On September 9, Lebanon’s Ministry of Justice approved a controversial judicial agreement granting the European Union’s judicial agency (Eurojust) direct access to all Lebanese citizens’ sensitive data, in a cross border data transfer deal, without establishing any domestic data protection laws, according to Al-Akhbar.
including criminal records, DNA, and religious affiliation
The deal – now before the Cabinet – has been in negotiations since 2022 and allows a Eurojust liaison judge expansive and privileged access to all Lebanese citizens’ databases. By doing so, the Lebanese government is effectively trading citizen privacy for political goodwill with Brussels, on the expense of its own people.
Lebanon’s weak institutional data governance framework is what allowed this to happen. The absence of strong data governance laws facilitates the exposure of citizens’ data to external authorities – to do with as they please.
The current state of public trust is already weakened by the October 2022 economic collapse and institutional instability. Now, this unregulated data sharing will create an even more dangerous imbalance.
The Lebanese Foreign Affairs Ministry raised no objections and allowed the draft to advance, despite legal experts’ objections. After three years of negotiations, the final text is viewed as overwhelmingly favoring European data access governance.
One thing’s for sure, the new law is definitely not skewed in favor of the Lebanese government, or Lebanese citizens for that matter.
Fundamentally, the law permits Eurojust to access Lebanon’s criminal records, DNA databases, detention files, and other registries, exposing family records, religious affiliation, and address histories.
A Risky Move
The most consequential and attention-grabbing clause is Article 24 in the European data governance plan of Lebanese citizens.
Article 24 of the agreement with the EU forces Lebanese authorities to financially compensate citizens for any inaccurate data shared with Eurojust. The EU agencies, on the other hand, are exempt from any liability, and are only liable for errors originating on their end.
In a nutshell, to speak matter for that they are, data governance plan is an imbalance legal architecture with severe financial implications, benefiting Europe on the expense of the Lebanese people and its government.
Lebanon’s Legislative and Consultation Committee highlighted “an unjustified waiver of the state’s right to claim compensation.”
This sort of arrangement not only risked abuse, lack of data management and governance but possibly even invited EU authorities to harass Lebanese citizens whose political activities or alignments are contrary to EU positions.
The cross border data transfer agreement allows Eurojust to station a liaison judge in Lebanon, granting direct access to sensitive databases an unprecedented intrusion into Lebanese judicial sovereignty.
While Eurojust is directed to “combat terrorism, organized crime, money laundering, racism, and nuclear smuggling,” Lebanese legal experts argue that the country is effectively surrendering its citizens’ privacy.
In practice, the state appears less as a guardian of its people’s rights and more as a broker trading citizens’ data for external approval, undermining its own data security governance.
Why Data Governance Is Important for a Country Like Lebanon
For Lebanon, a nation already facing political instability, economic collapse, and practically zero public trust, protecting citizens’ data is the glue of holding onto what little sovereignty there is. The absence of mass data security laws has led to Lebanon being in the position that it is in today.
Big data in government is no longer just a tool but a power to control the people. In this case, the Lebanese government has consciously given Europe full control over Lebanese citizens.
Making national records accessible to the EU – Israel’s ally – outright means the Lebanese government has built the foundation to make its citizens subject to foreign mass surveillance. Tailored information about family background, religion, and even movement history, would be open for abuse, deceiving citizens in discrimination of data analytics in government or manipulation.
Even more troubling is the absence of an unrelated data protection infrastructure. Though many nations have passed strong data governance laws, Lebanon has hardly any on the books to manage storage, sharing, or protection of personal data which eliminated the role of data governance responsibilities. Without regulations, the agreement provides foreign governments with carte blanche to process, analyze, and most probably misuse Lebanese citizens’ data.
European agencies notified of their plans to travel might restrict Lebanese citizens from moving around, exposing them to subjective targeting because of cross border data transfer which is out of their control. For a population already subjected to flexibility restrictions because of visa regimes, this deal makes the conditions worse than any other time.
At a deeper level, the data sovereignty compliance arrangement sabotages the weak social contract between government and citizens. In avoiding consent and transparency, the government also avoids the public that is already suspicious of political leaders as corrupt.
Instead of strengthening digital sovereignty, Lebanon’s leadership is blamed for negotiating citizens’ data in return for its own political agendas.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.