Suggested Readings

APC statement on the suspension of Twitter services in Nigeria

After the ban of Twitter on 4 June 2021, in Nigeria by the Federal Government, Association for Progressive Communications (APC) network went on to issue a public statement sharing their views, the state of affairs and their stance on the development. The statement is available in full below:

Resource type:

Call on the Nigerian Government to Rescind its Indefinite Suspension of Twitter’s Operations in Nigeria.

In a letter to Nigerian president and other prominent departments of ministry within the Nigerian government, Paradigm Initiative in lieu with fellow undersigned organizations have gone on to ask the state authorities to rescind their suspension on Twitter access and operations in the African country.

Resource type:

Privacy and Personal Data Protection in Africa: A Rights-based Survey of Legislation in Eight Countries

The country reports collected here offer an in-depth rights-based analysis of the status of privacy and data protection legislation in Ethiopia, Kenya, Namibia, Nigeria, South Africa, Tanzania, Togo and Uganda. This publication was part of a project by the African Declaration on Internet Rights and Freedom (AfDec) Coalition, “Strengthening a rights-based approach to data protection in Africa”, whose objective was to foster a rights-based approach to the adoption and implementation of this legislation.

In assessing country contexts, the authors gave an analysis of a state’s regional and global commitments to privacy, and the impact of the country’s legislative environment on privacy. They also undertook a specific analysis of the data protection laws as they exist in each country, identified key privacy rights actors and institutions, evaluated data protection practices in internet country code top level domain name (ccTLD) registration, and analysed the status of the country’s data protection authority.

Two key frameworks were used for analysis for this research: Principle 8 of the African Declaration on Internet Rights and Freedoms, which deals with privacy and personal data protection, and the human rights-based approach to policy and legislative development, whose basic principles include participation, accountability, non-discrimination and equality, empowerment and legality.

Each report ends with a series of recommendations to different stakeholders in the respective countries. A key role for civil society identified in the reports’ recommendations is that of monitoring the implementation of privacy laws and other related legislation in order to hold governments to account at different levels. At the local and national level, part of this monitoring involves documenting and reporting breaches of data protection and privacy legislation. At the regional and international levels, the reports note a need for the formation of coalitions by civil society groups in order to strengthen their capacity to monitor implementation of the laws, and increase their engagement with both regional and international human rights mechanisms, such as through submissions to the Human Rights Council’s Universal Periodic Review when countries are due to report.

This research provides an important benchmark for this future advocacy.

This publication was produced with support from the Deutsche Gesellschaft für Internationale Zusammenarbeit GmbH (GIZ).


African Declaration on Internet Rights and Freedoms Coalition




Resource type:

Privacy and Personal Data Protection in Africa - Advocacy Toolkit

New toolkit offers insights into advocacy around the growing need for privacy and personal data protection in Africa

As online interactions form an ever greater part of our daily lives, a growing amount of our personal data is being collected, stored and mined by different public and private sector players. As a result, issues regarding the right to privacy and personal data protection have become increasingly relevant. The COVID-19 pandemic has sped up this shift to the digital sphere significantly around the world, and Africa is no exception. This makes the recent launch of the Privacy and personal data protection in Africa: Advocacy toolkit especially timely.

The toolkit was developed by the African Declaration on Internet Rights and Freedoms (AfDec) Coalition. It provides an overview of all relevant national, regional and international mechanisms, duty bearers and rights holders, and a checklist for analysing data protection and privacy-related policy and legislation using the human rights-based approach (HRBA).

The two lead consultants in the development of the toolkit, the University of Pretoria Centre for Human Rights and ALT Advisory, have been prominently involved in privacy and data protection in Africa.

A broad range of African stakeholders from diverse geographical and professional backgrounds validated the toolkit, which is meant to raise awareness among civil society actors, policy makers and human rights activists on the HRBA.

This advocacy toolkit provides an overview of the legal standards concerning the right of privacy and personal data protection in Africa and offers a set of practical tools for stakeholders in the formulation and implementation of data protection frameworks.

At the same time, the toolkit is a guide to engage with, advocate for, and inform policy makers on data protection and privacy in Africa, and can also be used as a manual by trainers in the understanding of data protection and privacy for various actors.

The toolkit is divided into three parts, with the first one providing an introduction to the international and regional human rights frameworks, while part two delves into the content of the right to privacy and personal data protection. Part three, on the other hand, deals with duty bearers and rights holders. It focuses on issues such as data protection terminology; key principles of data protection law; the rights of data subjects and obligations of duty bearers; and policy guidelines on data protection and privacy.

The toolkit draws lessons from the European frameworks relating to data protection such as the General Data Protection Regulation (GDPR), which is intended to harmonise the collection, storage, use, sharing and processing of personal information across Europe.

The toolkit also highlights the existing African frameworks on data protection, including the revised Declaration of Principles on Freedom of Expression and Access to Information in Africa adopted by the African Commission on Human and Peoples’ Rights, as well as the African Union Convention on Cyber Security and Personal Data Protection.

Several recommendations are offered, among them, the need for the African Union Commission to incorporate the right to privacy in the work of other special mechanisms beyond the Special Rapporteur on Freedom of Expression and Access to Information. 

It also recommends that the Pan African Parliament, the legislative body of the African Union, develop programmes on privacy, data protection, consumer protection, electronic commerce, cybercrime, the fourth industrial revolution and the implications of technology on privacy and data protection.

On national data protection agencies, the toolkit recommends that their powers, tasks and responsibilities should be to supervise and monitor the application of data protection laws and implementation of sanctions in cases of non-compliance.

The toolkit also spells out the role of law enforcement agencies, which should including working with the data protection agencies and processing personal information in a lawful, fair and transparent manner.

For their part, national human rights institutions are urged to see privacy and data protection as human rights concerns that should fall within the scope of their mandate.

Resource type:

A Safer Web for Women

This comic strip was produced by the Kenya ICT Action Network, and can be used as a training tool.

Most women will attest to being sexualized long before they knew they were women - or being treated less, long before they ever considered what they were or were not capable of. This reality is no different online. In fact, it is amplified. Actions expressing long-established stereotypes of women's worth deriving from their purity, ability to find and keep a husband, bear children and to make and stay at a home are exacerbated online. The domination of patriarchy through violence is magnified online in ways that would not be possible or at least to the same extent in the physical world. In this story of three differently-aged, differently-shaped, and differently-employed women we see what that violence can look like online, how the seemingly harmless can actually contribute to it and what we can all do to prevent it and to create a safer space for women online. As a society, we are only as strong as our least powerful person and we can only hope for a better tomorrow if we stop disempowering them through our actions both online and offline.

Read below about  Lulu, Amani, and Pendo's story to learn about online gender-based violence and creating safe spaces for women online

Resource type:

The struggle for the realisation of the right to freedom of expression in Southern Africa

The right to freedom of expression is enshrined as a cornerstone of democracy. This is because of its intrinsic importance in informing the public and encouraging debate. Inherent in the right to freedom of expression is the notion of access to information and press freedom. Freedom of expression also underpins a range of other rights, thereby enabling the full realisation of fundamental rights. It is by now well-established by the UN and the African Commission on Human and Peoples’ Rights (ACHPR) that rights, particularly the right to freedom of expression, apply equally online and offline. As set out in the African Declaration on Internet Rights and Freedoms:

  • Everyone has the right to hold opinions without interference.
  • Everyone has a right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds through the Internet and digital technologies and regardless of frontiers.
  • The exercise of this right should not be subject to any restrictions, except those which are provided by law, pursue a legitimate aim as expressly listed under international human rights law (namely the rights or reputations of others, the protection of national security, or of public order, public health or morals) and are necessary and proportionate in pursuance of a legitimate aim.
  • The exercise of the right to freedom of expression can, at times, require tolerance from others. As has been explained by the Constitutional Court of South Africa, the right to receive or impart information or ideas is applicable “not only to ‘information’ or ‘ideas’ that are favourably received or regarded as inoffensive or as a matter of indifference, but also to those that offend, shock or disturb.”

Indeed, the right extends even where those views are controversial: The corollary of the freedom of expression and its related rights is tolerance by society of different views. Tolerance, of course, does not require approbation of a particular view. In essence, it requires the acceptance of the public airing of disagreements and the refusal to silence unpopular views.

Notably, however, the right to freedom of expression is not absolute. It must necessarily be balanced against competing rights and interests. Some forms of speech do not enjoy any protection under international law, while other restrictions to the right to freedom of expression are only permissible under certain circumstances.

The challenge being experienced in Southern Africa – and indeed globally – is that states and private sector actors are adopting laws, policies and other measures that unjustifiably restrict the right to freedom of expression. This is typically done under the guise of, for instance, national security or the protection of reputation, but it encroaches far beyond that which is permitted under the law  These unjustifiable restrictions have a chilling effect on the free flow of ideas and meaningful discourse, and have the potential to severely undermine the full realisation of the right.

This report focuses on the content of the right to freedom of expression and gives an assessment of restrictions to the right. In Part I, we look at the international human rights framework on the right to freedom of expression as set out in international treaties and other appropriate resources, in order to distil the key elements of the right. In Part II, we set out the legal position on the circumstances under which the right to freedom of expression may be limited. In Part III, we explore key case studies across Southern Africa that raise serious concerns about existing or prospective laws that will restrict the right to freedom of expression. Lastly, in Part IV, we will take a forward-looking approach to consider what strategies can be used to safeguard the right to freedom of expression at its essence, and set out our recommendations for different stakeholder groups. This report does not purport to cover all laws in the respective countries in Southern Africa. Instead, the researchers have had the discretion to identify those laws that are seen to be of most concern in the present time, taking into account the political, social and economic landscape in the country at the moment. Through this report, we have identified key trends and recommendations for states, private sector actors and civil society to consider in the development of laws, policies and measures that impact the right to freedom of expression.

The need for this report was identified at a meeting of the Southern African members of the African Declaration on Internet Rights and Freedoms (AfDec) Coalition. It was recognised that while the right to freedom of expression is firmly entrenched at the domestic, regional and international levels, the realisation of this right remains a struggle in practice, particularly in the digital era. 

Resource type:

Lived experience of advocating for data protection in Uganda

By Dorothy Mukasa

Data privacy is a global policy issue, and during the past 30 years, data protection laws started gaining ground on the African continent. At the East African level, Uganda became the first country in the region to enact a comprehensive data protection law in February 2019.

The Data Protection and Privacy Act, 2019 reinforces Article 27 of the 1995 Ugandan constitution, which guarantees citizens’ right to privacy. It thus took the authorities 24 years after promulgation of the national constitution to regulate data protection and 20 years for the drafting of the bill, placing vulnerable communities at risk.

Throughout the legislative process, Unwanted Witness Uganda and other civil society actors undertook a series of advocacy efforts aimed at fostering a rights-based approach to data protection, given the fact that privacy is a fundamental human right. At this year’s workshop on “Privacy and data protection in Africa: Challenges and prospects”, organised by the University of Pretoria and the African Declaration on Internet Rights and Freedoms (AfDec) Coalition, we shared Uganda’s lived experience advocating for data protection legislation.

Changes at the policy making level

In accordance with Uganda’s electoral laws, the country conducts general elections every five years, and the changes usually eliminate over 70% of incumbents. This coupled with a prolonged policy-making process affected the already established networks as well as the advocacy strides made, since a new breed of leaders assumed legislative positions.  

The advocacy strategy then had to be revised from simply targeting only policy makers to also include the technical personnel at parliament, since they are more permanent compared to members of parliament.

Technical capacity

The majority of policy makers are elected to parliament for different reasons other than their legislative capacity. This lack of technical capacity is particularly concerning when it comes to regulating technology and human rights – a relatively new policy area in the country. Therefore, capacity building and awareness raising became a critical advocacy approach to achieving comprehensive data protection legislation.

Building an active citizenry

While privacy is as old as creation, the low level of data privacy consciousness in the digital era among the public is glaring. Citizens are not aware of the social contract between them, the state and tech companies, creating a lot of power imbalance and subsequent abuse of the right to privacy. Research exposing the effects of unregulated data-intensive systems on citizens’ privacy and subsequent media campaigns greatly contributed to raising privacy awareness among the public. The change in public attitude and perception about data privacy culminated in demanding accountability from both state and non-state data collectors and processors.

Working with the national human rights institution

The Uganda Human Rights Commission is a constitutional body mandated to, among other roles, monitor the government’s compliance with international treaty and convention obligations on human rights and recommend to parliament effective measures to promote human rights. We engaged the commission through sharing our research findings and recommendations and constantly raising the need to monitor and provide recommendations for safeguarding the right to privacy in the digital age. The commission is important because recommendations made in its annual report are debated and implemented by policy makers.

Coalition building

We spearheaded the formation of the privacy coalition with the aim of having a strong and unified voice. The coalition comprises civil society actors working on different thematic areas including health care, media freedom, freedom of association and assembly, education and migration, among others.

Creating a link between the right to privacy and the enjoyment of other human rights was an opportunity to amplify data privacy as a fundamental human right that needs to be advocated for by all right holders and not a reserve for only digital rights advocates.

Law and compliance

Passage of the data protection law remains a milestone for the different advocates over the years. However, the biggest hurdle still remains: enforcement/compliance.

The new law lacks an independent oversight mechanism as it simply establishes a Data Protection Office (DPO) within an existing government agency, raising concerns around conflict of interest, effective compliance, resource capacity and transparency for the appointment of members of the authority.

Indeed, to effectively protect the right to privacy, more strategic advocacy is required during the law enforcement stage. This therefore makes the privacy and personal data protection in Africa advocacy toolkit, as designed by the AfDec initiative, very relevant in shaping the data protection legal regime.      


Resource type:

Key Issues in Data Protection Policy-Making and Implementation: lessons from Dr Ian Brown

Dr. Ian Brown, a data protection expert and a trainer with the African School on Internet Governance, gave a presentation at the Conference on Privacy and Data Protection in Africa organized by The Centre for Human Rights, University of Pretoria in collaboration with the African Declaration on Internet Rights and Freedoms Coalition. The conference brought together academics, students, policymakers, and practitioners working in key areas related to privacy and data protection in Africa including big data, information technology, artificial intelligence, cybersecurity and human rights law.

Dr Brown discussed key policy and implementation issues from recent data protection events in Europe and gave a projection of warnings from problems seen in the European Union as a guide for better policy-making and implementation of data protection in Africa. He emphasized the issue of children and data protection, using the example of the Children's Commissioner for England’s appointment and role, to look out for children’s needs and rights, especially in the digital age. Another highlighted area was the need for the appointment of specialist technology regulators by African countries to better enforce our data protection laws. He noted, however, that these appointments require significant budget allocations. Budgetary constraints have already been cited as one of the main hindrances to the work of data protection authorities on the African continent and the enforcement of data protection laws in turn. Dr Brown’s presentation concluded with praise for the African Union’s commitment to cybersecurity regulation to underpin data protection on the continent.

You can access all the recordings of the Conference on Privacy and Data Protection in Africa here

See Dr. Ian Brown's presentation on SlideShare or download the original here.

Resource type:

Letter to MTN's CEO - Dialogue on Human Rights

The African Declaration on Internet Rights and Freedoms Coalition (AfDec) co-signed a letter from Access Now to the newly appointed CEO of telecom giant, MTN, Ralph Mupita, alongside eight other civil society organizations. The letter highlights civil society’s concerns with how MTN has enabled the violation of human rights and democracy, and it also offers guidance on how MTN can better respect the human rights of their users

Resource type:

Solidifying internet rights to increase information access in Zimbabwe

By Koliwe Majama

Zimbabwe is set to commemorate the International Day for Universal Access to Information on the 28th of September 2020. This comes at a time when the country, alongside the rest of the world, is faced with a health pandemic that has moved citizens’ daily communication, education, work, trade, and access to basic services from physical interactions to, mostly, online interactions. The World Health Organisation declared the novel coronavirus (COVID-19) a global pandemic, a few months after the adoption of a revised Declaration of Principles on Freedom of Expression and Access to Information in Africa (the Declaration) at the 65th Ordinary Session of African Commission on Human and Peoples’ Rights (ACHPR) in November 2019. For Africa, the pandemic has merely served as emphasis that internet rights and freedoms are more important now than ever before.

The access to information principles contained in the revised Declaration include principles on proactive and maximum disclosure of information, information management, access to information procedures and the applicable exemptions, oversight mechanisms, whistle-blower protection, and the primacy of access to information laws. However, the highlight of the revision of the Declaration is the enumeration of normative standards for freedom of expression and access to information in a digitised environment. This is done through the inclusion of principles on access to the internet, internet intermediaries and access providers, privacy and the protection of personal information, and communication surveillance.

Increasing access to the internet

Principle 37(2) of the Declaration calls on States to “recognise that universal, equitable, affordable and meaningful access to the internet is necessary for the realisation of freedom of expression [and] access to information.” In this regard, the Declaration states that countries must “adopt laws, policies and other measures to promote affordable access to the internet,” particularly for children and marginalized groups. Internet accessibility in Zimbabwe generally remains low, mainly because of limited infrastructure, especially in rural areas, where most Zimbabweans are located. By the end of 2019, the internet penetration rate in rural Zimbabwe stood at only 10 percent, presenting the reality of a stark urban-rural digital divide where the nationwide internet penetration rate stood around 60 percent. In this year’s second quarter report, the country’s telecommunications regulator, the Postal and Telecommunications Regulatory Authority (POTRAZ), noted a decline in both mobile and internet penetration. This was attributed to the depressed demand in the economy, at both household and industry level, with direct impact of COVID-19 on both the formal and informal sector negatively affecting disposable incomes. Active mobile subscriptions dipped by 6.7 percent from 13,7 million to 12,7 million, while active internet and data subscriptions dropped by 4 percent, resulting in internet penetration reduction from 59.1 percent in the first quarter to 56.7 percent. While POTRAZ has set up 87 Community Information Centres around the country, geared towards promoting internet access in marginal communities, a long term and sustainable solution is necessary. In its position paper on COVID-19 and its impact on digital rights the pan Africa digital rights initiative, the African Declaration on Internet Rights and Freedoms Coalition, highlights the importance of a licensing and regulatory framework for community-owned networks. Community networks are decentralised community-built and owned internet connections. They are the most effective way to overcome digital exclusion in areas isolated from the social and economic dynamics of the digital era. The call should, therefore, be for the opening up of equal opportunities for Zimbabweans in underserved areas to access spectrum under a licensing regime with exemption provisions that will lessen administrative processes for small operators, not-for-profit operators, and other actors interested in community networks. This will result in an increase in access to the internet and the advancement of the right to information on the internet in Zimbabwe

Online content regulation

The rights to freedom of expression and access to information are cornerstones of democracy that are key to the enjoyment of other human rights. Their inextricable link lies in the fact that for the ideas expressed to be of value, there is a need for access to verifiable information, which in this case, is usually held by both public and private bodies. Citizens can only hold those in power accountable when they can access information. The signing into law of Zimbabwe’s Freedom of Information Act lays a good foundation in setting the procedure for accessing information held by both private and public institutions which is necessary for the exercise or the protection of citizens’ rights. However, Africa is increasingly plagued by both on and offline restrictions on freedom of expression and access to information with incidences of censorship, harassment, and detention of journalists, activists, and human rights defenders as they share critical information or opinions. Control of these traditionally ‘problematic’ groups has moved from the offline to the online space and now also includes intimidation and harassment of ordinary internet users. Zimbabweans have not been spared of monitoring and controlling of their internet use and access as a means of curtailing the enjoyment and advancement of digital rights. Direct control is demonstrated by the disruption of internet services with the most recent case being in January 2019 under the order of the State Security Minister. Disruption of services demonstrates the extent to which the government is willing to limit online access to information. Indirect control is evident in the increased deployment of anonymised social media accounts on popular platforms such as Facebook and Twitter, which seek mainly to disrupt critical socio, economic and political conversations and, to an extent, channel out disinformation. A key characteristic of these accounts is that they usually push the agenda of the government and the ruling ZANU-PF by overshadowing dissenting voices to manipulate conversations.

Privacy, surveillance, and data protection

The development of the indirect control and monitoring of online communications is a serious threat, especially when viewed against, remarks made by the Zimbabwe National Army Commander, Edzai Chimonyo at a military graduation earlier in the year, where he announced that the military would start monitoring citizens private communications to ‘guard against subversion’. Such remarks have raised concerns about the government’s sincerity in drawing a cybersecurity and data protection law for the country. However, the importance of data protection legislation in Zimbabwe cannot be understated given recent concerns over privacy of citizens’ information. These include the lack of clarity and transparency on the ‘sophisticated algorithm’ to determine distribution of aid during the (coronavirus) pandemic and the High Court challenge by MISA Zimbabwe and the Zimbabwe Human Rights Association over a police warrant seeking information on mobile phone operator’s transactions, which was successfully contested. Principles 40- 42 of the ACHPR Declaration address the protection of personal information and communication surveillance within the ambit of the right to privacy by establishing a legal framework for the protection of personal information. Principle 42 makes provision for States to ensure that individuals consent to the processing of their personal information is not excessive, is transparent, and in accordance with the purpose for which it was collected. Additionally, individuals must have access to the personal information that is being processed and must be given an opportunity to object to the processing.


The steps taken by the international community and regional bodies to facilitate the full enjoyment of the rights to access to information and freedom of expression, both online and offline, will be bolstered by appropriate data protection and cybersecurity regulations implemented by the government of Zimbabwe. The commemoration of the International Day for Universal Access to Information is both a reminder and an opportunity to further solidify internet rights in Zimbabwe, and 

Resource type: