A new legal class on digital

Interview with MP Nadim Gemayel on digital development and Law 81

Photo by" Greg Demarque/Executive
Reading Time: 11 minutes

Political class is not always a flattering term. Actually, undercurrents of personal animosity and/or political criticism are endemic when discussions turn to the political class—in any country. In Lebanon, the most frequent connotations of the term appear to be wasta and corruption. Hailing from a political family is in this sense a definite reputational burden in the court of public opinion.

However, in reality there are as many nuances on political positions and achievements as there are political individuals in Lebanon, and the task of legislating a framework for the country’s digital transformation is much more important than bickering over ideology. As a significant stepping stone toward the digital future, Law 81 was adopted by Parliament last year and went into effect on January 19. Executive sat down to interview MP Nadim Gemayel, the head of the Parliament’s information technology committee and lead sponsor of Law 81.   

E   Do you already have a sightline on how Law 81 is impacting the Lebanese economy and being adjusted to by enterprises?

Until now, we have not had any feedback about the application of Law 81, since it entered into force on January 19. After 10 days, we still have no feedback from enterprises. But I am sure that over the next six months [the law] will provide an easier way to do business in the country, especially for e-commerce enterprises and for e-banking. We are also contemplating an enhancement [of the law] with regards to dealing via emails and electronic transactions, especially concerning processes that used to be paper-based in terms of C2G [consumer to government] transactions and payments. This relates specifically to the realms of government to consumer and government to business interactions, or G2C and B2G, in areas such as payments at the ports and all kinds of e-payments. We are contemplating this, together with many companies, in order to provide them with the best environment, even though we do not have e-government yet.

E   Does this plan for new legislation interlace with projects under the CEDRE framework and initiatives coordinated with World Bank-related projects, such as the streamlining of customs procedures?

Exactly. It all goes together. It is not only about CEDRE, but about creating a real, modern country that has [digital] procedures and regulations that extend all the way.

E   So what are the most important points in Law 81 from your perspective, as its sponsor in producing it in Parliament?

Law 81 has three main aspects. The first is the civil law aspect, the second is the penal or criminal law aspect, and the third is organizational. The most important one is the aspect on civil law. This aspect includes four chapters. The first chapter includes the e-signature, all sorts of e-transactions, and electronic writing. Then there is the e-commerce chapter, an e-banking chapter, and the data protection chapter. These are the four main chapters [under the civil law aspect]. Then you have the criminal law aspect that covers all kinds of electronic crimes and cybercrimes, hacking, etc. All this is being covered under the penal aspect. The third aspect or section is the organizational one that provides [measures for the organization of] .lb and on how to manage internet service providers and data service providers.

E   So, under the penal section of Law 81, cybercrimes and their penalties are clearly defined?

Yes, there are penalties for hacking, for intrusion into [IT] systems, for pornography and child abuse over the net. There is a set of [legal sanctions] for e-crimes.

E   Is there also a provision in the law’s penal section that deals with online harassment or bullying over the internet?

No, harassment is not included. It is still very general. The section has a set of articles that address a small part of the e-crimes but does not go into [all forms of] abuse, social media, or freedom of speech.

E  This sounds as if victims of online trolling in Lebanon might, for the time being, still have to resort to the existing judicial means when seeking protection. As concerns the organizational section of the law, you say that the .lb issuance is included?

On the organizational [segment] we have two chapters, one that is related to regulating the .lb—I personally have many reservations about this chapter because it is very badly done, and it was changed at the last minute in Parliament. It is not applicable, and we are attempting to change it again.

E   What is the weakness of this chapter?

[By changing the text of Law 81, members of Parliament] created an entity to manage .lb that by law cannot be created; there is a contradiction in the chapter. There is another chapter in the organizational section of Law 81 that talks about all kinds of [Internet Service Providers and Data Service Providers] and all kinds of servers.

E   You mentioned in a speech at a cybersecurity conference on January 31 that the law is a step toward something comparable to the EU’s General Data Protection Regulation, or GDPR?

Right. This is the part that is related to data protection. This is in the fourth chapter of Law 81’s segment relating to the civil aspect. We have a foot in the water in terms of data protection but it is not yet complete data protection, similar to GDPR.

E   So it is not yet in the organizational segment?

There is a small [data protection aspect] in the organizational section, on how companies are to do business, and how [they are] to be regulated by the ministries.

E   What is your perception regarding the readiness of Lebanese companies that do business online with European customers?

Any company that wants to deal with European citizens, or do business in Europe, has to comply with GDPR. This is much stronger than our data protection regulation, but the companies in Lebanon will still have to adapt to Law 81.

E   Is there enough awareness and training in Lebanon on how to comply with GDPR, noting that European countries have recently appeared to enforce the regulation with larger fines?

It is not enough. Probably only banks are aware of all the procedures related to GDPR. But in the overall Lebanese market there is no awareness at all, and especially there is no awareness in the ministries that have to apply the data protection. That is why I requested a meeting on data protection last week with the ministries on how to implement the data protection. There was a sort of mess in this regard.

E   What sort of mess is this? Is it concerning all ministries? 

We have four ministries that are related to data protection. We are trying to coordinate the [issuance] of decrees that these ministries have to release. The Ministry of Justice, the Ministry of [Public] Health, the Ministry of Economy [and Trade], and the Ministry of Interior [and Municipalities] will all have to coordinate in order to have a competent structure [for data protection].

E   How do you perceive the establishment of a new ministerial role, namely the Office of the Minister of State for Information Technology and Investment, in this context of need for coordination on digital policies and processes?

I heard very good things about this minister as being very competent and trustworthy. [Ed: a first meeting between MP Gemayel and Minister Afiouni was arranged after Executive conducted this interview.] I hope that we will be able to cooperate with the new minister for [information technology], in order to organize this sector and move it forward to achieve better expansion.

E   How is the situation, or need, in terms of implementation decrees for Law 81?

Some issues need regulation by the ministers, and some issues need government decrees. This should all be set [soon]. Law 81 needs about 10 decrees, and we are pushing the ministers. These decrees should have been implemented [in January 2019], but since there was no government [at the time when Law 81 went into effect], we are giving them a few weeks to organize themselves to start decreeing what needs to be decreed.

E   You serve as head of Parliament’s IT committee. How do you see the digital awareness of fellow members of Parliament?

The awareness is very good. This is a domain that is very young, dynamic, efficient, and that is evolving very quickly. Of course there are some colleagues among deputies who are more aware than others, but each is [aware] about a sector. Even I have been thrown into dealing with this sector, and did not know all details about it, but I decided to take this into my hands. We are also making efforts to improve our knowledge of all relevant issues. For example, we are organizing a trip for all parliamentarians in the [IT] committee to Estonia, which is the number one state for e-government, cybersecurity, etc. We will be going there to discover this horizon and take the necessary training to know what to expect.

E   A fact finding tour?

Exactly, a tour to study, have e-government meetings, regulatory meetings and all this. [Ed: the tour had been conducted by the time of publication.]

E   Without resorting to external ratings of Lebanon’s digital readiness by think tanks and organizations such as the World Economic Forum, how do you personally rate Lebanon for digital and cybersecurity development when comparing it to peers in the Middle East?

Without having other criteria, from a legal point of view I think we are very late. [Law 81] was the first time that a law concerning IT and e-transactions was voted into existence. It has been a first step, but other countries are very advanced in this. I also believe that we need to do a lot in the ecosystem, from education to evolving job descriptions for people to know from the beginning that we need different jobs from the traditional ones. We also need to reach new markets, find new horizons, and new ways to integrate the values of Lebanon into companies within this [digital environment]. We are late.

E  Two years ago, Executive published an analysis by a legal expert on digital legal frameworks in the region, and it indeed showed that Lebanon was behind the regional curve in legislation and adoption of policies for digital transformation as well as in cybersecurity issues.

It is far behind, but I can add one comment: Lebanon has always been known for private initiatives and personal initiatives in adopting new technologies, evolving new sectors, etc. I believe that this time, the state needs to be following the private sector. We [in the state] must not be afraid to say that we are following the private sector. The private sector should be the pioneer and lead us. We are there to support them.

E   In this context, it appeared from recent conferences on the digital ecosystem and cybersecurity, such as a Cybersecurity Day at the American University of Beirut, that Lebanese students are extremely eager to learn more skills in areas such as cybersecurity. Do you agree?

Of course. Cybersecurity is the future, not only for the state, but also for your personal digital identity.

E   Do you recommend any specific steps that the state should take under the concept of following the private sector in the areas of digital innovation and cybersecurity? Should the state, for example, devise new curricula for tertiary education on cybersecurity?

No, but I believe that much should be done to make people from a very young age learn how to think differently and orient themselves in this area. It is also very important to create jobs in this area. Awareness is very important. Digital is part of our daily life. It’s like learning how to drive a car—understand your limits. In a similar way, you need to learn how to use the [digital] technology around you. You have to know the limits that you have in this technology and how to protect yourself.

E   Should the state take a leading role in education for digital, or should this digital transformation be driven by private education providers?

Both have a role to play. The ministries and the government have to play a role, and the whole public sector has to play a role, but it is complementary. It is similar to how creating awareness of child abuse problems is part public and part private responsibility—it is part of schools, cultural clubs, families. It is about everybody.

E   For the interaction with the government today, are there special contact points at Parliament for the private sector, where companies can relate to the IT committee?

Of course, I am open to everybody, and I’m talking with all the sectors. Our committee engages on education, with the Ministry of Telecoms, with IT companies, with the clusters, with everybody. We are trying to talk to everybody and be part of [answering] their needs and requirements.

E   How are you dealing with specific situations involving state contracts and work on issues such digitization of the cadaster?

We have yet to start on this issue, which goes into the development of e-government. This issue requires many strategic decisions, for example, who will own the data and what will be the [ID] number that you use to identify yourself? Will it be a number [given to citizens] by the interior ministry, the finance ministry, or any other ministry? We need to define this [ownership of data] first, and this has been a big debate; the ministries still do not accept to share their data among each other. If you do not organize this today, especially between the Ministry of Finance and the Ministry of Interior [and Municipalities], you will not be able to go forward.

This is because you need the personal, individual [data]—name, family name, and date of birth—as well as the financial information, and the data from the Ministry of Justice, which owns the cadaster. It is a management of three [ministerial stakeholders], of whom each considers themselves to own the data and wants to preserve it [at their ministry] without sharing it with anybody. This is problematic. It is where we are today, but I think that we shall be able to find a solution very soon. Also, let me tell you about another innovation that we [in the IT committee] are working on: I am proposing a law on companies in technology that will be favorable for entrepreneurship and startup companies in the digital ecosystem. This law aims to provide simplified [processes] and quick registration, where we will waive many [requirements] for young companies in order for entrepreneurs to be able to start new tech companies and take them forward very quickly.

E   Would this also involve smoothing of access for young tech companies to the Electronic Trading Platform, or ETP, once this entity is established?

The issue is completely different. [The new legal proposal] is for companies that seek to be incorporated in an easy and light process. That is what we are doing. If these companies later want to join the ETP or evolve onto the Beirut Stock Exchange or somewhere else, they are free to do what they want, but [this law will be there to help them] if they are young startups and want to go forward.

E   It has been a request from participants in the entrepreneurship and tech startup ecosystem to have simpler incorporation requirements for startups. Is your new law proposal addressing this issue then?

Exactly. This [sort of complex requirement] is what we are going to waive. We are helping the [startups]  do things. We know very well that perhaps two of 10 startups will fly. For the rest, we are facilitating the bankruptcy or shutdown, and in case that they are flying alone, we will facilitate their registration so that they can get integrated into the ecosystem. I hope that this law that we are preparing will help a lot in this way. It is a new law that I have not proposed yet, but plan to launch in the near future. It is being drafted.

May I ask how you personally first became involved with the issue of digital empowerment, and what made you aspire to become the chair of the IT committee in the current Parliament?

I have always been interested in IT and technology issues and digital identity. In the last Parliament, I was a member of this committee that, at that time, was chaired by my colleague, [Tripoli MP] Samer Saadeh. So when Samer lost the election [last May], I proposed to become the chairman of the IT committee. I nominated myself because I believe this sector is the future, where a lot needs to be done, and where I have a lot to give.

E   When you gave a speech on Law 81 and your perspectives on the challenges for politicians in the digital era at the end of January, you referred in the conclusion of your speech to issues of leadership and influencing—specifically the dilemma of whether politicians will resort to following the demands and pressures exerted on digital social networks, or if the networks should follow the politicians and their leadership. Would you elaborate on how you perceive this issue and what you see as the appropriate paradigm for digital political behaviors?

I believe that, today, big data is corrupting our mindset and is also corrupting the way we see things in society. It probably is also corrupting the values we have. I believe that, while [digital influences] can corrupt, we should not lose our values, our credibility, and our identities, or the human way of thinking. Data should help [politicians in making decisions] but it should not be [directing] our decisions instead of ourselves. I am pro-technology and pro-evolving, but I also believe that humans still need to [stay in charge]. There are many stories about things like dataism and the danger of data today. We cannot control it, but we need to contain it. 

Thomas Schellen

Thomas Schellen is Executive's editor-at-large. He has been reporting on Middle Eastern business and economy for over 20 years. Send mail