Promoting Effective and Inclusive ICT Policy in Africa

Author Archives: CIPESA Writer

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Articles by: CIPESA Writer
09Aug

Data Protection in Africa in the Age of Covid-19

Author CIPESA Writer Posted on

By Boel McAteer and Jean-Benoît Falisse |

As the Covid-19 pandemic spread around the world in the early part of 2020, governments and companies invested substantial resources in gathering data about suspected and confirmed cases, and related behaviours. Learning more about how the virus was spreading was a top priority around the world, and with this came new practices of sharing medical records, tracking people’s movements and tracing their contacts. This has created new norms for data governance in many countries, and in this brave new world of disease surveillance, it is more important than ever to understand data protection and privacy, and where these concepts fit in with the new priorities of managing the pandemic.

The Covid Governance research project has gathered information about country-level data protection and Covid-19 practices across the world. Covering over 200 countries and territories, the project’s Data Protection Explorer Tool provides a snapshot of the legal environment surrounding data protection and privacy, and how it is changing in response to Covid-19. Crucially, it focuses on restrictions on data collection, processing and cross-border transfers.  It also captures digital monitoring measures in place for Covid-19, such as contact tracing, and who owns that data. This will help form a picture of what has changed within data ethics and surveillance during the pandemic, and in the long term what those changes might mean.

So what are some of the key patterns that we can see so far? A joint statement on Data Protection and Privacy in the Covid-19 Response from a number of United Nations (UN) organisations states that any changed practices due to Covid-19 should be legalised and rooted in human rights. However, the information collected via the Data Protection Explorer Tool shows that about a third of Africa’s 54 countries did not have comprehensive data protection laws enforced or in place before the pandemic. During the pandemic, constitutional rights have often been backtracked as a part of the crisis response.

 The Explorer’s data also shows that African countries without specific data protection laws are particularly exposed. Take Namibia for example, whereas no comprehensive data protection law inlaw is in place.  – there is, however, a draft bill in the works and public consultations were conducted in 2020. In the absence of a dedicated data protection framework,  t does not mean data protection is inexistant: as in other African countries, there are provisions in other Namibian laws related to personal data of citizens in specific sectors of the economy such as accounting and  banking (the Banking Institutions Act, 1998 and 2010 amendment) or the legal professions and accounting (Legal Practitioners Act, 15 of 1995 as amended).

The right to personal privacy is also enshrined in Namibia’s constitution as a human right, but this right is limited including in the interests of health and public safety. This allows the government to legally prioritise public health over other human rights throughout the pandemic. Indeed, when Namibia declared a state of emergency in March 2020, many constitutional freedoms were temporarily suspended. For instance, access to education could not be guaranteed anymore and places of worship (constitutive of religious freedom) were closed.

Covid-19 tracing and surveillance mostly occurred offline but the University of Namibia (UNAM) successfully launched a mobile app, named “NamCotrace”, that collects substantial personal information such as the geolocation of users. The app is connected to epidemiological data and the national healthcare system in real time. Whereas it is alleged that “privacy by design” is core to the app, Namibia’s prevailing privacy and data protection legislative environment leaves room for arbitrary abuse. Similarly, Nigeria has developed various Covid-19 apps but with minimal data protection legal safeguards in place, there is ample room for misuse.

The Data Protection Explorer Tool also shows that countries with data protection laws remain vulnerable too. In many instances, the laws have been amended to allow practices that were previously prohibited to take place during the pandemic. In South Africa for instance, the response to Covid-19 has been governed through the Disaster Management Act from 2002 that allows the National Disaster Management Centre to request from individuals or organs of state information it “reasonably requires” and to escalate the matter to parliament in case of failure.

In April 2020 a regulation was introduced to legalise contact tracing in South Africa. This created a tracing database of Covid-19 cases, managed by the National Department of Health, where personal information is gathered from anyone tested for Covid-19. Information collected and stored in the database includes name, residential address, ID and passport number. This means that even though the information is collected legally without consent from the individuals, it would be unlawful to use that data for any other purpose than the one specified in the regulation. Despite these provisions, concerns have been raised that the contact tracing enables government surveillance of the population, since the Director General of Health can track the location of anyone suspected to have Covid-19 through phone service providers.

At the other end of the continent, Iin West Africa’s Burkina Faso, the data protection law prohibits collection of personal data relating to health. It had not, at the time of writing, been amended. However, since 2019, a digital platform for health surveillance has been  is in place.: One Health is funded by USAID and combines data from three ministries concerned with zoonotic disease control.  in the same place. When the first cases of Covid-19 were detected in the country in 2020, however, the platform was adapted to include data on the new virus, tracing cases, and their contacts. This is, obviously, raising privacy (and legality) concerns.

There are also some inspiring examples. The B’Safe app in Botswana was developed as an alternative to a manual Covid-19 tracing system. Described as privacy-friendly and in line with the country’s data protection (and privacy) law that pre-dates the pandemic, the app recorded a decent initial adoption rate. However, without an established data protection authority to enforce the law and oversee the app’s roll out, security vulnerabilities within the app led to private citizens lodging a court case against the country’s Covid-19 task force challenging the apps  its safety. The progress of the case remains unclear to-date. However, it highlights the importance of independent data protection authorities, good examples of which include in Angola and Senegal, and the pandemic potentially being a decisive push in countries where they are yet to be established.

Where are we heading now? Data protection laws in Africa were rapidly developing in the years leading up to the pandemic, with many new laws influenced by the European Union’s General Data Protection Regulation (GDPR) which was adopted in 2016. The examples above show the many ways in which the data protection environment in Africa is changing with the pandemic.

As the general state of democracy and freedoms is deemed to be worsening since the outbreak of Covid-19, it will be important to continue to monitor developments in data protection and privacy: the pandemic could be the opportunity to speed up the process of establishing much-needed laws and enforcement agencies but it could also lead to them being less protective of citizens (and more permissive for government) than in the pre-Covid-19 world.

The Covid Governance Project is an initiative of the University of Edinburgh. It was developed with support from the Foreign Commonwealth and Development Office (FDCD), the Global Challenges Research Fund – Scottish Funding Council, and the University of Edinburgh’s Challenge Investment Fund. Explore the Data Protection Explorer Tool.

30Jul

Forum on Internet Freedom in Africa 2021 (FIFAfrica21) Set For September: Propose a Session!

Author CIPESA Writer Posted on

Announcement |

On September 28-30, 2021, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) will host the eighth edition of the annual Forum on Internet Freedom in Africa (FIFAfrica). The Forum is a landmark event that convenes a wide spectrum of stakeholders from across the internet governance and digital rights arenas to deliberate on gaps, concerns and opportunities for advancing privacy, free expression, non-discrimination and the free flow of information online.

Taking on a hybrid approach (virtual and physical), FIFAfrica responds to rising challenges to the enjoyment of internet freedom in various African countries, including arrests and intimidation of online users, internet disruptions, digital taxes, and a proliferation of laws and regulations that undermine the potential of digital technology to drive the continent’s socio-economic and political development. 

FIFAfrica, therefore, puts internet freedom on the agenda of key actors including African policymakers, regulators, human rights defenders, academia, law enforcement representatives, and the media, paving the way for broader work on advancing digital rights in Africa and promoting the multi-stakeholder model of internet governance.

Internet freedom is multi-faceted, and just like it requires to have a multiplicity of stakeholders working jointly, it also requires diversity in the voices, backgrounds, viewpoints, and thematic work areas of those that attend FIFAfrica.

 In the shadow of Covid-19, FIFAfrica is an extension of our work and that of diverse stakeholders to ensure continued proactive efforts to advance effective and inclusive Information and Communication Technology (ICT) policy debates and to elevate marginalised communities and at-risk groups – including women and vulnerable minorities such as refugees, sexual minorities and persons with disabilities – in internet governance dialogues.

Content Themes At FIFAfrica21

This year, FIFAfrica will pivot around three key themes through engagements running over three days. Through carefully curated sessions and workshops, it will interrogate the deeper internet freedom layers shaping these themes as listed below. 

1. Access To Information: The right of access to information especially in the online domain is coming under increased threats, including through digital taxation, network disruptions, and laws criminalising some content. Since inception, FIFAfrica has coincided with the International Day for Universal Access to Information (IDUAI) marked every September 28 so as to increase awareness on the right to information. Over the years, UNESCO, media organisations, government agencies and civil society entities have joined in to host sessions, workshops, and specialised training on the various ways in which access to information and digital rights coincide. This year, we will continue to join the global community in celebrating the integral role of this right in advancing human rights both online and offline.

2. Digital Inclusion as a means to an end for the Web We Want: The internet is public good and a basic right. However, in Sub-Saharan Africa, this is far from reality. Promoting an inclusive internet is at the core of what we do at CIPESA and is one of the reasons why we are members of the global Web We Want coalition initiated by the Web Foundation. Digital exclusion is shaped by numerous factors including disability, language, education, income, and gender. 

Further, there is a growing concern that minority and marginalised communities such as refugees and persons with disabilities are being left behind in accessing information on Covid-19. This is because, despite the recent expansion in ICT usage, digital exclusion persists due to limited access and affordability of the requisite ICT tools, low digital literacy skills and shortage of content in accessible formats.

3. Key Trends in 2021 shaping the digital landscape in Africa: The various challenges that were affecting digital rights in Africa have been exacerbated by the Covid-19 pandemic. Under the guise of addressing the health concerns emerging from the pandemic, many measures introduced may have granted authoritarian regimes a blank cheque to impose unnecessary, broad and long-lasting measures that affect digital rights. However, there are some positives that have been registered with technology gaining centrality in the lives of states, persons and communities. Nonetheless, the pandemic has illuminated the unequal access to technology in African countries and  FIFAfrica will delve into the trends that have emerged over the course of the year, and explore ways to address the gaps and concerns.

————————————————————————————————————————————-

How To Be A Part Of The 2021 Edition of the Forum on Internet Freedom in Africa

There are various ways in which individuals and organisations can be a part of FIFAfrica as listed below:

  • Host a session (panel discussion/ workshop/ training: Is there a particular area of interest you would like to engage on? – Click here
  • Contact us directly if you have an alternative approach you would like to discuss further – Email us here

————————————————————————————————————————————-

 Important dates: Please note the below important dates related to participation at the Forum:

  • Session proposals will be accepted till August 21, 2021
  • Successful session proposals will be directly notified by August 31, 2021

19Jul

CIPESA, Small Media Make Stakeholder Submissions to the United Nations Human Rights Council on Digital Rights in South Sudan, Uganda and Zimbabwe

Author CIPESA Writer Posted on

By Ashnah Kalemera |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) together with Small Media last week made joint stakeholder submissions on digital rights in South Sudan, Uganda and Zimbabwe to the United Nations Human Rights Council.

The submissions were made as part of the Universal Periodic Review (UPR) mechanism which is an assessment of a country’s human rights under the auspices of the Human Rights Council. Every United Nations (UN) member state has its human rights record assessed, and all UN member states are involved in the review process. It happens every four-and-a-half years, for every state.

The submissions urge the three countries to ensure that rights to freedom of expression, freedom of information, equal access and opportunity as well as data protection and privacy are protected both offline and online pursuant to constitutional guarantees, regional and international instruments. Based on developments since the three countries’ previous UPR back in November 2016, the submissions make recommendations to be considered during the upcoming third cycle of the UPR, tentatively scheduled for November 2021.

The South Sudan submission was made in partnership with Defy Hate Now and supported by eight institutions – Rise Initiative for Women’s Rights Advocacy (RiWA), Freedom of Expression Hub, Koneta hub, Okay Africa Foundation, Anataban Initiative, IamPeace, Internet Governance Forum (IGF) South Sudan and Information Communication Technology for Development (ICT4D) Network.

The submission for Uganda was supported by Access Now, Freedom of Expression Hub, Women of Uganda Network (WOUGNET), Internet Society – Uganda Chapter and Pollicy.

Access Now, Paradigm Initiative, Zimbabwe Human Rights Association, Association for Progressive Communication (APC), Zimbabwe Lawyers for Human Rights, Zimbabwe Centre for Media and Information Literacy (ZCMIL), Media Alliance of Zimbabwe supported the Zimbabwe Submission.

Read the full submissions:

The three submissions bring to 14 the total number of UPR submissions made by CIPESA and Small Media on digital rights in Africa since 2018. Previous submissions made include: Ethiopia, the Gambia, Kenya, Malawi, Mozambique, Namibia, Nigeria, Rwanda, Senegal, Sierra Leone, and Tanzania

19Jul

How Surveillance, Collection of Biometric Data and Limitation of Encryption are Undermining Privacy Rights in Africa

Author CIPESA Writer Posted on

By Paul Kimumwe |

The right to privacy online has become a critical human rights issue, given its intricate connection with, and its being a foundation for the realisation of other rights including the rights to freedoms of expression, information, assembly, and association and preservation of human dignity. However, many African countries have steadily taken measures to undermine this right, including enacting retrogressive laws and policies that facilitate surveillance and the collection of biometric data, and others that limit the use of encryption

The advent of the Covid-19 pandemic has exacerbated the privacy concerns yet in several countries, digital rights were already under steady attack, including via internet shutdowns, criminalisation of “false news”, misinformation and disinformation campaigns by state and non-state actors, harassment and prosecution of social media users, and growing state surveillance.

In responding to the pandemic, many countries adopted regulations and practices, including deploying surveillance technologies and untested applications, to enable them collect and process personal data for purposes of tracing, contacting, and isolating those suspected to be carrying the virus and those confirmed to carry it. These measures were quickly adopted, often without adequate regulation or oversight.

In this research report, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has analysed laws and policies that impact on privacy, notably those that regulate surveillance, data localisation, biometric databases, and encryption.

The research covered 19 countries – Cameroon, Chad, Egypt, Ethiopia, Kenya, Ghana, Malawi, Mali, Mozambique, Namibia, Nigeria, Rwanda, Senegal, Tanzania, Tunisia, Uganda, Zambia, Zimbabwe, and South Africa.

Summary findings

Growing Surveillance: The research findings show that overall, there has been notable progress in the enactment of specific laws and policies safeguarding the right to privacy, including requiring judicial authority to authorise surveillance in countries such as Kenya, Nigeria, Tanzania, Tunisia and Uganda.

However, there are a few cases, such as in Zimbabwe, where authorisation for monitoring and intercepting communications is offered by non-independent and partial actors such as ministers. In addition, many of the countries’ laws do not measure up to international human rights standards and fail to establish clear and appropriate oversight, redress, and remedy mechanisms.

Indeed, “national security” considerations have been employed in laws in various countries broadly to justify and authorise the interception of communication, restrict privacy rights, grant wide search and seizure powers to law enforcement agencies, mandate intermediaries such as telecommunication service providers to facilitate interception, and to require data localisation.

In addition, while various countries have criminalised illegal surveillance and placed various safeguards on the conduct of state surveillance, many of them still contain retrogressive provisions that leave scope for intrusion, including enabling state surveillance with limited safeguards.

Limitation of Encryption Anonymity and the use of encryption in digital communications are critical in advancing both the right to freedom of expression and right to privacy. In the absence of these rights,  the capacity of individuals to communicate anonymously and without fear of their communications being intercepted cannot be guaranteed.

There are few positive provisions in some countries that require the protection of personal data through technical security measures which include encryption. On the other hand, many countries in the study have passed legislation that limit anonymity and the use of encryption through criminalisation of possession and use of cryptographic software or hardware, providing for fines and prison sentences.

The findings show that in countries like Chad, Malawi, Senegal, Tanzania, Tunisia and Zambia, there are penalties for offering cryptographic services without licensing, registration or authorisation. Interception of communications provisions often require service providers to decrypt any encrypted information that they may intercept in the course of offering assistance to lawful interception. In countries such as Mali and Tanzania, the laws require the encryption service providers, upon registration with the authorities, to disclose the technologies they plan to use for encryption.

Data Localisation The findings show that a growing number of African countries have been legislating on data localisation, which has mostly taken the form of a requirement to store data locally and forbidding unauthorised cross-border data transfers. Various countries have specified the conditions for authorising transfer, mostly where the data subject has offered consent and where an adequate level of protection is assured in the recipient country or international organisation.

Several African countries have adopted different approaches towards data localisation. Several countries use laws on financial services (Nigeria, Ethiopia and Rwanda), cybersecurity and cybercrimes (Rwanda, Zambia and Zimbabwe), telecommunications (Cameroon, Rwanda and Nigeria) and data protection (Kenya, South Africa, Tunisia and Uganda) to place restrictions on cross-border transfer of data.

Some countries have specified the data that cannot be exported without authorisation. Kenya specifies all public data; Nigeria mentions all government data and all subscriber and consumer data; while Zimbabwe, Malawi and Tunisia cite personal information.

Establishment of Biometric Databases  In several countries, government agencies are collecting and processing personal data without adequate data protection laws, amidst limited oversight mechanisms and inadequate remedies. While many have recently passed data protection laws and policies, implementation is not effective, and the safeguards are not water-tight as required under international human rights law.

Some laws in countries such as Chad, Kenya, Tunisia, Uganda, South Africa, and Zimbabwe, prohibit the collection of certain categories of data, including specific types of biometric data generally, or where certain conditions are not complied with. In the other countries studied, the laws require the mandatory collection of biometric information for the registration of telecommunications subscribers, for digital identity programmes and during voters’ registration. Several laws and policies on biometric data collection contain provisions on sanctions and penalties for breach.

Weak Oversight, Transparency and Accountability Mechanisms The study found that countries have adopted different approaches to oversight, including specifying courts, data protection authorities, sector regulators and administrative bodies as key oversight bodies. Some of these bodies are located within the executive, and therefore may lack the proper legal, financial, and institutional independence to stem violations within government, and especially by state security agencies. The laws in most countries require judicial authorities to issue a warrant for interception or monitoring of communications. However, in some countries interception orders can be issued by non-judicial officials, such as ministers.

The deficiency of accountability and transparency is among the weakest links in the various countries’ surveillance laws. While some countries, such as Nigeria, Rwanda, Tunisia, Zimbabwe, have commendable oversight and accountability provisions, it is not known whether they are applied. No entity in any of the countries studied permits public access to records on interception which the laws require state authorities to compile periodically, or publishes any data related to interception warrants issued and if at all they do record such data, they are categorised as classified information under state secrets laws. Thus, the public and oversight institutions such as judiciaries and parliaments remain in the dark about the extent and legality of the conduct of surveillance in the respective countries.

Recommendations

  • Governments should review existing laws, policies and practices on surveillance, including Covid-19 surveillance, biometric data collection, encryption and data localisation to ensure they comply with the principles in the African Commission on Human and Peoples’ Rights (ACHPR) Declaration on Principles of Freedom of Expression and Access to Information in Africa and international human rights standards.
  • Governments should also adopt multi-stakeholder approaches to ensure meaningful participation of all stakeholders in the development of policies and laws that affect the right to privacy and data protection.
  • Civil society actors should use strategic public interest litigation as an avenue to challenge laws that violate privacy rights and push for policies and practices reforms that uphold privacy.
  • Civil society actors should also monitor and document privacy rights violations through evidence-based research, and report on state compliance with their obligations to human rights monitoring bodies.

See the full research report here.

CIPESA-objectives
01Jun

CIPESA and WBA to Host Roundtable on Digital Inclusion in Africa

Author CIPESA Writer Posted on

Roundtable Meeting |

In 2020, four of Africa’s leading digital companies (SafaricomJumiaMTN, and Naspers) were ranked and scored on digital inclusion by World Benchmarking Alliance (WBA)‘s Digital Inclusion Benchmark. These companies as well as the other benchmarked companies have business footprints in more than 30 countries in Africa.

The Digital Inclusion Benchmark results showed that commitment and contribution towards digital inclusion are highly uneven across industries in the digital sector. Clear and consistent support to improve digital skills is needed, especially for vulnerable and underrepresented groups. There is also an opportunity for companies to help bridge the gender digital divide, through initiatives that target skills training for women and girls.

It is for this reason that WBA and The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) are holding a roundtable with stakeholders committed to digital inclusion in the region. We aim for this roundtable to help foster coordinated multi-stakeholder actions that encourage a race to the top on digital inclusion and achieve the Sustainable Development Goals.

The Covid-19 pandemic has exposed the digital divide in Sub-Saharan Africa. More people require internet access and intermediate skills to work remotely due to the measures put in place to manage COVID-19.

According to a 2020 report by Global System for Mobile Communications Associations (GSMA) on Mobile Internet Connectivity, mobile internet adoption stood at 26% in sub-Saharan Africa at the end of 2019. The region accounts for almost half of the global population not covered by a mobile broadband network. 3G internet coverage stood at 75% while 4G coverage was at only 49%, according to GSMA. The gender gap and a rural-urban gap in mobile internet stand at 37% and 60%, respectively. The lack of digital literacy skills, especially for women and rural populations, is the biggest barrier to mobile internet adoption, according to GSMA.

Objectives

  • Bring together African multi-stakeholders to foster greater collaboration on digital inclusion.
  • Share WBA’s Digital Inclusion Benchmark data as a tool for companies, governments, investors and civil society organizations for driving digital development.

Date: 9 June 2021

Time: 15.00 EAT |14.00 CEST | 08.00 EDT

LocationZoom Room

The speakers include:

  • Andrew Rugege – International Telecommunication Union (ITU), Regional Director for Africa
  • Dr. Wairagala Wakabi – Executive Director, CIPESA
  • Philippe-André Rodriguez – Deputy Director of the Center for International Digital Policy, Global Affairs Canada
  • Onica N. Makwakwa – World Wide Web Foundation, Head of Africa, Alliance for Affordable Internet
  • Farid Abasov – Emerging Markets Telecoms Analyst, Fidelity International
  • Benjamin Makai – Senior Manager, Technology for Development, Safaricom PLC

The event will be moderated by the distinguished Waihiga Mwaura, 2018 BBC Komla Dumor Award winner and Special Projects Editor at Citizen TV Kenya.

We invite you to register for the event 

1 5 6 7 8 9 11