By Yousef Timacade

Introduction

The collapse of Somalia’s central government in 1991 left a vacuum in the country’s economic and political infrastructure, leading to a period of uncertainty. Despite this instability, Somaliland managed to rebuild key sectors, including telecommunications and banking. In the absence of a centralized government, the private sector stepped in to fill the void, with the first telecommunication companies emerging in the early and mid-1990s. These companies introduced a new era of connectivity, transforming Somaliland into a hub of technological growth and economic opportunity.

By the mid-1990s, private telecommunication companies began offering basic services, catering to the increasing demand for reliable communication in the region. Over time, these companies grew exponentially, with the introduction of mobile banking services like Zaad and E-Dahab further revolutionizing daily life. The adoption of these platforms brought an unprecedented level of convenience to Somalilanders, enabling them to transfer money, pay bills, and perform financial transactions using their mobile phones.

However, alongside the rapid growth of telecommunication services came significant challenges, particularly in the areas of data privacy and user protection. With no comprehensive legal framework in place, telecommunication companies gained immense power, not only economically but also politically. The unchecked growth of these companies created a situation where the balance of power heavily favored corporations over individual consumers, leaving the latter vulnerable to potential data misuse. Without robust data protection laws, citizens of Somaliland face an environment where their personal information can be exploited with impunity.

This paper explores the challenges posed by the lack of data protection laws in Somaliland’s telecommunication and banking sectors. While these industries have undoubtedly contributed to the region’s economic revival, their practices—unchecked by adequate legislation—raise concerns about personal privacy and the potential for exploitation. As Somaliland continues to embrace digital technology, the need for a strong legal framework to protect consumer data has never been more urgent.

2. The Consequences of a Lack of Data Protection Laws

The evolution of Somaliland’s telecommunication sector has brought a wealth of services that have become indispensable to daily life. Companies like Telesom and Somtel have diversified their offerings, providing not only communication services but also financial services such as mobile banking platforms like Zaad and E-Dahab. However, alongside these innovations, there have been concerns about the transparency of data collection and protection practices, as well as the adequacy of customer services. One particular service offered by these companies—anti-theft phone protection—illustrates the gap between customer expectations and the actual protection offered.

Telesom and Somtel have introduced an anti-theft service, collecting a subscription fee of $0.50 per month from users. This service is marketed as a form of protection against phone theft, suggesting to customers that their phones are safeguarded through this plan. However, in practice, if a phone is stolen, the only assistance provided to the user is information on the SIM card that has been inserted into the stolen phone. The companies do not take additional steps to help recover the stolen device or offer any compensation, despite the monthly fees collected from customers for this service. This leaves users dissatisfied, as they expect more comprehensive protection, especially since they are consistently paying for it.

Telecommunication companies and electronic banking services have monopolized critical aspects of daily life in Somaliland, with millions depending on them for routine activities. However, with this reliance comes a significant but often overlooked threat: the collection and sale of personal data without user consent. Every day, individuals unknowingly surrender vast amounts of personal information to these companies, with little to no understanding of how it will be used or to whom it will be sold. The absence of data protection laws only exacerbates this issue, allowing companies to operate without transparency or accountability.

A significant concern arises when users receive unsolicited messages from unknown numbers or businesses promoting irrelevant products or services. This raises the question: how did these marketers obtain personal phone numbers? The answer is often troubling—telecommunication companies are profiting from selling customer data to third-party entities without explicit consent. In a world where data is a lucrative asset, these companies view user information as a commodity more valuable than the prepaid credits or internet packages they offer.

The scope of data collection by these companies is vast and invasive. They track not only basic information like phone numbers but also deeper, more personal insights such as frequent contacts, call durations, visited websites, real-time location data, spending habits, and even details about financial transactions. For instance, Zaad and E-Dahab can record who users transfer money to, who sends them money, and how often these transactions occur. They also have access to market trends, such as which stores are frequently patronized and the overall volume of currency in circulation.

The failure to adequately compensate or assist customers whose phones are stolen raises important questions about the fairness of these services. While telecommunication companies have successfully integrated mobile banking and other advanced services into their platforms, they have not addressed customer needs in areas such as device security or data protection. The minimalistic approach to phone theft—providing only the SIM card information after the phone is stolen—reflects a broader issue within Somaliland’s telecommunications sector: the imbalance of power between the companies and the consumer, exacerbated by the lack of regulatory oversight.

In a market where telecommunication companies hold significant influence, users often find themselves left in the dark about how their data is collected, stored, and shared. The majority of customers sign up for services without fully understanding the extensive terms and conditions that permit telecommunication companies to collect personal information. This data can include not just basic information such as phone numbers but also detailed records of calls, financial transactions, and even location data. The lack of transparency about who else has access to these data leaves users vulnerable, as they have no clear recourse for misuse of their personal information.

Moreover, Somaliland lacks comprehensive legislation to regulate how private companies collect and use customer data. This creates an environment where companies can exploit data without consequence, selling it to third parties for marketing purposes or even more concerning uses, such as surveillance. The increasing value of data in the digital age makes this lack of protection even more alarming. Users are not just at risk of losing their phones; they are also at risk of having their personal data misused by entities they are unaware of.

In the digital age, data privacy concerns have become increasingly widespread, and it’s not just telecommunications companies under scrutiny. Transportation apps, now a common service in Somaliland, also play a major role in data collection. Whenever a user requests a ride, they unknowingly share a wealth of personal information with the service provider. Upon reaching a destination, users receive details such as the driver’s name, phone number, car model, license plate, travel distance, and the fare—often linked to financial platforms like Zaad or E-dahab.

Although this exchange of information seems innocuous, it is part of a broader data collection system that stores critical personal details like names, age, and precise movement patterns. What many fail to realize is the extent to which transportation apps track and store sensitive data. These services record exact pickup and drop-off locations, the route taken, and the duration of each journey. Over time, these data points can be used to create highly detailed profiles of individuals. When aggregated, the information reveals personal movement patterns, frequently visited places and daily routines.

While some companies claim this data is collected to improve service efficiency, the implications of such surveillance go far beyond convenience. In fact, with the use of machine learning algorithms, these companies can predict user behavior, anticipating when and where a person will request a ride even before they make the decision. Such predictive technology, while advanced, raises serious concerns about the erosion of privacy.

The risks associated with this kind of data collection are not theoretical—they have real-world consequences, particularly for vulnerable populations. If this personal movement data falls into the wrong hands, it could be used maliciously. For example, if terrorists, criminals, or even business competitors gain access to such information, it could have devastating effects. Politicians, business leaders, and women are especially vulnerable. Politicians may be tracked and targeted by rivals or extremists who can anticipate their movements. Women, too, are at increased risk, as rapists or stalkers could use the data to predict where they will be, making it easier to harm or intimidate them. In the case of business competitors, detailed movement data could give one side an unfair advantage by revealing meeting locations or travel patterns, jeopardizing sensitive negotiations or transactions.

The lack of regulatory oversight in Somaliland exacerbates these risks. Without comprehensive data protection laws, companies are free to store and potentially sell this sensitive data without customer knowledge or consent. There are few if any, legal barriers preventing these companies from sharing or profiting from the personal information they collect. This creates an environment ripe for exploitation, where sensitive data could be sold to the highest bidder, whether that’s a marketing firm, a political rival, or worse, a criminal network.

The potential for abuse is enormous, and the implications go beyond the digital realm, spilling into the physical safety of individuals. For women, the risks are profound. Access to movement data by bad actors could put them at risk of gender-based violence, as predators could predict their daily routines and use this information to cause harm. Similarly, business leaders and politicians could be targeted based on their whereabouts, leaving them exposed to sabotage, blackmail, or worse. Even ordinary citizens could be victims, with criminals tracking their movements to identify patterns that make them vulnerable to theft or attack.

Given these dangers, the urgent need for data protection legislation in Somaliland cannot be overstated. The current regulatory vacuum leaves customers exposed, with no meaningful way to protect their privacy or seek recourse in cases of data misuse. Comprehensive laws that safeguard personal data, regulate its collection and use, and hold companies accountable for breaches are essential. Until such measures are in place, individuals in Somaliland remain at the mercy of companies that collect, store, and potentially misuse their personal data without their full knowledge or consent.

3. Power Dynamics and the Legal Vacuum

One of the most troubling aspects of this situation is that individuals have virtually no recourse. In Somaliland, customers cannot file lawsuits against telecommunication companies for data misuse because of two key reasons: the absence of a strong legal framework and the significant power imbalance between these companies and individual citizens.

Telecommunication companies wield enormous influence, both economically and politically. They operate as untouchable entities, capable of blocking legal actions and controlling the narrative surrounding their practices. Individuals, on the other hand, lack the financial resources and legal expertise to challenge these powerful corporations. As a result, they are left without protection, and their personal information is at risk of being misused with impunity.

Even if users were aware of the misuse of their data, the lack of clear laws makes it nearly impossible to hold companies accountable. There is no legislation mandating that telecommunication companies disclose their data-sharing practices or obtain explicit consent before selling user information. This legal vacuum allows companies to operate without fear of consequences, further entrenching the power imbalance between corporations and consumers.

The Somali Penal Code, a relic of its colonial past, does not contain specific provisions regarding modern issues such as data protection or the misuse of personal information by telecommunication companies. This outdated legal framework is one of the key reasons individuals in Somaliland, and across Somalia, have no effective recourse when their data is misused.

The Somali Penal Code lacks any comprehensive legislation that governs data protection, privacy, or consumer rights in the digital space. While certain provisions within the Penal Code address crimes like theft or fraud, these are inadequate to address the complexities of data misuse. For example, there are no laws requiring telecommunication companies to disclose how they collect, store, or share customer data, nor are there mechanisms in place for consumers to provide informed consent for such activities. This gap leaves personal information vulnerable to exploitation without any legal safeguards.

The lack of legislation mandating transparency in the data-sharing practices of telecommunications companies allows these entities to operate with impunity. The absence of any obligation to disclose how user data is handled creates a legal vacuum in which companies can sell or share personal information without users’ knowledge or consent. This practice exacerbates the power imbalance between corporations and individuals, as customers cannot even begin to challenge a violation they are unaware of.

The economic and political influence of telecommunication companies further compounds the issue. These corporations often have close ties with political elites, making it difficult to hold them accountable. The Somali Penal Code does not provide effective legal remedies for consumers to file lawsuits against these powerful companies. Moreover, most individuals lack the financial resources or legal expertise to mount a case even if they were aware of the misuse of their data. The absence of class-action mechanisms or consumer advocacy groups in the legal framework further isolates individuals from challenging these companies.

While the Penal Code does address traditional crimes such as theft, fraud, and trespass, it does not extend these concepts to digital crimes like data theft or unauthorized access to personal information. Without modern cybercrime laws or a robust regulatory framework, users are left vulnerable to digital exploitation with little recourse. The legal system has not caught up with the technological advancements that have drastically changed the way information is collected, used, and misused.

The current situation highlights an urgent need for legislative reform in Somaliland. The legal framework must be updated to include clear provisions around data protection, consumer rights, and corporate accountability. Legislation should mandate that telecommunication companies disclose their data-sharing practices, obtain explicit consent from users, and be held accountable for violations of privacy rights. Furthermore, establishing regulatory bodies that oversee corporate practices and provide recourse for individuals could help balance the power dynamics between large corporations and individual consumers.

4. Conclusion.

The rapid development of telecommunications and electronic banking in Somaliland has undoubtedly brought significant economic benefits and convenience to its citizens. However, these advancements have come with a hidden cost: the potential violation of personal data privacy. The absence of a robust legal framework to regulate data collection, usage, and sharing has left consumers vulnerable to exploitation by powerful telecommunication companies. These companies, unrestrained by legislation, are free to collect and sell vast amounts of personal information, from phone numbers and call data to financial transactions and movement patterns. This unchecked data collection not only invades personal privacy but also creates security risks, especially for vulnerable populations, such as women and political leaders.

The power imbalance between telecommunication companies and individual users is stark, with companies enjoying political and economic influence that shields them from accountability. Consumers, meanwhile, lack the legal tools to challenge these corporations or seek redress for data misuse. Without clear laws and regulations that mandate transparency and accountability, telecommunication companies are free to operate with impunity, further entrenching their dominance in both the economy and the political landscape of Somaliland.

The need for legislative reform is urgent. Somaliland must prioritize the creation of comprehensive data protection laws that safeguard citizens’ privacy, regulate corporate data-sharing practices, and establish mechanisms for holding companies accountable. Until such reforms are implemented, the risks to data privacy will continue to grow, leaving individuals exposed to potential exploitation and harm in an increasingly digital society. The promise of economic growth and technological advancement should not come at the expense of personal privacy and security. Somaliland must strike a balance between progress and protection, ensuring that its citizens can benefit from technological innovation without sacrificing their fundamental right to privacy.

Yousef Timacade is a lawyer, legal analyst, and commentator with over a decade of experience in program management, research, and human rights advocacy. He holds master’s degrees in both law and executive management, which have equipped him with a unique blend of legal expertise and leadership acumen. Throughout his career, he has worked with numerous national and international non-governmental organizations, driving impactful initiatives in the areas of human rights, policy development, and social justice. Currently, Yousef serves as the Country Coordinator for Somalia and Somaliland at SIHA Network, where he leads efforts to advance women’s rights and advocate for marginalized communities

RELATED ARTICLESMORE FROM AUTHOR