The new 45-article cybercrime law, named the Anti-Cyber and Information Technology Crimes law, is divided into two parts. The first part of the bill
stipulates that service providers are obligated to retain user information (i.e. tracking data) in the event of a crime, whereas the second part of the bill covers a variety of cybercrimes under overly broad language (such as threat to national
Article 7 of the law, in particular, grants the state the authority to shut down Egyptian or foreign-based websites that incite against the Egyptian state or threaten national security through the use of any digital content, media, or advertising.
Article 2 of the law authorizes broad surveillance capabilities, requiring telecommunications companies to retain and store users' data for 180 days. And Article 4 explicitly enables foreign governments to obtain access to information on Egyptian
citizens and does not make mention of requirements that the requesting country have substantive data protection laws.