Moroccan Parliament Commemorates International Data Privacy Day

Speaker of the House of Representatives Rachid Talbi El Alami took part on Tuesday, February 1, 2022, in the opening of a seminar organized by the House of Councilors on the topic "Law 09.08 on the protection of individuals with regard to personal data processing." The seminar, organized in partnership with the National Control Commission for the Protection of Personal Data, is a commemoration of the International Data Privacy Day.

On this occasion, Speaker of the House of Councilors Naam Miyara gave an address on behalf of the two Houses of the Moroccan Parliament. Here follows the full text of the address:

Honorable President of the National Control Commission for the Protection of Personal Data and President of the Committee for the Right to Access Information,

Honorable Chairpersons of the Parliamentary Groups and Caucuses,

Honorable Chairpersons of the Standing Committees,

Honorable Councilors,

Honorable representatives of public institutions and organs, and actors of the civil society,

Esteemed ladies and gentlemen,

Allow me first to welcome you, each in their name and title, in this commemoratory seminar organized by our venerable House in partnership with the National Control Commission for the Protection of Personal Data on the occasion of the International Data Privacy Day (which is celebrated on January 28 of each year). This seminar is the first phase in the partnership and cooperation project with this Commission and the Commission for the Rights to Access Information. It will be followed by other steps and projects currently under debate. It is also part of implementing the strategic choices of the House of Councilors, including openness to its entourage and cooperation with the various national public and constitutional institutions and authorities.

Esteemed ladies and gentlemen,

The protection of personal data is of the utmost importance in our country and at the global level, given the challenge before the international community to unite its efforts to ensure adequate protection. Such protection aims to strengthen the fundamental freedoms and rights of individuals by providing more legal and constitutional guarantees and preserving the inviolability of private life from exploitation.

The protection of personal data, as you are aware, is a cornerstone in the protection of privacy and one of the vital elements of confidence-building in cyberspace and the safe use of information and communication technologies, especially in the economic sphere and in development. From the numerous definitions adopted in the various comparative laws regulating the processing, exchange or publication of personal data, it is clear that the primary concern for their protection is to preserve the right of individuals to privacy. In this sense, international human rights law has made it mandatory that any interference with the right to privacy must be lawful, necessary and pertinent and that those whose right to privacy is violated must have access to effective means of appeal and justice.

On this basis, the recognition of the protection of personal data is an acknowledgment of the right of citizens to preserve their privacy. It is also an acknowledgment of the State’s right to access and process such data within a specific and transparent legal and regulatory framework. Such a framework enables the competent authorities to prevent acts that violate security and order and prosecute and penalize the perpetrators.

It should be recalled that privacy respect is an inherent right of physical people as humans. Hence, democratic States commit to protecting this right and consider it independent, both by enacting laws and seeking to embed it in people's minds. Accordingly, this right forms the basis of the right to personal data protection. The latter is linked to the need to protect private rights and freedoms.

In the same vein, attention has been given to a number of rights associated with the unrestricted flow of information on the Internet, such as the right to access, exchange and publication. However, caution against the possible dangers of the flow of such information was the main reason for raising the issue of the right to privacy preservation and personal data protection.

In the same context, and since the 1970s, international concern has been growing with regard to personal data preservation as a necessary step to preserve the right to privacy, which has required numerous decisions, both by the European Union and the United Nations. Accordingly, many States have adopted laws aimed at protecting the private life of physical persons from the consequences of their processing in the context of the creation of databases in the public and private sectors.

Esteemed ladies and gentlemen,

During the current century, the proliferation and use of modern technology have led to an increase in threats to human privacy due to the widespread use of personal data in the digital sphere. In this respect, the evolution of new technologies increases the risks and threats to privacy, making it necessary to curb new technologies’ violation of personal data. In this context, several international and national laws have been adopted to protect individuals from the risks associated with personal data processing. They are laws that came in response to the increase in the collection, storage, transfer and exchange of personal data through new technologies.

The increased focus on protecting data privacy has also been very prominent in the deliberations and discussions of the UN human rights bodies. For example, in 2015, the United Nations Human Rights Council established a new mandate for the Special Rapporteur on the right to privacy. Since then, the Human Rights Council has regularly adopted resolutions on privacy in the digital age in the form of recommendations for States and companies.

In the same vein, our country, like many other democratic States, has given particular importance to personal data protection. Since the beginning of the century, the Kingdom of Morocco has demonstrated its firm will to respect and protect human rights through several constitutional, legal and institutional reforms.

Esteemed ladies and gentlemen,

Our country today has an important constitutional, legal and institutional framework taking shape in Article 24 of the 2011 Constitution that provides for the right to protect private life and Law 09.08 on the protection of individuals with regard to personal data processing, which establishes the National Control Commission for the Protection of Personal Data as a supervisory and monitoring authority.

It should be noted that for the first time in our country, Law 09.08 on the protection of individuals with regard to personal data processing stipulated many legal provisions aimed at protecting individual and collective identities, rights and freedoms and private life from anything that might affect them through the use of information technologies. Accordingly, the said Law establishes the right to access personal databases, oppose specific processes, request correction of erroneous data or wipe data that has expired or been processed.

Upon the adoption of this Law, our country has become one of the first States in the MENA and Africa to have a complete protection system and one of the safe destinations in the area of the exchange of personal data, bearing in mind Law 103.13 on combating violence against women, which also included special provisions for the protection of private life, added to the Penal Code.

I would also like to recall that some other legal provisions are relevant to this subject and included in several legal texts (the Law establishing consumer protection measures, the Law on electronic exchange of legal data, the Law on mail and telecommunications).

In addition, there are a large number of international conventions to which our country has acceded within the framework of the European Union's Neighborhood Policy, the most important of which are the Budapest Convention and Convention No. 108 of the Council of Europe and its Additional Protocol.

I want to point out that on January 18, 2022, our venerable House adopted Government Bill 52.21 ratifying the African Union Convention on Cyber Security and Personal Data Protection, adopted in Malabo (Equatorial Guinea) on June 27, 2014. It should also be noted that Government Bill 53.21 ratifying the protocol amending the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed in Strasbourg on October 10, 2018, is currently before the House of Representatives and will subsequently be referred to our House for completion of the ratification procedure. I would also like to recall that our country is also taking part in the European Union and the Council of Europe’s Joint Action against Cybercrime.

 Esteemed ladies and gentlemen,

The challenges of globalization and the digitization process have resulted in producing a large volume of personal data, with easy access to and circulation. Meanwhile, the threats and risks posed by its treatment, management and misuse have increased. This increases the burden of responsibility for raising the challenge of establishing an effective protection system through the imposition of strict legal procedures against the misuse of personal data and the infringement of privacy. It is also necessary to adhere to the highest standards in this area to preserve the opportunities of using modern data-processing technologies at the economic, social, and cultural development levels.

Thus, we consider that one of the main entries, including our area of competence as a legislative institution, is the legal approach, through refining the legal and regulatory framework on the protection of personal data and adapting it to the UN human rights normative framework and the orientations of international organizations and bodies, such as the Organization for Economic Cooperation and Development and the European Union, who have issued a number of directives, guidelines and resolutions on the principles of personal data protection.

In conclusion, and because we believe that legal adaptation is a fundamental opportunity to meet the challenges, we must, from our modest perspective, draw upon the best continental and regional practices on the subject to ascertain the extent to which national laws on the protection of personal data are converging and how conformant they are with international laws and the universally adopted recommendations, through identifying points of convergence and differences to draw appropriate and worthy lessons in our Moroccan context. This is, of course, what we are trying to achieve through this important seminar, which is an opportunity to provide further details on personal data protection. It is also an occasion to shed light on what has been achieved in this regard, the work of the National Control Commission for the Protection of Personal Data and the obstacles to its work, and a chance to learn about the relevant international and national challenges.

Thank you for your keen listening.