Promoting Effective and Inclusive ICT Policy in Africa

Author Archives: CIPESA Writer

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Articles by: CIPESA Writer
27Jan

Data Privacy Still A Neglected Digital Right in Africa

Author CIPESA Writer Posted on

By Juliet Nanfuka |

In recent years, the threats to data privacy have evolved at a quicker pace than the development of regulatory frameworks dedicated to safeguarding the right to privacy, especially in the digital era. Currently, just over half of African countries have enacted privacy laws and policies. Still, the right to privacy is repeatedly under threat through the introduction of new laws  that  facilitate  surveillance  and  the  collection  of  biometric  data  and  limit  the  use  of  encryption. There are growing concerns that in several African countries, government agencies and private entities are collecting and processing personal data without adequate data protection frameworks, amidst weak oversight mechanisms and inadequate remedies.

Most African countries are parties to international human rights instruments such as the International Covenant on Civil and Political Rights (ICCPR) and the Universal Declaration of Human Rights (UDHR) which provide for the right to privacy. However, the African Charter on Human and Peoples’ Rights does not provide for the right to privacy, although its article 9 has been interpreted to encompass the right to privacy.

Meanwhile, the continent’s model instrument on privacy and data protection, the African Union Convention on Cybersecurity and Personal Data Protection, has been signed by 14 countries and only eight countries had ratified it by June 2020. Indeed, adherence to these instruments remains low.

“In recent years, various African countries have enacted  laws  and  policies  to  regulate  the  right  to  privacy.  Many of  the  laws  enacted  do  not  measure  up to  international  human  rights  standards  and  fail  to  establish  clear  and  appropriate  oversight,  redress  and  remedy mechanisms.” CIPESA Mapping and Analysis of Privacy Laws in Africa

Increased digitalisation, which was accelerated by Covid-19, has seen rising use of  technology in health, business, education, and civic participation and engagement, necessitating greater need for progressive personal data privacy policies and practices. However, as many positive developments emerged in the region so did gaps in the respect for data protection and privacy  in the numerous state responses.

See: How Surveillance, Collection of Biometric Data and Limitation of Encryption are Undermining Privacy Rights in Africa

For example, Ethiopia has embarked on a national digital identification (ID) biometric-based project which it argues will support access to services for citizens and hasten trade relations with other nations on the continent. However, the country has no comprehensive data protection law.  In 2020, the government published the draft Personal Data Protection Proclamation which is yet to come into force.

In Kenya, the Data Protection Act, 2019 which establishes the Office of the Data Protection Commissioner also prohibits the sharing of data with third parties without consent of the data subjects and requires that individuals are informed when their data is being shared and for what purposes. In December, an amendment to the Central Bank of Kenya Act addresses digital lenders that share personal data of loan defaulters with third parties could have their licenses revoked. Tactics used by lenders reportedly included calling friends and family, to shame and compel their borrowers to repay the loans.

In South Africa, the data privacy debate recently surged when the Department of Basic Education stated that high school leaving exam (National Senior Certificate) results would no longer be published on media platforms, in line with the Protection of Personal Information Act (POPIA). However, a court ruled against the department and instructed that the results be published publicly on media platforms and newspapers. Historically, the results have been made available with students identified through their ID numbers or exam numbers. The Department argued that in order to publish the results, it would have to seek consent from every pupil per the POPIA.

Private entities in South Africa have also come under scrutiny for their surveillance systems’ compliance with privacy regulations and their data privacy practices. Among these entities is Vumacam, which in 2021 announced that it was gearing up to instal additional “hundreds of thousands of cameras” in the country. Vumacam currently has over 5,000 cameras that have been installed in Johannesburg suburbs since 2019.

The concerns raised about private surveillance actors in South Africa echo those that have emerged about state actors in Botswana, Equatorial Guinea, Kenya, Morocco, Nigeria, Uganda, Zambia, and Zimbabwe who have heavily invested in state-run video surveillance systems commonly referred to as “Safe Cities” – which in the absence of sufficient safeguards, present risks through their collection and processing of personal data.

Indeed, there are concerns on the true extent to which governments are committed to ensuring citizens’ data privacy rights. In 2019, Clément Voule, the United Nations Special Rapporteur on the Rights to Freedom of Peaceful Assembly and of Association, stated that a surge in legislation and policies aimed at combating cybercrime had also opened the door to punishing and surveilling activists and protesters in many countries around the world.

See this Mapping and Analysis of Privacy Laws in Africa

Among the ways in which data privacy is being undermined through legislation and policy is by increasing restrictions to the use of anonymity and encryption – both of which are fundamental to upholding other rights including press freedom, access to information and freedom of expression. States fear the use of anonymisation and encryption tools will hamper their capacity to fight terrorism and crime.

See this Policy Brief on How African States Are Undermining the Use of Encryption

Anonymity and encryption protect privacy, and without effective protection of the right to privacy, the right of individuals to communicate anonymously and without fear of their communications being unlawfully detected cannot be guaranteed. Whether used to protect sensitive information or to verify identities, individuals and corporations alike benefit from cryptographic software in a world that is becoming increasingly networked.

In the absence of robust oversight, legal and practical safeguards, and the selective application of data protection laws, data privacy remains a primary concern for digital users in several African countries.  This is compounded by  governments who continue to encourage and support an enabling environment that facilitates efforts by state and non-state actors to undermine privacy-related rights at the cost of numerous digital rights in Africa.

—————————————————————————————————————-

This Data Privacy Day (January 28), the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) reaffirms its commitment towards advancing effective policy that shapes and informs a progressive data privacy landscape in Africa. See some of our blogs and indepth research reports on data privacy and protection in Africa.

27Jan

Centering Digital Rights and the Digital Economy in Encryption Regulation

Author CIPESA Writer Posted on

By CIPESA Writer |

In many African countries, the regulation of the use of encryption considers “national security” as the predominant concern and gives limited consideration to other areas that would benefit from the use of secure tools and technologies. Accordingly, many countries in the region are saddled with laws that unreasonably limit the use of encryption by individuals and businesses, which in turn undermine digital rights and the digital economy.

Encryption technologies enable users of digital technologies, including the internet and messaging services, to protect the confidentiality of their data and communications from unwarranted interception, observation and intrusion. Such protections are essential for businesses to thrive and be resilient, in addition to being key considerations by their customers. Those protections are crucial for individuals to enjoy their rights to privacy, free expression, and public participation.

As the world marks the Data Privacy Day on January 28, it is imperative that reflection is drawn onto Africa’s performance in regards to the role that encryption regulation plays in human rights protection online and promoting the digital economy.

The Digital Economy

The digital economy in Africa is steadily growing and contributes significantly to countries’ Gross Domestic Product (GDP), besides being a notable direct employer.  As of the end of 2021, around 33% of individuals in Africa used the internet, while there were eight mobile cellular telephones for every 10 individuals in the region, according to the International Telecommunications Union (ITU) figures.

Across the continent there has been significant growth in the penetration, access, and usage of Information and Communications Technologies (ICT). At the same time, the use of ICT is taking centre stage in education, health, economic, and governance sectors. It is also driving financial inclusion, with fintechs proliferating at high speed. In 2020, mobile technologies and services generated more than USD 130 billion of economic value added (or 8% of GDP) in Sub-Saharan Africa, according to the GSMA. In that year, the value of transactions on mobile money platforms in the region reached USD 490 billion.

Many governments are undertaking digitalisation programmes and have prioritised the integration of technology into more sectors to drive economic and social transformation. However, the growing rate of digital transformation in Africa is creating new cybersecurity threats which must be addressed to unlock new pathways for technology-enabled  economic growth, innovation, job creation and service delivery.

Regulation that facilitates the use of strong encryption by individuals and companies as opposed to limitation and prohibition of use is one way of nipping those risks in the bud and building trust and confidence to embrace and participate in the digital economy.

Various countries’ laws require registration and licensing of encryption service providers, and regulators have extensive powers to prohibit the use of some encryption technologies. Moreover, offering encryption services without licenses attracts penalties, as does failure to hand over secret encryption codes to state authorities, or using prohibited encryption tools. How African Countries Undermine Use of Encryption.

In 2021, research by the Internet Society (ISOC) showed that laws that undermine encryption can significantly harm the national economy, with the single biggest source of adverse economic effects being the indirect threat that such laws pose for trust in the internet and digital services. This reduced trust in data security depresses aggregate demand across the digital economy and induces firms to incur higher costs in attempts to build trust in their services.

Digital Rights

Compelled assistance by service providers as part of interception of communications, including the requirement to decrypt encrypted data and communications or disclose encryption keys gives governments and their agencies unfettered access to personal data, undermining citizens’ right to privacy and various other digital rights. Countries including Benin, Gabon, Namibia, Niger, Nigeria, Sierra Leone, and Zimbabwe prohibit service providers from providing any communications services that cannot be lawfully intercepted.

Such prohibitive regulations undermine digital rights in similar ways to laws on surveillance, which impose undue liability on intermediaries, and fail to provide for strong judicial oversight over surveillance operations. Meanwhile, data localisation requirements in some countries further grant authorities easier access to data for decryption and surveillance purposes with or without compelled assistance, “as they would not need to go through foreign countries’ or intermediaries’ data management protocols to access this data”, as highlighted by recent CIPESA research. Combined with mandatory SIM card registration and growing biometric databases, they thus contribute to the regressive situation for online freedom in a region fraught with human rights abuses and violations.

Securitising Encryption

Various countries regulate the use of encryption with national security as the sole key consideration. In Ivory Coast, the Telecommunications Regulatory Authority (ARTCI) is tasked to ensure that no service provider employs encryption that is contrary to public order or which undermines the interests of national defence, internal or external security of the state. Similarly, in the Central African Republic, the Electronic Communications Law of 2018 empowers the security minister to approve encryption services “based on the need to preserve the internal and external security of the state and national defence.”

Moroccan legislation restricts the import and use of encryption “to prevent its use for illegal purposes, and to protect the interests of national defence and the internal or external security of the State.” In that spirit, in 2015, the responsibility for authorising and monitoring encryption in Morocco was moved from the civilian National Telecommunications Regulatory Agency (ANRT) to the military’s General Directorate for the Security of Information Systems (DGSSI).

In Algeria, the acquisition and use of encryption by individuals and organisations must be authorised by the Regulatory Authority of Post and Electronic Communications (ARPCE) after approval by the Ministry of Defence and the Ministry of the Interior. Further, Algerian law requires that the type and nature of the equipment that will be used, list of cryptography algorithms, the size of the encryption keys, the type of virtual private network (VPN) used, the authentication methods, and the Public IP address, be provided to the regulator while applying for authorisation.

Many other countries require registration, while also requiring service providers to disclose the technical characteristics of the cryptology means, and the source code of the software used. Concerningly, some countries (including Benin, Gabon, Namibia, Niger, Nigeria, Sierra Leone, and Zimbabwe) prohibit service providers from providing any communications services that cannot be lawfully intercepted.

Overall, these limitations to the use of encryption go against Principle 40(3) of the Declaration of Principles on Freedom of Expression and Access to Information in Africa, which provides that “States shall not adopt laws or other measures prohibiting or weakening encryption, including backdoors, key escrows, and data localisation requirements unless such measures are justifiable and compatible with international human rights law and standards.”

Ultimately, all laws that place undue restrictions on the use of encryption tools should be repealed.

To promote the use of encryption in the region, it is imperative to desist from the current trends towards securitisation of encryption regulation. While governments often require surveillance to curb crime, laws should not outrightly prohibit or criminalise the use of encryption technologies. Rather, they should be supportive of legitimate state interests, which  also robustly protect digital rights and support growth of the digital economy.

30Dec

Towards an Accessible and Affordable Internet in Africa: Key Challenges Ahead

Author CIPESA Writer Posted on

By Paul Kimumwe |

Over the last few years, Africa has experienced exponential growth in internet access spurred by mobile internet, which stood at 28% penetration  in 2020. However, internet access and affordability are still a major challenge for the majority of Africans, especially the rural poor, women, and persons with disabilities.

According to the State of Mobile Internet Connectivity 2021, Sub-Saharan Africa has the largest coverage gap (those living in areas without mobile broadband coverage) at 19%, which is more than three times the global average. While internet access has become more affordable, particularly through mobile phones, costs are still high and unaffordable to many in the region, who remain offline.

A new brief by CIPESA explores some of the retrogressive measures that undermine citizens’ rights to access a reliable and affordable internet in Lesotho, Mozambique, Tanzania, Uganda, Zimbabwe, and Zambia. Some of these measures include digital taxation that has led to increases in internet costs, registration and licensing of online users that imposes high licensing fees and tough penalties, network disruptions including internet shutdowns that lead to inaccessibility of the internet, and the failure to provide enabling infrastructure that exacerbates the digital divide.

Many governments have been eager to increase their tax base, particularly from the telecommunications sector and over-the-top (OTT) services, which they claim are eating into the revenues of licensed operators. Several other governments have slapped taxes on mobile phone handsets and other devices. These costs are passed on to consumers, thereby raising the cost of owning and using a mobile phone and accessing the internet.

In addition, the lack of an enabling infrastructure, including lack of access to reliable electricity, has been a major hurdle to broadband adoption in many African countries. It is  estimated that 45% of Africans live farther than 10 kilometres from the network infrastructure essential for online education, finance and healthcare services.

Network disruptions including internet shutdowns, internet throttling and social media blockages have recently become endemic in several African countries, and present yet another hurdle. Governments have sometimes shut down or restricted access to the internet or to social media platforms in an attempt to limit or control conversations online and prevent mobilisation for potential pro-democracy protests. The disruptions have mostly been initiated around election times, public protests, and during national exams.

Various countries have also adopted the registration and licensing of online users on whom they impose high licensing fees and tough penalties. This has forced many online users to abandon their platforms due to the high costs and threats of prosecution. Many of those who are online routinely practice self-censorship for fear of attracting reprisals.

The lack of internet access requires immediate counter action by several countries especially given the overbearing effects of digital exclusion caused by the Covid-19 pandemic. Countries with better access to online platforms for business and education are reaping faster economic rebounds compared to unconnected economies. The internet plays a vital role in the realisation of human development and facilitates the enjoyment of several human rights and freedoms, including the right to freedom of expression and information, the right to education, the right to assembly and association.

According to the brief, African governments need to recognise and nurture the true potential of the internet in driving inclusive economic growth and development, as well as digital transformation, especially in the post-Covid pandemic era. This calls for robust investments in internet infrastructure, digital literacy and refraining from taking actions that undermine the transformative potential of digital technologies.

See the full brief here.

03Dec

CIPESA Working On Advancing Digital Inclusion for Persons With Disabilities in Africa

Author CIPESA Writer Posted on

By Staff Writer |

Persons with disabilities have unique needs and have for long been disadvantaged, yet the more some African countries get digitally connected, the deeper the digital divide for this community seems to grow. Despite growth in Information and Communications Technology (ICT) penetration, a large section of persons with disabilities faces digital exclusion due to lack of access and affordability of the requisite ICT tools and equipment, and failure by telecommunication operators to provide information and services in disability-friendly formats.

While millions turned to technology and traditional media for information in the wake of the Covid-19 pandemic, critical messages about the disease that are disseminated by health authorities, telecom companies, and broadcasters were and still are not reaching persons with visual and hearing impairments.

In turn, the digital exclusion of persons with disabilities worsened with the Covid-19 pandemic yet the Covid-19 crisis rendered technology key to working, learning, political participation and the enjoyment of other rights. Yet few organisations, within and outside the digital rights movement, are pushing for greater ICT accessibility.

These gaps in access to information gaps are growing despite the International Disability Alliance (IDA) issuing key recommendations towards a disability-inclusive Covid-19 response, including the requirement that persons with disabilities must receive information about infection mitigating tips, public restriction plans, and the services offered, in a diversity of accessible formats with use of accessible technologies.

The Collaboration for International ICT Policy for East and Southern Africa (CIPESA), is working to raise the availability of information on ICT and disability in Africa by producing relevant evidence-based research; mainstreaming disability rights issues in conversations about technology access and digital rights; growing the capacity of diverse actors to research on and advocate for meaningful connectivity and digital accessibility, and engaging key actors such telecom companies and regional bodies.

What CIPESA is doing is quite powerful and empowering. The tool is excellent, it needs to be worked on as we’ve given our input in the meeting. Once that is done, reaching out and creating awareness about the tool will be more powerful, engaging such stakeholders such as government and other key stakeholders. Once it is out this is going to be a game-changer because for persons with disabilities, ICT makes the world go round … This has been one of the first meetings on ICT and disabilities, so it is an excellent move. – Erick Ngondi, United Disabled Persons of Kenya

Here are some of our blogs and in-depth research reports on technology and persons with disabilities in Africa.

Blogs

  1. Why Access to Information on Covid-19 is Crucial to Persons with Disabilities in Africa
  2. Placing ICT Access for Persons with Disabilities at the Centre of Internet Rights Debate in Kenya
  3. CIPESA Submits Comments to Uganda Communications Commission on Improving Access to ICT for Persons With Disabilities
  4. Calling Out the African Union and Telecoms Associations to Prioritize ICT Access for Persons with Disabilities
  5. Vodacom Outshines MTN in Efforts to Serve Persons With Disabilities in South Africa
  6. People With Disabilities Left Out in ICT Jamboree
  7. Governments and Donors Urged to Advance ICT Access for Persons with Disabilities
  8. Telcos in Nigeria and Kenya Should Address Exclusion of Persons With Disabilities
  9. CIPESA Endorses GSMA Principles to Drive Digital Inclusion of Persons With Disabilities
  10. Fighting for plight of persons with disabilities

Research Reports

  1. Assessing the Barriers to Accessing ICT by People with Disability in Tanzania
  2. Assessing the Barriers to Accessing ICT by People with Disability in Uganda
  3. Assessing the Barriers to Accessing ICT by People with Disability in Kenya
  4. Removing Barriers to ICT Accessibility for Persons with Disabilities in  Kenya, Tanzania and Uganda which identified needed actions by government, regulators and communication companies.
  5. Access Denied: How Telecom Operators in Africa Are Failing Persons With Disabilities. CIPESA assessed 10 telecom companies in five countries (Botswana, Kenya, Nigeria, South Africa, and Uganda). Most of them – despite being long-established operators with a majority market share in their respective countries – were found to have failed to meet their obligations to provide information and services to persons with disabilities, in contravention of the companies’ obligations under national laws and the CRPD.

CIPESA made submission to the AUC, the ATU and EACO, drawing attention to these organisations’ obligation to protect and advance the rights of persons with disabilities in line with the African Charter on Human and Peoples’ Rights; the CRPD; the Treaty to Facilitate Access to Published Works for Persons Who Are Blind, Visually Impaired or Otherwise Print Disabled (the Marrakesh Treaty); the SDGs; and the Protocol to the African Charter on Human and Peoples’ Rights on the Rights of Persons with Disabilities in Africa.

See an in-depth document about our work here.

Watch this insightful discussion on “The Role of the Media in Promoting Digital Rights for  Persons With Disabilities in Africa.

02Nov

Stalking the Messenger: Ending Impunity for Illegal Surveillance

Author CIPESA Writer Posted on

Opinion |

We know that the issues around digital surveillance are complicated. The tech side of the tools used and the means to circumvent them are complicated. Drawing a hard line between what may be acceptable to help ensure our personal security and what pushes our societies into Orwellian territory is also complicated.

As the revelations of the Pegasus Project show us, illegal surveillance is the latest weapon in the ever-growing arsenal used against journalists and human rights defenders. In effect, surveillance in this context is equivalent to stalking. A pernicious activity that can easily cross from online harassment to physical attacks. It’s illegal. It disproportionately affects those who are among the most vulnerable, whether because of their gender, sexual orientation, race, or ethnicity. And if people are permitted to stalk with impunity, the problem will not stop.

Increasingly used as a laser-focused tactic, a weapon to intimidate, instil fear, and paralyse the work of journalists, this kind of surveillance puts sources at risk and impedes journalists from providing us with information to expose crime and corruption, and to speak the truth about power.

“I don’t think it’s journalists as individuals that the government has a problem with. The government has a problem with the people […] It wants to continue committing crimes in the shadows so that no one will uncover those facts or ask questions about it. And journalists are the ones who spoil this plan.” — Azerbaijani journalist Sevinj Vaqifqizi.

On this International Day to End Impunity for Crimes Against Journalists, a day advocated for by IFEX, we need to bring surveillance to the fore as a tactic that is threatening journalists’ safety, and draw attention to how impunity creates the conditions under which it will continue to thrive.

IFEX members have long warned of the dangers of malware like Pegasus. A product of the Israeli NSO Group, it infects targets’ phones, exposes data, and even gains access to cameras and microphones. Despite the company’s claim that it vets clients based on their human rights records, it sold Pegasus to authoritarian regimes – as well as to countries like Mexico, where targets included media figures, a government scientist, and international human rights investigators – united by having publicly posed challenging questions to the government.

The personal impact of such surveillance can be devastating.

“When you are speaking, watching, or doing something with someone in your house or in a cafe or wherever you may be, they are there listening to you, watching everything that you do. Everything that you do in your bedroom, the shower, in your kitchen, in your office with your friends, or whoever.” — Mexican journalist Carmen Aristegui: profiled here

“My family members are also victimized. The sources are victimized, people I’ve been working with, people who told me their private secrets are victimized.” — Azerbaijani journalist Khadija Ismayilova: profiled here

Globally, at least 180 journalists were selected as Pegasus targets.

The decades our network has put into promoting journalists’ safety confirm that it cannot be fully achieved in a climate where individuals – or states – can intimidate, threaten, and harm them, and not be held accountable. Year-round, IFEX members work to bring perpetrators to justice, and to establish conditions that will make it harder for them to commit such crimes in the first place.

We know that it is a massive undertaking. In spite of being illegal under international human rights law, actors involved in illegal surveillance are almost never held accountable.

The challenge is to identify where to intervene, where to spend our energy, where we can have the biggest impact in stemming this predatory practice – including, but not limited to, confronting corporations and governments that enable and participate in the illegal surveillance of journalists.

It’s a many-headed beast, surveillance. There are multiple entry points to effect change, from policy work to set boundaries on what is considered ‘necessary and proportionate’ surveillance, to pressuring states to adopt international standards, to controls on the exports of spyware, to supporting preventive measures like strengthening and normalizing encryption.

Ending impunity for illegal surveillance has to be part of this work. It’s a long game, not for the weak-of-heart, and this is even more true when the perpetrators of the crimes are states. But we know from our experience seeking accountability for physical attacks on journalists that this type of sustained work does pay off. Just over a week ago, two decades of advocacy – by IFEX member FLIP, by Jineth Bedoya Lima herself, and by so many others – led to the groundbreaking Inter-American Court of Human Rights ruling in her case that there was “serious, precise and consistent evidence of State involvement in the acts of physical, sexual and psychological torture against the journalist.” This ruling sets an important precedent for the entire region.

The other good news is that we have a lot to draw on, on our side. There is a massive, global network of people – working in different fields, perhaps, or focusing on different issues – but with the combined skills, expertise, and clout needed to ensure that illegal surveillance does not go unchallenged, that those found culpable pay a price, and that this price effectively deters others.

As long as we keep leveraging opportunities like IDEI to come together, collaborate, learn from and support each other, raise our voices and find strategic pressure points where we can have a real impact, we can, and will, counter the scourge of illegal surveillance of journalists.

Annie Game is the Executive Director of IFEX, the global network that promotes and defends freedom of expression and information as a fundamental human right.

1 3 4 5 6 7 11