributes to widespread self-censorship. Furthermore, members of the LGBT+ community in the UAE who were interviewed by OONI indicated that they believe they are being monitored by authorities (see C5). An interviewee explained that community members are afraid of searching the internet for things such as “how to know I am a lesbian,” fearing the authorities would somehow discover them.3

The UAE has an advanced surveillance system, which includes all online modes as well as real-life monitoring of public spaces (see C5). With the cybercrime law and latest regulations for social media, the state can potentially retaliate against any form of expression, leading users to self-censor online (see C2).

B5 1.00-4.00 pts0-4 pts
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? 1.001 4.004

The government has allegedly manipulated the online information landscape to advance its interests.

During the coverage period, automated social media accounts were used to manipulate the online narrative around several regional events, often pushing progovernment positions. In July 2021, Al Jazeera reported on a social media propaganda campaign originating in the UAE; it portrayed Tunisian president Kaïs Saïed’s decision to suspend that country’s parliament and dismiss its prime minister as popularly supported moves against Islamist parties like the Muslim Brotherhood. Al Jazeera also reported that Emirati influencers had disseminated anti–Muslim Brotherhood material in line with the government’s stance. These influencers are often retweeted by progovernment trolls and bots who spread propaganda and intimidate critics.1

In January 2022, Doha News reported on the existence of a network of “sock puppet” Twitter accounts that had belonged to Sudanese users before being purchased or hacked around December 2021, weeks before the resignation of Sudanese prime minister Abdalla Hamdok. The network was used to promote the UAE’s intervention in Sudan, disseminated anti–Muslim Brotherhood stances—despite long-standing Sudanese ties to the party—and echoed Emirati rhetoric that linked the party to terrorism in the Middle East.2 Later in January 2022, Doha News reported on troll networks that likely originated in the UAE; the networks spread propaganda favoring the UAE and targeting Qatar and Turkey.3

Following Russia’s invasion of Ukraine, a group of online trolls originating in Saudi Arabia and the UAE spread Russian disinformation about the war. Specifically, these accounts—many of which display Saudi or Emirati flags in their profile pictures—attempted to draw attention and sympathy away from Ukraine by promoting a narrative about the “supposed evils of Western liberal democracies.”4

Following the UAE’s decision to normalize relations with Israel, pro-Israel commentary was seen online, at times prompted by Emirati officials. In May 2021, the UAE government had reportedly licensed Emirati social media influencers to praise Israeli security forces’ raid on the al-Aqsa mosque during a crackdown on Palestinian worshippers earlier that month.5

Government authorities frequently issue warnings to internet users about what content is considered unacceptable to post on social media. During the reporting period, a group of tourists was deported after posting photos that apparently contained nudity while on vacation in Dubai (see C3). Following the incident, the Dubai police issued an official warning against posting content that does not “reflect the values and ethics of Emirati society.”6

In September 2019, Twitter took down over 4,200 accounts promoting “political spam” and originating in the UAE, along with several hundred accounts originating in Egypt and Saudi Arabia.7 In April 2020, Twitter took down a pro-UAE network of roughly 9,000 accounts that spread propaganda about the coronavirus pandemic and criticized Turkish military intervention in Libya. The network had been tied to marketing firms in the region, and parts of this network had already been removed by Facebook and Twitter in 2019.8

In an article published in July 2019 by Al Jazeera, experts pointed to thousands of bot accounts attempting to influence views on the Qatar blockade crisis by spreading false information, retweeting officials, and amplifying hashtags. While the source of these accounts is unclear, reports claim that prominent social media influencers in Saudi Arabia and the UAE posted on Twitter about bot-created subjects, which was then picked up by real people.9

B6 1.00-3.00 pts0-3 pts
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? 1.001 3.003

Authorities impose economic and regulatory constraints that limit the ability of antigovernment websites to produce content online. For example, the government reportedly pressured the Dubai-based advertising agency Echo to end its advertising contract with the US-based news outlet Watan.1

The NMC is the federal government body entrusted to oversee media affairs, including licensing and regulating all traditional and digital media platforms.2

In March 2018, the NMC, announced new regulations for electronic media that would govern “all online activities, including e-commerce; publishing and selling of print, video, and audio material; as well as advertising.”3

Since May 2018, social media influencers who engage in commercial activities or promote products must apply for licenses, which are awarded based on several qualifications, such as age, criminal record, the applicant’s reputation, and a university degree.4 The NMC warned social media influencers that not obtaining a license would result in a 5,000-dirham ($1,360) fine. An official stated they “have a team dedicated to monitoring illegal activities on social media and other online platforms.”5

In October 2018, the NMC issued 19 rules for advertising, stating that “advertisements must be identified on social media clearly.” The rules also include “showing respect for the UAE’s systems and policies at an internal level and its relations with other countries, avoiding images that harm public morality, respecting intellectual property rights and a ban on tobacco advertising of any kind.” Violators could be subject to a 5,000-dirham ($1,360) fine, with additional fees if the fine is not paid within five days. Repeat violations could lead to fines of up to 20,000 dirhams ($5,400).6

B7 1.00-4.00 pts0-4 pts
Does the online information landscape lack diversity and reliability? 1.001 4.004

The blocking of antigovernment and other sensitive content and the criminalization of VPNs limit the diversity of the online information landscape. There is virtually no space for independent media online and many local news sites and bloggers self-censor, further reducing the diversity of viewpoints online (see B4).

Many media outlets are directly or indirectly linked to government-owned umbrella groups.1 Traditional and online news appears in both Arabic and English, including the privately owned Al Khaleej and Gulf News websites.2 Due to extensive censorship, content about LGBT+ issues, Qatar, or the Muslim Brotherhood are difficult to access (see B1). Furthermore, many international news sites such as Al Jazeera are blocked, limiting the diversity of the political content available online.

Strict media regulation in the UAE also limits online diversity. The regulatory framework sets national standards for media content and requires all media institutions operating in the UAE to abide by these standards. The list of prohibited content includes content which targets the UAE regime and political figures, as well as newsletters or advertisements that include expressions, photographs, or drawings that are deemed to violate public morals or offend Islamic beliefs. The list also prohibits content that is considered divisive, exclusionary, or disrespectful to religious minorities.3

While VPNs are not strictly prohibited, Article 1 of Federal Law No. 12 (2016) amending the cybercrime law states that a fine of 500,000 to 2 million dirhams ($136,000–$544,000) is imposed on those using a “fraudulent computer network protocol address.” This punishment is implemented if the VPN is used for the purpose of manipulating internet protocols to commit fraud or crime.4

B8 1.00-6.00 pts0-6 pts
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? 3.003 6.006

Some Emiratis push back against government repression through online activism, but the repressive legal and regulatory environment limits their effectiveness. In the past, families of political prisoners frequently relied on Twitter to speak on behalf of detainees, document allegations of torture, and call for their release. However, the practice has become less frequent in recent years due to escalating arrests and prosecutions. With widespread arrests, intimidation, surveillance, and retaliation that users face for speaking out online, most voices critical of the regime today are based abroad.

Online mobilization around certain political or social issues is hamstrung by authorities. In May 2022, the Pakistani embassy warned Pakistanis in the UAE against protesting or organizing “processions or protests,” including on social media, a month after former Pakistani prime minister Imran Khan was removed from office.1

Organizing around LGBT+ issues can also be challenging for online users. Pervasive censorship and surveillance limits LGBT+ people from speaking freely about these issues online and can make it difficult for them to communicate or coordinate online. OONI's August 2021, report, however, noted that Dubai authorities tolerate LGBT+ events, which are sometimes advertised on social media platforms including Facebook.2

While offline assembly is heavily restricted and strikes are illegal in the UAE, rare demonstrations were held in May 2022 when food delivery workers waged a strike over wage cuts and poor working conditions. Hundreds of drivers from food delivery company Deliveroo organized the strike on Telegram and WhatsApp, seemingly without disruption from authorities.3

In response to the 2017 blocking of Skype, a user initiated an online petition to unblock it, which received thousands of signatures. The TDRA responded by blocking Change.org, the platform on which the petition was posted.4 Laws prohibit calling for, promoting, and collecting donations online without obtaining prior permission and licensing from authorities.5

C Violations of User Rights

C1 1.00-6.00 pts0-6 pts
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? 0.000 6.006

Article 30 of the constitution states that freedom of opinion “shall be guaranteed within the limits of law.” However, many laws can effectively limit free speech online, and these rights are not respected in practice.1 Under a 1980 law, authorities can “censor local or foreign publications if they criticize domestic policies, the economy, the ruling families, religion, or the UAE’s relations with its allies.”2

The judiciary enjoys no independence in the UAE and is significantly influenced by the executive.3 Judicial bodies, judges, and lawyers have no public profiles, and are especially not able to criticize the state. The only lawyer to represent political detainees, Mohammed al-Roken, continues to serve a prison sentence for his work.4 Smear campaigns against dissidents go without investigation. Online journalists and bloggers are not allowed anonymity and are required to register for permits, as per the social media law. With the cybercrime law and hate crimes law, the regime has stifled freedom of expression in the country.

C2 1.00-4.00 pts0-4 pts
Are there laws that assign criminal penalties or civil liability for online activities, particularly those that are protected under international human rights standards? 0.000 4.004

There are a number of laws that assign criminal penalties for online activities. Since a series of regional mass uprisings in 2011, the UAE has followed countries of the Gulf Cooperation Council (GCC) in passing legislation to criminalize criticism of authorities online.1

The cybercrime law criminalizes a wide range of legitimate online activities. Hefty fines and jail sentences can be handed down for gambling online, disseminating pornographic material, or sharing content that is perceived to violate another person’s privacy.2 The cybercrime law also criminalizes offending the state and its rulers or symbols, and insulting religion. Calls to change the system of government are punishable by life imprisonment. Authorities have repeatedly warned foreign nationals that they must also follow the country’s restrictive laws.3 In 2017, the government expanded the cybercrime law to criminalize “sympathy for Qatar,” which can be punished with a 15-year prison sentence and a fine.4

In August 2018, the president amended three articles in the cybercrime law. Changes to Article 26 provides for 10 to 25 years’ imprisonment and a fine between 2 million ($544,000) and 4 million dirhams ($1.1 million) for enabling communication between terrorist groups or any other “unauthorized group.” It also prescribes up to five years in prison and a fine between 500,000 ($136,100) and 1 million dirhams ($272,000) for inciting hatred. The other two amendments are related to incitement, endangering national security and state interests (Article 28), and deporting foreigners (Article 42).5

In January 2022, significant amendments to the 2012 cybercrime law took effect; the amended law penalizes those who share information via social media that is deemed false. Those who do face a minimum fine of 100,000 dirhams ($27,200) and a one-year prison term. This penalty doubles to two years in prison and a minimum fine of 200,000 dirhams ($54,400) if the crime was committed during certain emergency situations, including pandemics.6

In October 2020, the Federal Public Prosecution updated Federal Law No. 5 (2020) to combat cybercrimes, including by further penalizing online activities; specifically, citizens can face imprisonment and fines of up to 500,000 dirhams ($136,100) if they carry out “cybercrimes” or make “defamatory comments” online.7 During the COVID-19 pandemic, in April 2020, the government issued a fine of up to 20,000 dirhams ($5,400) if people share medical information—including online—about the coronavirus that contradicts official statements.8

In January 2019, an official from the Interior Ministry listed ten types of social media activities considered illegal under the cybercrime law including: defaming or disrespecting others, spreading false news and rumors, establishing websites or accounts that violate local regulations, and inciting immoral acts.9

Broadly worded provisions of a 2015 hate speech law, which criminalize insults to religion, open individuals up to criminal charges for expressing nonviolent opinions on religion. Penalties under the law range from prison terms between six months and 10 years and fines between 50,000 ($13,610) and 2 million dirhams ($544,000).10 Furthermore, while the law bans discrimination on the basis of “religion, caste, doctrine, race, color, or ethnic origin,” it does not protect those persecuted on the basis of gender or sexuality.11 The law specifically covers online and offline speech.

C3 1.00-6.00 pts0-6 pts
Are individuals penalized for online activities, particularly those that are protected under international human rights standards? 2.002 6.006

Score Change: The score improved from 1 to 2 because fewer online users received long prison sentences than in previous years, though social media users were still arrested and charged for their online content.

The government routinely jails individuals for posting political, social, or religious opinions online, and long prison sentences have been handed out on such charges in recent years.

During the coverage period several social media users were arrested because of their online content. In October 2021, the UAE Federal Prosecution ordered the arrest of a couple who posted a video on social media that included actions and words which “violated public morals and online laws.”1 In March 2022, UAE authorities arrested Nepali journalist Umakanta Pandey on cybercrime charges (see C2) after he accused the Nepali embassy of wrongdoing in its issuance of visas on his Facebook account. It is unclear whether Pandey remains in custody.2

In October 2020, a court sentenced Ahmed Etoum, a Jordanian citizen living in the UAE, to 10 years in prison based on his Facebook posts criticizing the Jordanian royal family and government. The court convicted Etoum of using Facebook to commit “acts against a foreign state” that could “damage political relations” with that state and “endanger national security” inside the UAE.3 Etoum remained in prison as of June 2022.

Several prominent activists who were sentenced in recent years over their online activity remain in prison. In December 2018, a court rejected activist Ahmed Mansour’s final appeal of a 10-year prison sentence and 1-million-dirham ($272,200) fine. Reports also suggested that he would be subject to three years of surveillance after his release.4 Mansour was sentenced in May 2018 on cybercrime charges following a series of closed proceedings5 and has been in detention since his 2017 arrest for “spreading sectarianism and hatred on social media,”6 after calling on Twitter for the release of human rights activist Osama al-Najjar.7

Nasser bin Ghaith, a human rights activist and former lecturer at the Abu Dhabi branch of the Paris-Sorbonne University, was sentenced to 10 years in prison in 2017 after being convicted on a range of charges primarily related to his nonviolent speech published online.8 He remains in prison as of June 2022.

Ordinary internet users are also penalized for their online content. In April 2021, Dubai authorities deported 13 tourists—12 Ukrainian women and a Russian man—for posting a picture on social media where they appeared nude. The tourists were accused of indecency and spreading debauchery, offenses carrying a penalty of up to six months and a fine of 5,000 dirhams ($1,360).9

In April 2020, three men were arrested in separate incidents for “mocking stay-at-home and movement restrictions”; their pictures were published in the press. Authorities said they were notified that their images would be published as part of a “name and shame” initiative started by the Dubai police.10 In the same month, Tariq Mehyyas, an Emirati member of the media, was arrested under hate crime charges for posting racist comments in a video targeting South Asian residents of the UAE.11

In July 2018, the Abu Dhabi prosecutor’s office issued an arrest warrant for three social media influencers who had participated in and posted on social media their video of a viral dance challenge online involving moving vehicles. They were charged with allegedly putting people’s lives at risk and promoting “practices that are incompatible with the UAE’s values and traditions.”12

Even after serving their sentences, many prisoners of conscience remain detained in “counselling centers.”13 For example, in 2017 Osama al-Najjar was detained in a counselling center despite having served a three-year sentence. Al-Najjar was originally imprisoned for alleging via Twitter that his father, who was imprisoned during the UAE 94 trial—in which 94 democracy activists were tried on trumped-up coup charges in 2013—was tortured by security forces.14 After his initial arrest in 2014, he was found guilty of belonging to the banned political group al-Islah, spreading lies, and instigating hatred against the state through Twitter.15 He was finally released in 2019.16

C4 1.00-4.00 pts0-4 pts
Does the government place restrictions on anonymous communication or encryption? 1.001 4.004

Several laws limit anonymous communication online.

Amendments to the cybercrime law passed in 2016 state that use of hiding one’s identity “by using a false [internet protocol (IP)] address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery” can face a fine of between 500,000 ($136,100) and 2 million dirhams ($544,000), as well as prison time.1 The clause may refer to VPNs used to circumvent censorship, which help disguise the user’s location.2 The TDRA clarified that “companies, banks, and institutions are not prohibited from using VPNs,” adding that “the law can be breached only when internet protocols are manipulated to commit crime or fraud.”3 Also in 2016, authorities blocked the encrypted messaging app Signal.4

In February 2021, Digital 14—a UAE-based cybersecurity firm chaired by Tahnoon bin Zayed al-Nahyan, the UAE’s national security advisor—announced the launch of KATIM, a mobile phone and messaging application with end-to-end encryption. KATIM was made available to businesses and government entities operating in the UAE.5 Tahnoon has been linked to the controversial ToTok app, which was removed from the Apple and Google app stores due to privacy concerns (see C5).6

In 2014, the Interior Ministry announced plans to link identification cards with internet and mobile service in order “to crack down on child abusers.”7 In order to retain service, mobile phone users were required to reregister personal information as part of the 2012 TRA campaign, “My Number, My Identity.”8 Cybercafé customers are also required to provide their ID and personal information.9

C5 1.00-6.00 pts0-6 pts
Does state surveillance of internet activities infringe on users’ right to privacy? 0.000 6.006

State surveillance is widespread and infringes on users’ right to privacy. The country is home to some of the most sophisticated surveillance technology, and authorities can monitor civilians’ activity both online and offline.1 The state’s ownership of and control over telecommunications companies has enabled authorities to closely monitor internet and social media sites.2 Whether there is any meaningful legal oversight of government surveillance operations is unclear.

The UAE government is a known client of the NSO Group, an Israeli company, and authorities have used spyware technologies such as remote zero-click surveillance—a technique that could compromise a device without any action by the target—of smartphones to target antiregime activists, journalists, and royal family members.3 Leaked documents showed that the government has been using Pegasus spyware since at least 2017, targeting foreign government officials, journalists, and activists.4 In July 2021, an investigation published by the Guardian provided further evidence that the UAE government had purchased Pegasus.5

In December 2021, the Washington Post reported that a UAE agency used Pegasus to infect the phone of Jamal Khashoggi’s wife months before his 2018 murder. In a July 2021 report, Amnesty International found that Princess Latifa was also targeted with Pegasus.6 Additionally, the High Court of England and Wales found evidence that Sheikh Mohammed used Pegasus to hack six phones belonging to Princess Haya bint al-Hussein, her lawyers, and her security team.7 The NSO Group subsequently terminated its contract with the UAE for breaching rules on using the "wiretap" function, which is intended to harvest data from “major criminals or terrorists.”8

In June 2021, Alaa al-Siddiq, the executive director of ALQST, a UK-based human rights group that is focused on the UAE, died in an automobile collision in the United Kingdom. Alaa was the daughter of prominent UAE activist Muhammed al-Siddiq, who has been held in detention by UAE authorities since 2013. While there was no evidence of foul play related to her death, Citizen Lab found that al-Siddiq had been targeted and spied upon by “a government client” of NSO Group, likely the UAE.9

In December 2021, Saudi activist Loujain al-Hathloul sued DarkMatter and three former executives, accusing them of hacking her mobile phone to track her before her 2018 arrest. Al-Hathloul claimed that her phone was hacked as part of surveillance operation that targeted dissidents in Saudi Arabia and the UAE, leading “to her arbitrary arrest by UAE's security services and extradition to Saudi Arabia, where she was detained, imprisoned, and tortured.”10

In December 2020, Al Jazeera published a report claiming that several their journalists were hacked using NSO Group spyware, which was acquired by the UAE and Saudi Arabia. The report references an investigation conducted by the Canada-based cybersecurity watchdog Citizen Lab, which detailed how authorities used Pegasus to infect the mobile phones of 36 journalists and media staff at the Al Jazeera media network. Citizens Lab traced the zero-click hacking technique whereby hackers from the UAE and Saudi Arabia accessed the victims’ phones (see C7 and C8).11

A Reuters investigation published in January 2019 revealed that a group of former US intelligence agents participated in Project Raven, a hacking project that was managed by DarkMatter beginning in 201612 and was used for the purpose of systematic surveillance. A tool used between 2016 to 2017 enabled DarkMatter to hack into targets’ iPhones and access their information. In August 2018, Google said that its Chrome and Android browsers would mark all DarkMatter-certified websites as unsafe.13 In February 2018, Faisal al-Bannai, DarkMatter’s founder, denied activists’ allegations that the firm was involved in hacking activities. About 80 percent of DarkMatter’s customers are UAE government agencies, including the Dubai police.14

In September 2021, three former US intelligence employees associated with the project entered an agreement with US federal prosecutors to pay $1.7 million in fines for violating export control regulations after furnishing the UAE government with zero-click software.15

In December 2019, the New York Times reported that the VoIP app ToTok gave Emirati spies access to users’ conversations, movements, and other personal data; ToTok was removed from both the Apple and Google app stores soon after. ToTok’s publisher, Breej Holding Ltd, is affiliated with DarkMatter, which was allegedly under investigation by the US Federal Bureau of Investigation when the New York Times reported on the app.16 The founders of the app called the allegations “vicious rumors.”17 In a January 2020 report, Citizen Lab found that three companies connected to ToTok are directly linked to UAE national security advisor Tahnoon bin Zayed al-Nahyan (see C4).18

In February 2021, the New York Times reported on the existence of a UAE-established “electronic spy network,” which included former US National Security Agency members. The network spied on Qatar with the aim to prove that Doha was financing terrorist groups through the Muslim Brotherhood.19 The newspaper also reported that the UAE offered generous compensation to the network’s members.

The UAE had also bought Karma, a hacking platform, from an unnamed vendor.20 The project operatives were ordered to monitor social media platforms and target individuals who, according to security forces, had insulted the government.21

C6 1.00-6.00 pts0-6 pts
Does monitoring and collection of user data by service providers and other technology companies infringe on users’ right to privacy? 0.000 6.006

ISPs and mobile service providers are not transparent about the procedures authorities use to access users’ information.

Service providers reportedly monitor content on behalf of the police and security forces. Etisalat is required, through its license, to store call logs and possess equipment that allows the TDRA to access data for “reasons of public interest, safety, and national security.”1 Metadata and call information from the VoIP services offered by Etisalat and Du can be obtained by the government.2

In December 2021, the UAE issued its first data protection law, Federal Decree Law No. 45 (2021) on the Protection of Personal Data. It was introduced alongside Federal Decree Law No. 44 (2021) on Establishing the UAE Data Office. The data protection law came into effect in January 2022 and aims to follow global data protection measures relating to users’ privacy rights while imposing obligations on those who collect, process, review, and transfer such data.3 Those who illegally collect and misuse data can be fined as much as 500,000 dirhams ($136,000).4 However, a number of exceptions and exemptions leave room for abuse. Specifically, the law does not apply to government data or government entities that control or process personal data, meaning a significant amount of personal data “will not be subject to privacy compliance.” Additionally, there is no timeline for controllers to respond to data requests within the law.5

Though the UAE has joined a wave of countries enacting data protection policies, the government’s history of surveilling citizens and targeting dissidents raise questions about the legitimacy of the new data protection law (see C5 and C7). For example, the newly adopted IoT regulatory framework has serious privacy implications. The framework requires entities that offer IoT services, regardless of where they are headquartered, to register with the UAE government. The IoT regulatory policy paper retains the government’s right to process “data within the purview of the legislative powers provided to them.” Further, any “secretive, sensitive and confidential” data for individuals and business would be stored within the UAE; no definition of secretive, sensitive, or confidential data is provided.6

Authorities at times request user data from international technology companies. Between July and December 2021, Meta recorded 19 government requests for user data and complied with 47 percent of them.7 Between January and June 2021, Google received eight emergency data disclosure requests and responded to 63 percent of them. One request was made to Twitter in 2021.8

C7 1.00-5.00 pts0-5 pts
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in relation to their online activities? 2.002 5.005

Some online activists face enforced disappearances and torture in retaliation for their activities.1

Nasser bin Ghaith, who was sentenced to 10 years in prison in 2017 in part for Twitter posts critical of the Egyptian government, reported that he was detained in poor conditions and subject to torture while on trial, including extended periods in solitary confinement.2 He has gone on several hunger strikes since 2017 and has been denied access to medical care (see C3).3

Activist Ahmed Mansour, who was detained in 2017 in connection with his social media use and later sentenced to 10 years’ imprisonment in May 2018, began a hunger strike in March 2019 to bring attention to his case and substandard prison conditions, including torture (see C3).4 As of February 2020, Mansour was reported to have been on a five-month liquid-only hunger strike.5 He had been harassed for years by the government prior to his imprisonment: Authorities froze his bank accounts, put him under a travel ban, denied him a passport, and attempted to hack into his email accounts. When arresting him, security forces searched Mansour’s house and confiscated all electronic devices belonging to him and his family members.6 During the coverage period, Human Rights Watch (HRW) reported that Mansour was further mistreated in prison after a letter he wrote detailing abuses in detention was published in July 2021.7 In February 2021, the United Nations stated that the prison conditions encountered by activists like bin Ghaith and Mansour amount to human rights abuses.8

Female activists have been harassed online by government officials in an attempt to silence them. In December 2020, Ghada Ouiess, a high-profile Lebanese journalist, filed a lawsuit against Crown Prince Mohamed bin Zayed al-Nahyan alleging that he, among other defendants, shared photos of her online in retaliation for her reporting on the Saudi regime. Ouiess is just one of many journalists who were targeted in a “hack-and-leak” attack, where attackers used NSO Group spyware to hack mobile phones and spy on dissidents (see C5 and C8).9 Other activists who have been allegedly targeted by the UAE include the late Alaa al-Siddiq and prominent Saudi women’s rights activist Lina al-Hathloul.

Political dissidents and their families are frequently harassed and intimidated on Twitter. In December 2019, HRW reported that dissidents and their family members report being targeted and surveilled, constantly summoned by authorities and interrogated for their opinions, intimidated, and asked to spy on their communities.10 In October 2019, Amnesty International shared a statement by WhatsApp about NSO spyware which had been sent on the app to 100 activists in the UAE, Mexico, and Bahrain (see C5).11

C8 1.00-3.00 pts0-3 pts
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? 2.002 3.003

Government entities have been subject to cyberattack in recent years. Attacks on individuals are less frequent but have also been reported in recent years.

In December 2020, Mohamed al-Kuwaiti, the head of the government’s cybersecurity agency, disclosed that cyberattacks increased nearly 250 percent since the start of the COVID-19 pandemic, with attacks originating through the region.1 Al-Kuwaiti also stated that “activists” attacked the UAE after the government established formal ties with Israel in August 2020. Al-Kuwaiti added that the financial and health-care sectors received the most attacks.2

In October 2021, hackers obtained footage of a journalist covering a sporting match after targeting the website of the Abu Dhabi Sports Channel. The journalist in question had been arrested during the match, and the video obtained during the hack was circulated on social media.3

Activists have faced repeated technical attacks designed to deceive them into downloading spyware. In December 2020, reports alleged that several prominent journalists and activists were targeted by a “hack-and-leak” campaign, perpetrated by Emirati and Saudi authorities (see C5 and C8).4 In May 2019, reports emerged that NSO Group, whose spyware enabled various countries to surveil journalists and activists, exploited a security flaw in WhatsApp to hack into targets’ mobile devices. The flaw may have been used to hack the UAE’s targets (see C5).5 Through a forensic investigation by cybersecurity expert Bill Marczak, human rights activist Ahmed Mansour discovered that he had been repeatedly targeted with sophisticated spyware from hackers at FinFisher.

In January 2019, Reuters reported on the involvement of former US intelligence analysts in Project Raven, which had been moved under DarkMatter’s management (see C5). These hackers use state-of-the-art technology to hack into phones and spy on enemies of the state, including journalists, activists, and political rivals.6

On United Arab Emirates

See all data, scores & information on this country or territory.

See More
  • Global Freedom Score

    17 100 not free
  • Internet Freedom Score

    28 100 not free
  • Freedom in the World Status

    Not Free
  • Networks Restricted

    No
  • Websites Blocked

    Yes
  • Pro-government Commentators

    Yes
  • Users Arrested

    Yes