The Right to Privacy in the Digital Age

In the context of the rapid transformation of the digital world, technology has become an integral part of everyday life, permeating personal, professional, social, and political spheres alike. While this technological advancement has led to a paradigm shift in modes of communication, information exchange, and the provision of public and private services, it has also given rise to unprecedented challenges to human rights—most notably, the right to digital privacy. Digital privacy has emerged as one of the most pressing and complex human rights issues of our time, due to the extensive collection of personal data, the tracking of online behaviour, and the exploitation of sensitive information by a range of actors, including governments, private corporations, and non-state entities.

Although the digital era has significantly expanded individuals’ opportunities for expression, access to information, and participation in the public sphere, these freedoms are frequently constrained or threatened by practices of mass surveillance and intrusions into personal privacy, both overt and covert. The danger lies particularly in the deployment of advanced technological tools—such as spyware, facial recognition software, and big data analytics—for monitoring digital activity, including private communications, browsing habits, and geographic locations, often without the knowledge or consent of those affected.

These concerns are particularly acute in authoritarian regimes, where digital technologies are increasingly weaponised to restrict civil liberties, suppress dissent, and target human rights defenders, journalists, and political activists. In such contexts, the right to digital privacy transcends technical considerations and becomes a fundamentally political and human rights issue, striking at the core of individual dignity and basic freedoms.

In international law, the right to privacy is explicitly protected under Article 12 of the UDHR, which states, “No one shall be subjected to arbitrary interference with his privacy, family, home, or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” Furthermore, Article 17 of the International Covenant on Civil and Political Rights (ICCPR), provides that “no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence” and that “everyone has the right to the protection of the law against such interference or attacks.”

Moreover, private technology and telecommunications companies bear specific responsibilities under the United Nations Guiding Principles on Business and Human Rights (UNGPs), which obligate businesses to respect human rights, including privacy, to conduct due diligence to prevent harm, and to provide remedies when violations occur. Within the same context, the UN General Assembly Resolution 68/167 (2014) also addresses the crucial matter of “The right to privacy in the digital age.” This resolution emphasizes the significance of preserving the right to privacy in the digital era and urges member states to adopt measures for its protection.

Against this backdrop, there is an urgent need for robust legal and regulatory frameworks—both at national and international levels—that can ensure a fair balance between technological development and the protection of fundamental rights and freedoms. Central to such frameworks must be the principles of transparency, accountability, and the rule of law.

Digital Privacy and the Legal Framework in Oman

In the Sultanate of Oman, the expanding role of the Internal Security Service (ISS), along with affiliated or cooperating security agencies, poses an increasing threat to the safety and personal security of individuals in the digital sphere—both in their private and professional lives. The OCHRD has received multiple reports from individuals who were summoned for interrogation through extralegal means, such as anonymous phone calls or in-person visits by security personnel to their workplaces, where they were coerced into accompanying agents to unknown locations for questioning.

During these interrogations, individuals report being unexpectedly stripped of all their electronic devices—including mobile phones, tablets, and personal computers—without any formal warrant or legal justification. Moreover, some individuals indicated that the summons for interrogation explicitly included instructions to bring all personal electronic devices with them, effectively enabling broad and invasive access to private data.

In 2020, less than two months after ascending to power, Sultan Haitham bin Tarik issued Royal Decree No. 4/2020, enacting the Law of the Internal Security Service (ISS). Article 10 of this law grants the ISS broad authority to access the personal information of any individual if such information is deemed “necessary for security purposes.” Crucially, the assessment of this necessity is left entirely to the discretion of the ISS itself, without the imposition of objective criteria or external oversight. Furthermore, Article 11 empowers the ISS to exercise “supervisory and investigative authority” by all available means, while explicitly preventing any institution—whether judicial or security-related—from overseeing this authority, unless by direct order of the Sultan.

In a parallel move that expands state surveillance over individuals and their digital privacy, Royal Decree No. 64/2020 was issued to establish the Cyber Defence Centre, which, according to Article 1 of its regulations, is headed by the Director of the ISS. Although the Centre is formally introduced as part of a “national cyber defence strategy,” its legal and operational overlap with the Internal Security Service Law effectively grants it extensive powers to monitor, access, and potentially infiltrate the personal electronic devices of individuals and institutions alike, under the justification of protecting national security and public order.

Article 6 of Chapter Two—titled “Objectives and Competencies of the Centre”—explicitly outlines these powers, allowing the Centre to take technical measures to detect and address digital threats. However, the absence of judicial authorisation or independent oversight mechanisms raises serious concerns about the compatibility of these measures with international legal standards on the right to privacy, procedural safeguards, and the principle of legality.

Other laws in Oman contribute significantly to fostering self-censorship among individuals regarding their communication with others and their use of social media platforms and the broader digital space. Numerous activists, tweeters, and writers have been prosecuted based on their posts or articles, relying on provisions of the Omani Penal Law, notably Articles 97, 102, 108, and 115, as well as Article 19 of the Cybercrime Law. Testimonies from many individuals who have been summoned or subjected to investigations reveal that questioning often focuses on their contacts with certain persons or entities, based on the surveillance of their electronic devices and the applications installed therein.

Based on the foregoing, it becomes clear that the right to digital privacy in Oman is systematically violated, not only through security practices but also via existing legislation that provides a legal cover for such infringements. These laws grant security agencies extensive powers to monitor individuals’ digital activities and impose penalties, such as banning access to social media platforms, detention, or imprisonment if the security apparatus interprets any online activity as unlawful or as undermining the “dignity of the state.”