By Dorothy Mukasa
Data privacy is a global policy issue, and during the past 30 years, data protection laws started gaining ground on the African continent. At the East African level, Uganda became the first country in the region to enact a comprehensive data protection law in February 2019.
The Data Protection and Privacy Act, 2019 reinforces Article 27 of the 1995 Ugandan constitution, which guarantees citizens’ right to privacy. It thus took the authorities 24 years after promulgation of the national constitution to regulate data protection and 20 years for the drafting of the bill, placing vulnerable communities at risk.
Throughout the legislative process, Unwanted Witness Uganda and other civil society actors undertook a series of advocacy efforts aimed at fostering a rights-based approach to data protection, given the fact that privacy is a fundamental human right. At this year’s workshop on “Privacy and data protection in Africa: Challenges and prospects”, organised by the University of Pretoria and the African Declaration on Internet Rights and Freedoms (AfDec) Coalition, we shared Uganda’s lived experience advocating for data protection legislation.
Changes at the policy making level
In accordance with Uganda’s electoral laws, the country conducts general elections every five years, and the changes usually eliminate over 70% of incumbents. This coupled with a prolonged policy-making process affected the already established networks as well as the advocacy strides made, since a new breed of leaders assumed legislative positions.
The advocacy strategy then had to be revised from simply targeting only policy makers to also include the technical personnel at parliament, since they are more permanent compared to members of parliament.
The majority of policy makers are elected to parliament for different reasons other than their legislative capacity. This lack of technical capacity is particularly concerning when it comes to regulating technology and human rights – a relatively new policy area in the country. Therefore, capacity building and awareness raising became a critical advocacy approach to achieving comprehensive data protection legislation.
Building an active citizenry
While privacy is as old as creation, the low level of data privacy consciousness in the digital era among the public is glaring. Citizens are not aware of the social contract between them, the state and tech companies, creating a lot of power imbalance and subsequent abuse of the right to privacy. Research exposing the effects of unregulated data-intensive systems on citizens’ privacy and subsequent media campaigns greatly contributed to raising privacy awareness among the public. The change in public attitude and perception about data privacy culminated in demanding accountability from both state and non-state data collectors and processors.
Working with the national human rights institution
The Uganda Human Rights Commission is a constitutional body mandated to, among other roles, monitor the government’s compliance with international treaty and convention obligations on human rights and recommend to parliament effective measures to promote human rights. We engaged the commission through sharing our research findings and recommendations and constantly raising the need to monitor and provide recommendations for safeguarding the right to privacy in the digital age. The commission is important because recommendations made in its annual report are debated and implemented by policy makers.
We spearheaded the formation of the privacy coalition with the aim of having a strong and unified voice. The coalition comprises civil society actors working on different thematic areas including health care, media freedom, freedom of association and assembly, education and migration, among others.
Creating a link between the right to privacy and the enjoyment of other human rights was an opportunity to amplify data privacy as a fundamental human right that needs to be advocated for by all right holders and not a reserve for only digital rights advocates.
Law and compliance
Passage of the data protection law remains a milestone for the different advocates over the years. However, the biggest hurdle still remains: enforcement/compliance.
The new law lacks an independent oversight mechanism as it simply establishes a Data Protection Office (DPO) within an existing government agency, raising concerns around conflict of interest, effective compliance, resource capacity and transparency for the appointment of members of the authority.
Indeed, to effectively protect the right to privacy, more strategic advocacy is required during the law enforcement stage. This therefore makes the privacy and personal data protection in Africa advocacy toolkit, as designed by the AfDec initiative, very relevant in shaping the data protection legal regime.
Dr. Ian Brown, a data protection expert and a trainer with the African School on Internet Governance, gave a presentation at the Conference on Privacy and Data Protection in Africa organized by The Centre for Human Rights, University of Pretoria in collaboration with the African Declaration on Internet Rights and Freedoms Coalition. The conference brought together academics, students, policymakers, and practitioners working in key areas related to privacy and data protection in Africa including big data, information technology, artificial intelligence, cybersecurity and human rights law.
Dr Brown discussed key policy and implementation issues from recent data protection events in Europe and gave a projection of warnings from problems seen in the European Union as a guide for better policy-making and implementation of data protection in Africa. He emphasized the issue of children and data protection, using the example of the Children's Commissioner for England’s appointment and role, to look out for children’s needs and rights, especially in the digital age. Another highlighted area was the need for the appointment of specialist technology regulators by African countries to better enforce our data protection laws. He noted, however, that these appointments require significant budget allocations. Budgetary constraints have already been cited as one of the main hindrances to the work of data protection authorities on the African continent and the enforcement of data protection laws in turn. Dr Brown’s presentation concluded with praise for the African Union’s commitment to cybersecurity regulation to underpin data protection on the continent.
You can access all the recordings of the Conference on Privacy and Data Protection in Africa here
See Dr. Ian Brown's presentation on SlideShare or download the original here.
By Koliwe Majama
Zimbabwe is set to commemorate the International Day for Universal Access to Information on the 28th of September 2020. This comes at a time when the country, alongside the rest of the world, is faced with a health pandemic that has moved citizens’ daily communication, education, work, trade, and access to basic services from physical interactions to, mostly, online interactions. The World Health Organisation declared the novel coronavirus (COVID-19) a global pandemic, a few months after the adoption of a revised Declaration of Principles on Freedom of Expression and Access to Information in Africa (the Declaration) at the 65th Ordinary Session of African Commission on Human and Peoples’ Rights (ACHPR) in November 2019. For Africa, the pandemic has merely served as emphasis that internet rights and freedoms are more important now than ever before.
The access to information principles contained in the revised Declaration include principles on proactive and maximum disclosure of information, information management, access to information procedures and the applicable exemptions, oversight mechanisms, whistle-blower protection, and the primacy of access to information laws. However, the highlight of the revision of the Declaration is the enumeration of normative standards for freedom of expression and access to information in a digitised environment. This is done through the inclusion of principles on access to the internet, internet intermediaries and access providers, privacy and the protection of personal information, and communication surveillance.
Principle 37(2) of the Declaration calls on States to “recognise that universal, equitable, affordable and meaningful access to the internet is necessary for the realisation of freedom of expression [and] access to information.” In this regard, the Declaration states that countries must “adopt laws, policies and other measures to promote affordable access to the internet,” particularly for children and marginalized groups.
Internet accessibility in Zimbabwe generally remains low, mainly because of limited infrastructure, especially in rural areas, where most Zimbabweans are located. By the end of 2019, the internet penetration rate in rural Zimbabwe stood at only 10 percent, presenting the reality of a stark urban-rural digital divide where the nationwide internet penetration rate stood around 60 percent. In this year’s second quarter report, the country’s telecommunications regulator, the Postal and Telecommunications Regulatory Authority (POTRAZ), noted a decline in both mobile and internet penetration. This was attributed to the depressed demand in the economy, at both household and industry level, with direct impact of COVID-19 on both the formal and informal sector negatively affecting disposable incomes. Active mobile subscriptions dipped by 6.7 percent from 13,7 million to 12,7 million, while active internet and data subscriptions dropped by 4 percent, resulting in internet penetration reduction from 59.1 percent in the first quarter to 56.7 percent.
While POTRAZ has set up 87 Community Information Centres around the country, geared towards promoting internet access in marginal communities, a long term and sustainable solution is necessary. In its position paper on COVID-19 and its impact on digital rights the pan Africa digital rights initiative, the African Declaration on Internet Rights and Freedoms Coalition, highlights the importance of a licensing and regulatory framework for community-owned networks. Community networks are decentralised community-built and owned internet connections. They are the most effective way to overcome digital exclusion in areas isolated from the social and economic dynamics of the digital era. The call should, therefore, be for the opening up of equal opportunities for Zimbabweans in underserved areas to access spectrum under a licensing regime with exemption provisions that will lessen administrative processes for small operators, not-for-profit operators, and other actors interested in community networks. This will result in an increase in access to the internet and the advancement of the right to information on the internet in Zimbabwe
The rights to freedom of expression and access to information are cornerstones of democracy that are key to the enjoyment of other human rights. Their inextricable link lies in the fact that for the ideas expressed to be of value, there is a need for access to verifiable information, which in this case, is usually held by both public and private bodies. Citizens can only hold those in power accountable when they can access information. The signing into law of Zimbabwe’s Freedom of Information Act lays a good foundation in setting the procedure for accessing information held by both private and public institutions which is necessary for the exercise or the protection of citizens’ rights.
However, Africa is increasingly plagued by both on and offline restrictions on freedom of expression and access to information with incidences of censorship, harassment, and detention of journalists, activists, and human rights defenders as they share critical information or opinions. Control of these traditionally ‘problematic’ groups has moved from the offline to the online space and now also includes intimidation and harassment of ordinary internet users. Zimbabweans have not been spared of monitoring and controlling of their internet use and access as a means of curtailing the enjoyment and advancement of digital rights. Direct control is demonstrated by the disruption of internet services with the most recent case being in January 2019 under the order of the State Security Minister. Disruption of services demonstrates the extent to which the government is willing to limit online access to information.
Indirect control is evident in the increased deployment of anonymised social media accounts on popular platforms such as Facebook and Twitter, which seek mainly to disrupt critical socio, economic and political conversations and, to an extent, channel out disinformation. A key characteristic of these accounts is that they usually push the agenda of the government and the ruling ZANU-PF by overshadowing dissenting voices to manipulate conversations.
The development of the indirect control and monitoring of online communications is a serious threat, especially when viewed against, remarks made by the Zimbabwe National Army Commander, Edzai Chimonyo at a military graduation earlier in the year, where he announced that the military would start monitoring citizens private communications to ‘guard against subversion’. Such remarks have raised concerns about the government’s sincerity in drawing a cybersecurity and data protection law for the country.
However, the importance of data protection legislation in Zimbabwe cannot be understated given recent concerns over privacy of citizens’ information. These include the lack of clarity and transparency on the ‘sophisticated algorithm’ to determine distribution of aid during the (coronavirus) pandemic and the High Court challenge by MISA Zimbabwe and the Zimbabwe Human Rights Association over a police warrant seeking information on mobile phone operator’s transactions, which was successfully contested.
Principles 40- 42 of the ACHPR Declaration address the protection of personal information and communication surveillance within the ambit of the right to privacy by establishing a legal framework for the protection of personal information. Principle 42 makes provision for States to ensure that individuals consent to the processing of their personal information is not excessive, is transparent, and in accordance with the purpose for which it was collected. Additionally, individuals must have access to the personal information that is being processed and must be given an opportunity to object to the processing.
The steps taken by the international community and regional bodies to facilitate the full enjoyment of the rights to access to information and freedom of expression, both online and offline, will be bolstered by appropriate data protection and cybersecurity regulations implemented by the government of Zimbabwe. The commemoration of the International Day for Universal Access to Information is both a reminder and an opportunity to further solidify internet rights in Zimbabwe, and
This research paper, compiled by Izak Minnaar, highlights key advocacy principles in relation to information and internet rights, using the AfDec principles. The paper aims to guide MISA Zimbabwe in its efforts to embolden ordinary citizens to play an active role in the shaping of internet policy and the protection of their digital rights in Zimbabwe. Here, the assessment of key advocacy principles, , texts and references offers pertinent guidelines to strategically implement policies and law regulations that recognise, protect and promote digital rights. The internet is a powerful tool for the realisation of all human rights, thus it is incumbent that individuals have the means to exercise their fundamental right to access information, as highlighted in the paper. This research paper was supported by the AfDec Strategic Advocacy Fund.
This research was commissioned by MISA Zimbabwe as part of its project which was supported under the AfDec Strategic Advocacy Fund. The research assesses the overall status of the right to freedom of expression in Zimbabwe. In making this exploration, the paper analyses how laws and policies in the country’s statutes infringe on the right to freedom of expression. The report assesses how the violation of freedom of expression affects journalistic practice and media freedom and highlights how regulation of the internet can shape trends and citizen behaviour on the internet.
This study conducted by the Women of Uganda Network (WOUGNET) assesses the status of women’s rights online in Uganda based on five of the key principles of the African Declaration on Internet Rights and Freedoms, namely internet access and affordability, marginalised groups and groups at risk, right to information, right to privacy and data protection, and gender equality. In its paper, WOUGNET explores the digital gender divide and its impact on gender inequalities in Uganda. To remedy these structural disparities, WOUGNET highlights key actions and recommendations for bridging the digital gender gap that government leaders, civil society and other relevant stakeholders should consider in ongoing debates and processes for the adoption and amendment of internet-related policies. The paper emphasises the importance of incorporating a gender lens in understanding the effects of public policies on women’s daily lives in Uganda. The study was supported by the African Declaration on Internet Rights and Freedoms Strategic Advocacy Fund.
Feature Image: Courtesy of Pickist.com
The website Sénégal Droits Numériques (Digital Rights Senegal), created by the ICT Users Associations (ASUTIC), is a useful resource for a wide range of internet governance stakeholders, and in particular civil society organisations. The website offers a variety of tools to promote an understanding of human rights online, their protection and promotion. Despite progressive moves made by the government to adopt several internet laws in Senegal from as far back as 2008, it is apparent that several laws contain provisions that violate the exercise of human rights both offline and online. This website seeks to increase participation of stakeholders in Senegal’s internet governance processes. ASUTIC received a grant under the African Declaration on Internet Rights and Freedoms Strategic Advocacy Fund.
PIC Courtesy Of: occupy.com | Senegal and Yan Marre
A coalition of some 35 civil society organisations has written to several international bodies including the African Union and the United Nations Human Rights Council over the recent internet shutdown in Togo. Signatories to the letter include Paradigm Initiative, Reporters Without Borders, World Wide Web Foundation, Access Now, Committee to Protect Journalists (CPJ) and Ghanaian Centre of PEN International, the Association for Progressive Communications (APC) and members Collaboration on International ICT Policy for East and Southern Africa (CIPESA), Fantsuam Foundation, and Kenya ICT Action Network (KICTANet). The Coalition calls on the international bodies “to bring a halt to the spate of Internet shutdowns in Africa and to publicly declare your commitment to this effort.
By Center for Information Technology and Development (CITAD), December 2016
Although in a number of countries the gender dimension of the digital divide has been bridged, this is not so in Nigeria where there is huge differential between men and women in terms of access and use of the internet. Within the country, it is worse in the states in the northern parts of the country. This is due to a number of factors including culture, religion, education and attitude.
In an effort to understand this and to develop appropriate strategies for digital inclusion of women in the region, CITAD undertook a pilot research aimed to understand the factors that inhibit the effective use of the internet by women in the north. This paper is part of the research undertaken in Bauchi and Keno, with support of APC, which funded the project with a subgrant.