Promoting Effective and Inclusive ICT Policy in Africa

Blog

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog
25May

Journalists Urged to Embrace Opportunities in Digital Technology

Author Evelyn Lirri Posted on

The Uganda Media Sector Working Group (UMSWG) and industry stakeholders on 5 May 2022 commemorated the World Press Freedom Day focusing on the theme “Journalism Under Digital Siege” during a gala event at Mestil Hotel in Kampala. UMSWG partners who co-sponsored the event were the Media Council of Uganda, CIPESA (Collaboration on International ICT Policy for East and Southern Africa), Uganda Communications Commission, Uganda Human Rights Commission, African Centre for Media Excellence, and Makerere University Department of Journalism and Communication.

In his welcome remarks, Charles Bichachi, a member of the UMSWG founding committee, said the annual World Press Freedom Day was an opportunity to reflect on outstanding issues in the news media ecosystem. This year’s theme, he said, highlighted global trends such as surveillance by state and non-state actors and how user data collection, artificial intelligence, and digitally-mediated attacks on journalists had impacted journalism, freedom of expression, and privacy. Bichachi pointed out that marking World Press Freedom Day was to help all those with a stake in the media to understand the enormity of the digital siege and how they could harness its positive aspects and avoid being crushed by it.

Hon. Jacklet Rwabukurukuru, on behalf of the Uganda Human Rights Commission, emphasized the importance of World Press Freedom Day and its relevance in evaluating Uganda’s progress in upholding media freedom. She said that Uganda’s commitment to human rights was enshrined in the Constitution and in the international and regional human rights instruments that the country has ratified.

Hon. Rwabukurukuru gave an assurance that the Commission would continue to monitor and investigate cases of alleged human rights violations against journalists and media practitioners. The Commission, she said, would engage with all stakeholders, including duty bearers, to address all instances of media rights violations and to ensure that the perpetrators were held accountable and that the victims got justice.

The keynote speaker, former Vision Group chief executive officer, Robert Kabushenga, shared his thoughts on “Saving Journalism from the Digital Siege.” First, he contended that journalists, rather than journalism, were under digital siege. Kabushenga then exhorted journalists to embrace the opportunities that the digital revolution presented instead of lamenting about the situation. He noted that only those who were prepared with the relevant skills and right mindsets would survive in the digital future.

Edrine Wanyama, legal officer at CIPESA, headlined the panel discussion with a presentation on the “Impact of Digitisation on Journalism in Uganda.” The discussion was moderated by Catherine Ageno, a broadcast editor with KFM radio. The panelists were Carol Beyanga, head of mentorship, partnerships, and monetisation at Monitor Publications Limited, Penlope Nankunda, content manager, digital, at Vision Group; Giles Muhame, managing editor of ChimpReports; and Roland Byagaba, innovations officer at Media Challenge Initiative. Wanyama explained that as a result of digitisation, journalism had benefitted in a number of ways such as through easier and faster creation of content through new technologies and platforms such as YouTube; greater capacity to reach larger audiences over a short span of time; faster sharing and dissemination of information; and increased awareness among journalists of the need to protect their identities in the digital space.

Yet, on the other hand, Wanyama pointed out, digitisation had also brought about certain risks. These included the imposition of restrictive laws and policies such as the Regulation of Interception of Communications Act, 2010 and the Anti-Terrorism Act, 2002, online harassment of journalists especially women, and surveillance of communications. Moreover, regulations against hate speech and national security have sometimes become convenient excuses to clamp down on media freedom.

Paulo Ekochu, chairman of the Media Council of Uganda, called for unity among media practitioners. This, he said, would make it possible to work together to address the persistent problems of the industry including journalists’ safety, professionalism, and effective regulation. Ekochu called upon the UMSWG to revamp the difficult, yet long overdue, conversation about the professionalization of journalism and the appropriate regulatory framework to protect the industry.

The Minister for ICT and National Guidance, Hon. Dr. Chris Baryomunsi, who was the chief guest, told journalists that the digital revolution highlighted the importance of balancing media freedom with responsible use of media platforms. He cautioned against the use of digital platforms and devices to insult others and violate their rights. Hon. Baryomunsi reminded the media practitioners gathered that the laws in place were intended to prevent abuse and punish offenders, and not to restrict free speech and the flow of information.

At the climax of the event, the Uganda Media Women’s Association, veteran media trainer Ben Bella Illakut, and long-time newspaper street vendor Baylon Katahikire received UMSWG Awards in recognition of their outstanding contributions to the development of the media industry.

This article was first published on the Uganda Media Council website.

24May

CIPESA Submission to the ACHPR on Ratification of the African Protocol on Disability Rights

Author Evelyn Lirri Posted on

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has made a submission to the Africa Commission on Human and People’s Rights (ACHPR) on the situation and issues on the continent that have a critical human rights dimension for persons with disabilities in the context of ICT. In the submission made in April 2022 and addressed to the Working Group on the Rights of Older Persons and People with Disabilities in Africa, CIPESA reiterates the urgent need for member states to ratify the  Protocol to the African Charter on Human and People’s Rights of Persons with Disabilities in Africa so that it comes into force.

CIPESA notes that four years after its adoption, the Protocol has been signed by less than a dozen countries and only two countries (Cameroon and Mali) have ratified it. For the protocol to come into force, at least 15 countries are required to ratify it.

“The adoption of the Protocol was a major step forward in protecting and advancing the rights of persons with disabilities, but the failure to sign and ratify it undermines these efforts,” submits CIPESA. The submission adds that, without a doubt, African governments must do more to ensure that persons with disabilities access and use digital technologies and that there is sufficient disaggregated data to inform programme interventions. Ratifying the protocol will be a major- but insufficient step in this direction.

In line with the Protocol’s provisions requiring State Parties to: put in place policy, legislative, administrative, and other measures to ensure persons with disabilities enjoy the right to access information (Article 24); ensure the systematic collection, analysis, storage and dissemination of national statistics and data covering disability to facilitate the protection and promotion of the rights of persons with disabilities (Article 32), CIPESA recommends that the Working Group prioritises and engages the Member States to:

  • Ratify the Protocol to the African Charter on Human and Peoples’ Rights on the Rights of Persons with Disabilities in Africa as a matter of utmost priority, and promote awareness of its content and the rights it protects.
  • States parties should issue periodic reports to the African Commission, in accordance with Article 62 of the African Charter, on legislative and other measures undertaken for the full realisation of the rights of persons with disabilities.
  • Enhance the development, implementation, and enforcement of relevant and enabling national policies and legislation on accessible communication products and services such as disability laws, Codes of Practice, consumer rights regulations, and ICT and disability policies.
  • Offer tax exemptions and incentives for innovation as well as investment in assistive devices and software tailored to the needs of persons with disabilities.
  • Promote the awareness of, and access of persons with disabilities to specialist devices and technologies such as manual Perkins Brailler, hand-held magnifiers, hand frames/slates and communication boards, screen readers, text-to-speech software, and Augmentative and Alternative Communication (AAC).
  • Promote meaningful participation of persons with disabilities in decision-making and policy development processes at national and regional levels through affirmative action and other efforts that promote fair representation.
  • Ensure that information on emergencies such as the COVID-19 pandemic, conflicts/wars, and natural calamities, is inclusive and provided in accessible and appropriate formats and languages, whether it is in SMS, audio, visual or document form.
  • Ensure the systematic collection, analysis, storage, and dissemination of national statistics and data covering disability to increase the availability of high-quality, timely, and reliable disaggregated data by disability, in order to facilitate the protection and promotion of the rights of persons with disabilities. The statistics and data should be disseminated in formats accessible to persons with disabilities.
  • Promote multi-stakeholder cooperation between governments, the private sector, civil society, and other relevant actors to promote the rights of persons with disabilities in accordance with the Protocol.

Read CIPESA’S full submission here. 

22Apr

Advancing Internet Freedom in Africa Through the Universal Periodic Review: Lessons and Gaps

Author CIPESA Posted on

By CIPESA Staff Writer |

Since its establishment in 2006, the Universal Periodic Review (UPR) has provided a unique process for reviewing the human rights records of all United Nations (UN) Member States. Over the years, however, there has been limited participation by African civil society in the review process. In particular, there is limited work by African actors to promote internet freedom through this process.

Accordingly, since 2018, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), Small Media Foundation and a coalition of regional partners have been working to support civil society organisations across Africa to engage with the UPR process through capacity development in research and advocacy. The project has made up to 16 UPR submissions on digital rights in Africa with a focus on the Democratic Republic of Congo, Ethiopia, the Gambia, Kenya, Liberia, Malawi, Mozambique, Namibia, Nigeria, Rwanda, Senegal, Sierra Leone, South Sudan, Tanzania, Uganda and Zimbabwe

To further concretise CIPESA and Small Media’s efforts, a survey was commissioned to gauge the awareness, engagement and existing capacities of stakeholders in relation to the UPR process and their development needs with regard to UPR advocacy, campaigning, and research. Conducted between July 2019 and December 2021, the survey recorded a total of 134 respondents from all 16 countries on which CIPESA, Small Media and partners made UPR submissions focused on digital rights. The respondents included activists, academics, diplomats, lawyers, journalists, government officials, development actors, and civil society organisations. 

The survey found that there is limited participation by African civil society in the UPR process despite the review process providing a framework within which activists and human rights defenders can lobby and hold governments to account to promote internet freedom. The number of internet freedom-related submissions on Africa is still small though growing, which is a reflection of the low number of actors conducting internet freedom work and participating in UPR reviews. 

While there is a relatively high level of awareness of the existence of the UPR process, partly the result of training efforts by various organisations in recent years, the level of knowledge about the process is limited. Similarly, the level of participation in the review is moderate, with only 27% having taken part in national consultations and one in four having participated in submission of stakeholder reports. It is also noteworthy that even for those processes that many respondents had participated in, such as stakeholder submissions, those efforts were often led by entities based outside the continent. Only one third of respondents had ever received UPR-related capacity development.

The survey findings indicate the need for skills and knowledge development in UPR engagement including advocacy and follow-up on recommendations; making stakeholder submissions; and participating in national consultations and review sessions. Further, it is crucial to capacite legacy human rights organisations to embrace digital rights work. Other skills development needs identified included data collection; analysis and report writing to feed into submissions; stakeholder engagement; and diplomacy and international negotiations. 

Specifically on digital rights, skills building in understanding the legal and regulatory environment for the digital sector at national, regional and global levels, as well as coalition building strategies, and communications for advocacy, were identified. Other skills needed included digital security for human rights  defenders; knowledge of the full range of the UN Human Rights Mechanisms; and crafting human rights policy recommendations.

In line with the capacity gaps identified by the survey, CIPESA and Small Media convened CSOs, activists and human rights defenders from the 16 countries for a three days workshop on UPR advocacy and coalition building for digital rights. The workshop, which was held in Kampala, Uganda on March 20-22, 2022, featured sessions on local engagement and mobilisation, international and regional legal frameworks, researching digital rights and identifying policy issues, campaign and advocacy planning and impact communications, among others.  

Speaking at the opening of the workshop, CIPESA’s Programme Manager Ashnah Kalemera stated that the training sought to capacitate organisations to more effectively leverage the UPR for advancing digital rights. “Increasing African-based organisations’ participation in the UPR, national level uptake and follow up on recommendations by governments requires growing skills and engendering collaboration among stakeholders,” said Kalemera.

The workshop builds on CIPESA’s multi-country efforts in building skills and knowledge in collaborative internet policy research, research methods, communicating research, and data-driven advocacy, among others, towards a free, open and secure internet in Africa.

See the Internet Freedom and UPR in Africa Survey report here.

21Apr

Togo: Fumbling With a Digital ID While Actively Surveilling Citizens

Author CIPESA Posted on

By Afi Edoh |

For four years Togo has been inching towards issuing a digital identity (ID) card. While there are indications that 2022 may be the year in which the west African country finally delivers the long-awaited digital ID, the road ahead remains uncertain. Challenges lie both in bureaucratic delays and citizens’ caginess about handing their data to a government with a penchant for surveilling citizens and shutting down digital communications.

The Togolese government announced the e-ID Togo project in 2018, but it was not until mid 2021 that the Ministry of the Digital Economy and Digital Transformation initiated efforts to recruit a communications consultant to devise an awareness campaign to precede the registration stage and a technology solutions service provider. The International Institute of Information Technology Bangalore was awarded the system contract in December 2021.

According to the government, the e-ID project will simplify the process of updating the electoral register, facilitate access to public services and to credit, reduce fraud in the financial sector, and facilitate the targeting of social protection beneficiaries. Only 25% of the country’s population of eight million has a form of identification, with women less likely to have an identification document, which hinders their ability to open bank accounts, enrol children in school, benefit from health insurance, or get a mobile phone number. In recognition of the gaps in civil registration among citizens, the government set out to enrol citizens for e-ID even without proof of birth registration.

Togo passed Law No. 2019-014 relating to the protection of personal data in October 2019. In 2020, parliament passed Law No. 2020-009 relating to the biometric identification of natural persons, whose objective is to establish a system for identification and authentication of natural persons. The law aims to establish a “secure and reliable methodology” for obtaining, maintaining, storing and updating data on the identity of registered individuals. The law requires all citizens and residents in Togo to obtain a Unique Identification Number (NIU) by submitting their demographic and biometric data (Article 4). The biometric data specified for purposes of obtaining a NIU are photograph and / or facial recognition, fingerprints, and iris scan. The National Identification Agency (ANID) is mandated to collect biometric data for the NIU.

SIM Card Registration
In July 2021, a SIM card registration and limitation of subscriptions per individual and network campaign was launched by the telecommunications regulatory authority ARCEP, supported by leading telecom operators Moov Africa Togo and TogoCom. The SIM registration requirements include a national identity card or passport and collection of biometric and demographic data. 

But this extensive collection of individuals’ personal data raises concerns for the safety of such data. These concerns are not unfounded and they partly arise from the state’s record on respect for digital rights, which have seen it order network disruptions and use malware to target opponents and dissidents.

State Surveillance
In 2020, lingering suspicions that the Togolese government was undertaking interceptions of communications gained credence when the Citizen Lab revealed that Israeli-made spyware Pegasus, supplied by the NSO Group, was used between April and May 2019 to target Togolese civil society, including a Catholic bishop and a priest, as well as two members of Togo’s political opposition. The surveillance reportedly coincided with nationwide pro-reform protests that were forcibly dispersed. The Togolese government did not respond to the allegations, which nonetheless sparked debate within Togolese media and civil society.

Further, in October 2021, Amnesty International research found that Togolese activists had been targeted with spyware by the Donot Team hacker group based in India – the  first time that Donot Team spyware was found in use outside of South Asia. According to the report, the activists’ devices were targeted between December 2019 and January 2020, during a tense political climate ahead of the 2020 presidential election.

Network Disruptions

During the February 2020 elections, authorities disrupted access to messaging services (WhatsApp, Facebook Messenger, and Telegram). Later that year, the Economic Community of West African States (ECOWAS) Court of Justice ruled that the 2017 internet shutdown in Togo was illegal and an affront on the right of freedom to expression. 

According to Access Now, the court ordered the government of Togo to pay two million francs (USD 3,459) to the plaintiffs as compensation, and to take all the necessary measures to guarantee the implementation of safeguards with respect to the right to freedom of expression of the Togolese people.

Privacy and Data Protection

Togo’s laws provide safeguards against unlawful surveillance and unauthorised access to data whilst also granting authorities sweeping powers to violate privacy. Law No. 2012-018 on electronic communications provides for privacy of communications but article 92 empowers the Prime Minister, and the Ministers responsible for the economy and finance, defence, justice, and security and civil protection, to trigger the interception of communications and electronic content.

The biometrics identification law requires the National Identification Agency to encode and encrypt data on its registry and only allows access to authorised agents (article 10, 21 & 22). Violation of the obligation of non-disclosure of personal data, identity theft and unauthorised processing of personal data are punishable with fines ranging from one million to 10 million Central African Francs (USD 1,747 to 17,472), imprisonment between one and five years, or both.   

Article 94 of Togo’s 2012 electronic communication law obliges encryption service providers to comply with lawful interception orders, with refusal to provide secret decryption codes to government agencies punishable with a fine of between USD 3,544 and USD 14,178. Cryptology services providers are required to retain for one year, content and data allowing the identification of anyone who has used their services, and to provide the technical means that enable the identification of those users. The service providers are required to avail this data, on request, to the investigating judge, Prime Minister, Minister for the Economy and Finance, the Minister of Defence, the Minister  of Justice, and the Minister of Security. The multiple officials who access data – similar to the various officials that can trigger the interception of communications – offers wide latitude for abuse of citizens’ data privacy rights.

Digital Exclusion
In the wake of Covid-19, Togo initiated a relief programme for vulnerable citizens whose livelihoods were affected by the state of emergency. As at March 2021, the programme, known as NOVISSI, had disbursed a total of 13.3 billion francs (USD 22 million) to 819,972 citizens via mobile money.

However, the programme was criticised for requiring applicants to possess a voter’s ID card. During the last electoral census, opposition parties called on the population to boycott the exercise, which meant that some citizens had not renewed their voter ID cards. There were also cases of unscrupulous individuals utilising the voter’s ID details of other citizens to fraudulently benefit from the programme. As a result, the government temporarily halted the program to allow for physical verification of beneficiaries at dedicated centres.

Way forward

Whereas the various sanctions within the existing legal framework might be a deterrent against unauthorised access to and misuse of personal data, there is wide latitude for state agencies and officials to access the data, which could be abused. This calls for a review of the provisions to ensure they uphold citizens’ right to privacy and data protection, with adequate oversight and redress mechanisms. Further, the e-ID should be rolled out in a manner that ensures agency and dignity, without enhancing exclusion and surveillance. 

15Apr

CIPESA Makes Submission to the OHCHR on Human Rights in the Tech Sector

Author CIPESA Posted on

Submission |

The Collaboration on International ICT Policy for East & Southern Africa (CIPESA) has made submissions to the Office of the United Nations High Commissioner for Human Rights (OHCHR) on how businesses in the technology sector can improve the observance of human rights. 

The submissions, made in February 2022 in response to a call for inputs on the application of the United Nations Guiding Principles on Business and Human Rights (UNGPs) to the activities of technology companies, will feed into a report the OHCHR will submit to the Human Rights Council in June 2022. 

Below is a summary of CIPESA’s submission.

Emerging Trends

The digital age presents new challenges and ways of working that necessitate a review of how the UNGPs can be applied in the technology sector. Increasingly, states have become purchasers of digital technologies from technology companies to facilitate the implementation of various national programmes which present previously unforeseen risks to privacy as they facilitate mass surveillance. Commonly implemented national programmes posing threats to individual privacy include national digital identification systems, voter registration using digital biometric systems, mandatory SIM card registration, smart cities programmes, and installation of national video surveillance (CCTV) programmes integrating facial recognition systems.

Furthermore, digital technologies have fallen prey to retrogressive legal measures undertaken by states. Across Africa, countries have enacted legislation which compel telecommunications service providers to embed capability within their systems to facilitate the interception of communications by state security agencies, and the state acquisition of software and hardware equipment to facilitate surveillance and interception. 

In addition, some states have taken advantage of digital tools to carry out cyber attacks, censor online content, disseminate propaganda and disinformation. Moreover, many African governments have adopted laws limiting anonymity and the use of encryption.

Pressure on tech companies

Some governments continue to apply undue pressure on technology companies including social media platforms to provide personal information, take down content, and shut down the internet. Others have adopted repressive legislation to control the spread of information on social media, or to regulate internet intermediaries by placing undue liability on them for content on their platforms. During the Covid-19 pandemic, states developed various contact tracing systems and applications without adequate legal frameworks, or an assessment of the human rights impact of the applications. Also, state responses to hold companies accountable remain ad hoc, fragmented and not aligned with international standards.

Questionable company practices
Across the continent, social media, online search, fintech and advertising companies have adopted business models that are based on surveillance capitalism and thus continue to threaten the privacy of users, in some cases without users’ explicit knowledge or consent. Further, social media platforms have also contributed to the spread of harmful content online, which companies have failed to take effective measures to address. Also, social media content policies do not always adopt definitions of content that are rights-respecting, and their practices around content moderation are problematic. Content is often moderated using automated systems which lack local context, are discriminatory and embed bias.

Moreover, some platforms’ practices around content takedowns remain inaccessible, their content policies are not uniformly applied, and redress mechanisms do not always apply the rules of natural justice. In addition, some companies have continued to develop and sell surveillance technology to autocratic governments on the continent, which is subsequently used against human rights activists, government critics, and opposition leaders, which further exacerbates risks to human rights.

Trade of privacy for business continuity

The total sum of the government measures coupled with the pressure imposed on tech sector players is continent-wide trade of privacy for business continuity by technology companies. This is commonly seen in state surveillance through electronic technologies, including interception of communications, hacking of information of target persons especially political dissidents, activists and human rights defenders. The tech sector has, however, not done enough to ensure that individual privacy is guaranteed for their customers. 

In a continent where strong privacy laws remain scanty, the increased usage of online platforms and social media in the absence of adequate safeguards and oversight over companies remains a critical risk for privacy rights. The enjoyment of human rights and freedoms, especially freedom of expression and  access to information, association, assembly and movement have sharply declined.

Recommendations

Addressing human rights risks in business models:

  • The commitment to respect human rights as envisaged by the UNGPs  should be integrated at all levels in the company hierarchy and embedded across all its functions and processes.
  • Companies should take steps to mitigate risks within their existing business models, and continuously innovate new business models that are rights-respecting.
  • There is a need for continued research to promote greater understanding of the human rights risks in technology business models on the continent. 
  • Multistakeholder engagement should be promoted as it is a critical avenue to promote shared understanding of the human rights risks and impacts of technology in Africa.

Human Rights Due Diligence and end-use

Companies should do the following:

  • Conduct due diligence to identify, prevent or mitigate risks of harmful impact on their business. The due diligence should be conducted from project design and development phase of new products, services and solutions, and thereafter periodically through the lifecycle including promotion, deployment, sale and use.
  • Assess and monitor the effectiveness of their responses to human rights risks, with results of

such assessments guiding decision-making.

  • Review their state clients’ human rights records and ensure they do not develop, sell or offer

them technology products, services or solutions that contribute to or result in adverse human

rights impacts.

Accountability and remedy 

  • Companies should be transparent and accountable in how they address their human rights impact. Such transparency and accountability can be enhanced through periodic reporting to external stakeholders including through public reports.
  • Create platforms and avenues for engagement, information sharing and feedback between technology companies and various stakeholders.  
  • Implement credible and effective complaints reporting and handling mechanisms.
  • Companies should put in place measures to monitor and promote rights-respecting and responsible business practices and culture, and to remedy and mitigate adverse impacts caused by their actions.

The State’s duty to protect

  • Put in place administrative, policy, legislative, institutions to hold technology companies accountable for human rights violations, provide effective remedies for victims of rights violations related to technology, require companies to conduct due diligence and to have proper safeguards to protect the public from harm.
  • Develop laws, policies, regulations, standards, and guidance, including at the regional level to embed and ensure responsible business practices by technology companies and greater respect for human rights in the digital context.
  • Take measures to promote the use and adoption of digital technologies and address the growing digital divide, including by removing barriers to internet access and digital technologies.

See the full submission here.

1 27 28 29 30 31 158