African Commission Resolution to Bolster Data Governance

By Edrine Wanyama |

The Resolution adopted by the African Commission on Human and Peoples’ Rights (ACHPR) during its 81st Ordinary Session held from October 17 to November 6, 2024 in Banjul, The Gambia potentially bolsters data protection and governance on the African continent.

The Resolution calls upon states parties to take all relevant measures to ensure transparent and accountable collection, processing, storage and access to data. It also underscores the importance of ethical principles in data usage, equitable access to data, and addressing biases to prevent structural inequalities while safeguarding privacy and combating discrimination.​

The resolution acknowledges the rapid advancement of technology and the increased dependence on data in governance and socio-economic development, and is in line with the African Union Convention on Cyber Security and Personal Data Protection, African Union’s Data Policy Framework, and the Digital Transformation Strategy for Africa (2020–2030).

Similarly, this timely resolution aligns closely with the vision of the Global Digital Compact (GDC), which calls for inclusive, rights-based governance of digital technologies and artificial intelligence (AI), and the ACHPR’s Resolution 473 on the need to undertake a study on human and peoples’ rights and AI, robotics and other new and emerging technologies. These frameworks emphasise the potential of data and digital technologies while cautioning against risks such as bias, inequities, unwarranted surveillance, and privacy violations.

By embedding human rights principles in digital governance, both the ACHPR’s Resolution 473 and the GDC advocate for responsibly leveraging digital tools to reduce inequalities and protect vulnerable populations. The ACHPR’s focus on equitable data access and capacity-building within African states resonates with the GDC’s call for global collaboration to address disparities in digital infrastructure and skills. Together, these initiatives present a unified agenda to ensure that digital technologies and AI are harnessed for equity, justice, and sustainable development that foster a shared vision for a more inclusive digital age.

The ACHPR Resolution further urges state parties to ensure open access to data which is in possession of public and private in public interest, in accordance with the prescribed regional and international human rights standards.

The Resolution reinforces the African Union’s Data Policy Framework which, among others, seeks to maximise the benefits of the data-driven economy for African countries. With common anticipated benefits, data governance systems will be harmonised to enable secure and free data flow on the continent which potentially contributes to a people-centred approach which is not inward-looking for individuals, institutions and businesses and, enhances data utility for accelerated attainment of Agenda 2063 and the Sustainable Development Goals (SDGs).

There is increasing recognition of the need for data governance frameworks that create a safe and trustworthy digital environment, foster intra-Africa digital trade, enable states’ cooperation on data governance, enable domestication of continental policies, and ensure free and secure data flows across the continent. As such, the  Resolution also calls for the establishment of collaborative mechanisms, coordinating data issues, enabling and facilitating competitiveness in the global economy, promoting sustainable data use and benefits to society, as well as facilitating innovative ways to promote and maximise benefits of data for the African peoples.

Besides, the Resolution will potentially grow the impetus of Regional Economic Communities (RECs) to adopt harmonised data governance systems, which will quicken continental initiatives such as the African Continental Free Trade Area (AfCFTA) Agreement whose growth and benefits depend on secure and free cross-border data flows. For instance, the East African Community (EAC) and the Southern African Development Community (SADC) are set to develop regional data governance policy frameworks with the aim of harmonising data governance in the region for economic growth and regional integration.

The Resolution echoes sentiments shared in various panels at the September Forum on Internet Freedom in Africa 2024 (#FIFAfrica), which highlighted contemporary issues in data governance in Africa, including in collection, management, and processing of data. The Forum emphasised the role of national and regional actors in policy harmonisation, enabling greater cross-border data flows, maximising the benefits of data for all countries and all citizens, and the need for greater privacy protections over personal data. Among others, speakers at FIFAfrica singled out  national parliaments, RECs, civil society organisations, the African Union, and the private sector as having pivotal roles to play in promoting effective data governance.

Uganda Set to Harness Data as A Critical Resource for Socio-Economic Development

By Edrine Wanyama |

On November 19, 2024, Uganda’s Ministry of Information, Communication Technology, and National Guidance (MoICT&NG) validated a draft data strategy, marking a significant milestone in the country’s digital transformation journey. This process follows a 2022 review that identified critical weaknesses in Uganda’s data-sharing ecosystem, including limited data sharing, fragmentation, silos, lack of common standards, and low trust in the system.

The strategy is a cornerstone of the Uganda Digital Transformation Road Map, which drives the Digital Uganda Vision and the country’s broader Digital Revolution agenda. Its goal is to foster a data-driven environment that stimulates innovation, economic growth, and social development. The strategy focuses on three main pillars: data governance, data infrastructure, and strategic data utilisation for efficient and effective use of data.

A robust institutional framework is central to the strategy, comprising a National Data Steering Committee, a National Data Office, and links to data personnel within various Ministries, Departments, and Agencies (MDAs). Additionally, the strategy emphasises the importance of a comprehensive legal and policy framework aligned with national, regional, and international standards.

Uganda’s data protection framework is still in its early stages, with enabling legislation passed in 2019 and implementing regulations adopted in 2021. However, the framework has faced criticism for lacking clear oversight mechanisms and prioritising government access to individuals’ data—justified under national security and lawful purposes—over the protection of data and privacy rights.

The adoption of this data strategy has the potential to introduce stronger oversight and policy guidance, effective stakeholder engagement, and improved monitoring and evaluation in data management processes. This would pave the way for a robust, data-driven economy in Uganda.

Dr. Wairagala Wakabi, Executive Director of CIPESA stated, “Uganda’s Data Protection Strategy coincides with the recent African Commission on Human and Peoples’ Rights Resolution on Promoting and Harnessing Data Access as a Tool for Advancing Human Rights and Sustainable Development in the Digital Age (ACHPR/Res.620 (LXXXI) 2024). If rightly applied and implemented within the existing data governance frameworks at the African Union level, its aims, goals, and objectives cannot be defeated.”

As Africa slowly moves towards a harmonised data regime, Uganda’s strategy represents a key step toward achieving the African Union’s goals. It has the potential to enhance governance, public service delivery, and economic growth while contributing to the continent’s broader socio-economic transformation within the digital economy.

Introducing “Community Fakes”, A Crowdsourcing Platform to Combat AI-Generated Deepfakes

ADRF Grantee Update | 

As the world enters the era of artificial intelligence, the rise of deepfakes and AI-generated media presents significant threats to the integrity of democratic processes, particularly in fragile democracies. These processes are vital for ensuring fairness, accountability, and citizen engagement. 

When compromised, the foundational values of democracy—and society’s trust in its leaders and institutions—are at risk. Safeguarding democracy in the AI era requires vigilance, collaboration, and innovative solutions, such as building a database of verified AI manipulations to protect the truth and uphold free societies.

In the Global South, where political stability is often tenuous, the stakes are even higher. Elections can easily be influenced by mis/disinformation, now accessible at minimal cost and requiring little technical skill. Malicious actors can easily use these tools to create and amplify false content at scale. This risk is amplified in authoritarian regimes, where AI-generated mis/disinformation is increasingly weaponised to manipulate public opinion, undermine elections, or silence dissent. From fabricated videos of political figures to manipulated media, such regimes exploit advanced technologies to sow confusion and mistrust, further destabilising already fragile democracies.

Despite ongoing efforts by social media platforms and AI companies to develop detection tools, these solutions remain inadequate, particularly in culturally and linguistically diverse regions like the Global South. Detection algorithms often rely on patterns trained on Western datasets, which fail to account for local cultural cues, dialects, and subtleties. This gap allows deepfake creators to exploit these nuances, leaving communities vulnerable to disinformation, especially during critical events like elections.

Recognising the urgency of addressing these challenges, Threats developed Community Fakes, an incident database and central repository for researchers to submit, share, and analyse deepfakes and other AI-altered media. This platform enables collaboration, combining human insights with AI tools to create a robust defence against disinformation. By empowering users to identify, upload, and discuss suspect content, Community Fakes offers a comprehensive, adaptable approach to protecting the integrity of information.

The initiative was made possible through the CIPESA-run African Digital Rights Fund (ADRF), which supports innovative interventions to advance digital rights across Africa. The grant to Thraets for the project titled “Safeguarding African Elections—Mitigating the Risk of AI-Generated Mis/Disinformation to Preserve Democracy” aims to counter the increasing risks posed by AI-generated disinformation, which could jeopardise free and fair elections. 

The project has conducted research on elections in Tunisia and Ghana, with the findings feeding into tutorials for journalists and fact-checkers on identifying and countering AI-generated electoral disinformation and awareness campaigns on the need for transparency on the capabilities of AI tools and their risks to democracy. 

Additionally, the project held an Ideathon to generate novel ideas for combating AI-generated disinformation and developed the Spot the Fakes quiz, which gives users the opportunity to dive into the world of AI-generated synthetic media and how to distinguish between the authentic and the fake.

Community Fakes will crowdsource human intelligence to complement AI-based detection, thereby allowing users to leverage their unique insights to spot inconsistencies in AI-generated media that machines may overlook, while having conversations with other experts around the observed patterns. Users can submit suspected deepfakes to the platform, which the global community can then scrutinise, verify, and expose. According to Thraets, this approach ensures that even the most convincing deepfakes can be exposed before they can do irreparable harm. 

Find a full outline of Community Fakes here.

Civil Society Statement on Kenya’s Telegram Shutdown

Statement |

As civil society organizations and stakeholders in the Information, Communication and Technology (ICT) sector committed to Digital Rights and Internet Freedom, we are deeply concerned about the Kenyan government’s recent decision to block access to the Telegram social media platform. 

According to an unverified letter circulating online from the Communications Authority of Kenya (CA) to service providers (Safaricom, Airtel, Telkom Kenya and Jamii Telecommunications) on 31 October 2024, the operators were required to “use all available mechanisms to suspend the operation of Telegram Inc in the country”.  The suspension was ordered to prevent cheating during the national examinations period on weekdays until 22nd November 2024.  Moreover, the ongoing internet disruption has been confirmed by web connectivity tests from OONI and Netblocks, as well as independent tests by Tatua

Internet disruptions like these undermine fundamental human rights and freedoms outlined in the International Bill of Rights to which the Kenyan government is a party and the Kenyan Constitution. Likewise, they disrupt economic activity and weaken democratic values by limiting the rights to Access to Information and Freedom of Expression, Assembly and Association.

This action also goes against the principles outlined in the Global Digital Compact (GDC), which emphasizes the importance of a universal, open, and secure internet. The GDC, part of the commitments that governments endorsed in the Pact of the Future, discourages internet shutdowns, noting their harmful impact on human rights, democracy, and economic growth, and calls for transparent and accountable solutions to address issues in the digital space. At a time when global standards are pushing for universal, secure, and open internet access, national policies must align with these principles rather than undermine them.

Kenya’s commitment to internet freedom appears to be on a worrying downward trend. We note with concern that there was an internet disruption on 25 June, less than 6 months ago, during the protests against the Finance Bill, 2024. A similar blocking of the Telegram App was implemented in November 2023. Such repeated actions not only curtail rights but also erode public trust in digital governance.

While we recognize the importance of maintaining exam integrity, we urge the Kenyan government to explore alternative, lawful and rights-respecting measures to tackle this issue. Instead of blocking the application or disrupting the internet, authorities are encouraged to pursue criminals who breach confidential examination documents and seal loopholes in examination processes. Such alternative actions to tackle this issue can be explored through multi-stakeholder consultations ensuring that they are human rights-respecting. Disrupting the internet or blocking social media access as in this case goes against the three-part test under international human rights law of legality, legitimacy, necessity and proportionality. A stable, secure and accessible internet should remain a priority, especially given its critical role in supporting the digital economy, education, livelihoods, and civic engagement.

We call on Kenyan authorities and the CA in particular, to immediately retract the letter to service providers, and for service providers to restore access to Telegram and commit to upholding digital rights and internet freedom. We also urge policymakers to consult civil society and other key stakeholders to develop sustainable, rights-based strategies to address digital governance challenges without resorting to internet disruptions. 

Endorsed on November 9, 2024 by:

Afia-Amani Grands-Lacs

African Internet Rights Alliance (AIRA)

Africa Media and Information Technology Initiative (AfriMITI)

Afrika Youth Movement

Article 19 East Africa

Bloggers Association of Kenya (BAKE)

Brain Builders Youth Development Initiative

Centre for Artificial Intelligence Ethics and Governance in Africa (CAIEGA)

Centre for Information Technology and Development (CITAD)

Center for the Study of Organized Hate (CSOH)

Collaboration on International ICT Policy for East and Southern Africa (CIPESA)

Collaborative for Peace

Consortium of Ethiopian Human Rights Organizations (CEHRO-Ethiopia)

FactCheck Africa

Gonline Africa

Human Rights Journalists Network Nigeria

Impact Foundation For Youths Development

Internet Without Borders

Internet Society Kenya Chapter

KICTANet

Kijiji Yeetu

Media Rights Agenda (MRA)

Paradigm Initiative (PIN)

Roots Africa Inc.

Tech & Media Convergency (TMC)

The Internet Governance Tanzania Working Group (IGTWG)

Tribeless Youth (TY)

VANGUARD PRESS BOARD UDUS

Women of Uganda Network (WOUGNET)

West African Digital Rights Defenders Coalition

The SaferNet Initiative

This article was first published by KICTANET on November 09, 2024.

Fostering Responsible Business Conduct in Uganda’s Digital Age

By Patricia Ainembabazi |

The sixth edition of the Business and Human Rights Symposium in Uganda marked an essential step in Uganda’s journey to foster responsible and rights-respecting business conduct. Hosted on November 4-5, 2024, the symposium brought together over 200 participants from government, the private sector, academia, and civil society. It offered a platform to reflect on Uganda’s advancements in implementing its National Action Plan on Business and Human Rights and to consider newer frameworks such as the Corporate Sustainability Due Diligence Directive (CSDDD).

As part of the two-day proceedings, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) hosted a panel discussion on the interplay between digital innovation and the protection of human rights, highlighting both successes and challenges in Uganda’s tech ecosystem. The panel discussed the United Nations (UN) Guiding Principles on Business and Human Rights and how they align with the technology sector.

Source: Business for Social Responsibility  

Highlighting Uganda’s growing technology sector, including increased mobile and internet penetration as well as digitalisation of private and public services, the session also spotlighted pressing concerns, such as internet disruptions, labour rights violations, gender discrimination, and data protection and privacy, which continue to challenge human rights protections in the country’s growing digital economy.

Joel Basoga, Head of Technology Practice at H&G Advocates, stated that ​​it was “essential” for businesses in Uganda to embed respect for human rights as a core performance indicator guided by the UN Guiding Principles on Business and Human Rights. He added that for a tech-driven business landscape, legal frameworks surrounding digital rights need to be prioritised.

According to Patricia Ainembabazi, a Project Officer at CIPESA, there was limited understanding of business and human rights in the technology sector. Platforms such as the symposium were crucial in building a thematic understanding of digital rights. 

In 2021, Uganda became the first African country to finalise a National Action Plan on Business and Human Rights (NAPBHR), based on the United Nations Guiding Principles on Business and Human Rights. The plan strengthens the government’s duty to protect human rights, enhances the corporate responsibility to respect human rights, and ensures access to remedies for victims of human rights violations and abuses resulting from non-compliance by business entities.

In October 2024, CIPESA joined the first meeting of the Multi-Sectoral Technical Committee on Business and Human Rights, which supports the Uganda labour ministry’s role of coordinating the National Action Plan and provides technical guidance on all business and human rights interventions. At that meeting, CIPESA made the case for mainstreaming digital rights in the implementation of the action plan and also urged stakeholders to leverage innovative technologies to improve the outcomes of the action plan.

Similar to other countries in Africa, Uganda’s plan does not provide for digital rights protection, yet digital technologies have become central not only to how many businesses operate, but also to how individuals learn, work, socialise, and participate in community affairs. This increased digitalisation has had an impact on the ability of businesses to respect their human rights obligations.

Objectives of Uganda’s National Action Plan on Business and Human Rights
1. To strengthen institutional capacity, operations and coordination efforts of state and non-state actors for the protection and promotion of human rights in businesses;  
2. To promote human rights compliance and accountability by business actors;  
3. To promote social inclusion and rights of the vulnerable and marginalised individuals and groups in business operations;  
4. To promote meaningful and effective participation and respect for consent by relevant stakeholders in business operations; and  
5. To enhance access to remedy to victims of business-related human rights abuses and violations in business operations.

Speakers urged for increased cross-sector collaboration among stakeholders to align national frameworks more closely with the UN Guiding Principles. Opportunities for intervention include a push for robust data protection and privacy protections by the private sector; affordability of the internet and related technologies to ensure access to digital spaces; and raising awareness on digital rights roles and responsibilities for consumers and business owners. The symposium called upon stakeholders such as telecommunication companies, Internet Service Providers (ISP), financial institutions, innovators, and online platform operators to harmonise business goals with digital rights principles.

As part of the implementation of the NAPBHR, CIPESA is part of the newly launched Advancing Respect for Human Rights by Businesses in Uganda project led by Enabel and Uganda’s Ministry of Gender Labour and Social Development. The project is part of the European Union’s support towards the implementation of Uganda’s National Action Plan on Business and Human Rights and focuses on three thematic areas: labour rights in the agricultural sector, natural resource governance and land, and digital rights and internet governance. The project will work with six civil society organisations to drive advocacy, dialogue, and actions that strengthen Uganda’s Business and Human Rights agenda. Additionally, 50 businesses will receive support to implement human rights due diligence aligned with national and international standards.