Promoting Effective and Inclusive ICT Policy in Africa

Blog

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog
24May

CIPESA Submission to the ACHPR on Ratification of the African Protocol on Disability Rights

Author Evelyn Lirri Posted on

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has made a submission to the Africa Commission on Human and People’s Rights (ACHPR) on the situation and issues on the continent that have a critical human rights dimension for persons with disabilities in the context of ICT. In the submission made in April 2022 and addressed to the Working Group on the Rights of Older Persons and People with Disabilities in Africa, CIPESA reiterates the urgent need for member states to ratify the  Protocol to the African Charter on Human and People’s Rights of Persons with Disabilities in Africa so that it comes into force.

CIPESA notes that four years after its adoption, the Protocol has been signed by less than a dozen countries and only two countries (Cameroon and Mali) have ratified it. For the protocol to come into force, at least 15 countries are required to ratify it.

“The adoption of the Protocol was a major step forward in protecting and advancing the rights of persons with disabilities, but the failure to sign and ratify it undermines these efforts,” submits CIPESA. The submission adds that, without a doubt, African governments must do more to ensure that persons with disabilities access and use digital technologies and that there is sufficient disaggregated data to inform programme interventions. Ratifying the protocol will be a major- but insufficient step in this direction.

In line with the Protocol’s provisions requiring State Parties to: put in place policy, legislative, administrative, and other measures to ensure persons with disabilities enjoy the right to access information (Article 24); ensure the systematic collection, analysis, storage and dissemination of national statistics and data covering disability to facilitate the protection and promotion of the rights of persons with disabilities (Article 32), CIPESA recommends that the Working Group prioritises and engages the Member States to:

  • Ratify the Protocol to the African Charter on Human and Peoples’ Rights on the Rights of Persons with Disabilities in Africa as a matter of utmost priority, and promote awareness of its content and the rights it protects.
  • States parties should issue periodic reports to the African Commission, in accordance with Article 62 of the African Charter, on legislative and other measures undertaken for the full realisation of the rights of persons with disabilities.
  • Enhance the development, implementation, and enforcement of relevant and enabling national policies and legislation on accessible communication products and services such as disability laws, Codes of Practice, consumer rights regulations, and ICT and disability policies.
  • Offer tax exemptions and incentives for innovation as well as investment in assistive devices and software tailored to the needs of persons with disabilities.
  • Promote the awareness of, and access of persons with disabilities to specialist devices and technologies such as manual Perkins Brailler, hand-held magnifiers, hand frames/slates and communication boards, screen readers, text-to-speech software, and Augmentative and Alternative Communication (AAC).
  • Promote meaningful participation of persons with disabilities in decision-making and policy development processes at national and regional levels through affirmative action and other efforts that promote fair representation.
  • Ensure that information on emergencies such as the COVID-19 pandemic, conflicts/wars, and natural calamities, is inclusive and provided in accessible and appropriate formats and languages, whether it is in SMS, audio, visual or document form.
  • Ensure the systematic collection, analysis, storage, and dissemination of national statistics and data covering disability to increase the availability of high-quality, timely, and reliable disaggregated data by disability, in order to facilitate the protection and promotion of the rights of persons with disabilities. The statistics and data should be disseminated in formats accessible to persons with disabilities.
  • Promote multi-stakeholder cooperation between governments, the private sector, civil society, and other relevant actors to promote the rights of persons with disabilities in accordance with the Protocol.

Read CIPESA’S full submission here. 

22Apr

Advancing Internet Freedom in Africa Through the Universal Periodic Review: Lessons and Gaps

Author CIPESA Posted on

By CIPESA Staff Writer |

Since its establishment in 2006, the Universal Periodic Review (UPR) has provided a unique process for reviewing the human rights records of all United Nations (UN) Member States. Over the years, however, there has been limited participation by African civil society in the review process. In particular, there is limited work by African actors to promote internet freedom through this process.

Accordingly, since 2018, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), Small Media Foundation and a coalition of regional partners have been working to support civil society organisations across Africa to engage with the UPR process through capacity development in research and advocacy. The project has made up to 16 UPR submissions on digital rights in Africa with a focus on the Democratic Republic of Congo, Ethiopia, the Gambia, Kenya, Liberia, Malawi, Mozambique, Namibia, Nigeria, Rwanda, Senegal, Sierra Leone, South Sudan, Tanzania, Uganda and Zimbabwe

To further concretise CIPESA and Small Media’s efforts, a survey was commissioned to gauge the awareness, engagement and existing capacities of stakeholders in relation to the UPR process and their development needs with regard to UPR advocacy, campaigning, and research. Conducted between July 2019 and December 2021, the survey recorded a total of 134 respondents from all 16 countries on which CIPESA, Small Media and partners made UPR submissions focused on digital rights. The respondents included activists, academics, diplomats, lawyers, journalists, government officials, development actors, and civil society organisations. 

The survey found that there is limited participation by African civil society in the UPR process despite the review process providing a framework within which activists and human rights defenders can lobby and hold governments to account to promote internet freedom. The number of internet freedom-related submissions on Africa is still small though growing, which is a reflection of the low number of actors conducting internet freedom work and participating in UPR reviews. 

While there is a relatively high level of awareness of the existence of the UPR process, partly the result of training efforts by various organisations in recent years, the level of knowledge about the process is limited. Similarly, the level of participation in the review is moderate, with only 27% having taken part in national consultations and one in four having participated in submission of stakeholder reports. It is also noteworthy that even for those processes that many respondents had participated in, such as stakeholder submissions, those efforts were often led by entities based outside the continent. Only one third of respondents had ever received UPR-related capacity development.

The survey findings indicate the need for skills and knowledge development in UPR engagement including advocacy and follow-up on recommendations; making stakeholder submissions; and participating in national consultations and review sessions. Further, it is crucial to capacite legacy human rights organisations to embrace digital rights work. Other skills development needs identified included data collection; analysis and report writing to feed into submissions; stakeholder engagement; and diplomacy and international negotiations. 

Specifically on digital rights, skills building in understanding the legal and regulatory environment for the digital sector at national, regional and global levels, as well as coalition building strategies, and communications for advocacy, were identified. Other skills needed included digital security for human rights  defenders; knowledge of the full range of the UN Human Rights Mechanisms; and crafting human rights policy recommendations.

In line with the capacity gaps identified by the survey, CIPESA and Small Media convened CSOs, activists and human rights defenders from the 16 countries for a three days workshop on UPR advocacy and coalition building for digital rights. The workshop, which was held in Kampala, Uganda on March 20-22, 2022, featured sessions on local engagement and mobilisation, international and regional legal frameworks, researching digital rights and identifying policy issues, campaign and advocacy planning and impact communications, among others.  

Speaking at the opening of the workshop, CIPESA’s Programme Manager Ashnah Kalemera stated that the training sought to capacitate organisations to more effectively leverage the UPR for advancing digital rights. “Increasing African-based organisations’ participation in the UPR, national level uptake and follow up on recommendations by governments requires growing skills and engendering collaboration among stakeholders,” said Kalemera.

The workshop builds on CIPESA’s multi-country efforts in building skills and knowledge in collaborative internet policy research, research methods, communicating research, and data-driven advocacy, among others, towards a free, open and secure internet in Africa.

See the Internet Freedom and UPR in Africa Survey report here.

21Apr

Togo: Fumbling With a Digital ID While Actively Surveilling Citizens

Author CIPESA Posted on

By Afi Edoh |

For four years Togo has been inching towards issuing a digital identity (ID) card. While there are indications that 2022 may be the year in which the west African country finally delivers the long-awaited digital ID, the road ahead remains uncertain. Challenges lie both in bureaucratic delays and citizens’ caginess about handing their data to a government with a penchant for surveilling citizens and shutting down digital communications.

The Togolese government announced the e-ID Togo project in 2018, but it was not until mid 2021 that the Ministry of the Digital Economy and Digital Transformation initiated efforts to recruit a communications consultant to devise an awareness campaign to precede the registration stage and a technology solutions service provider. The International Institute of Information Technology Bangalore was awarded the system contract in December 2021.

According to the government, the e-ID project will simplify the process of updating the electoral register, facilitate access to public services and to credit, reduce fraud in the financial sector, and facilitate the targeting of social protection beneficiaries. Only 25% of the country’s population of eight million has a form of identification, with women less likely to have an identification document, which hinders their ability to open bank accounts, enrol children in school, benefit from health insurance, or get a mobile phone number. In recognition of the gaps in civil registration among citizens, the government set out to enrol citizens for e-ID even without proof of birth registration.

Togo passed Law No. 2019-014 relating to the protection of personal data in October 2019. In 2020, parliament passed Law No. 2020-009 relating to the biometric identification of natural persons, whose objective is to establish a system for identification and authentication of natural persons. The law aims to establish a “secure and reliable methodology” for obtaining, maintaining, storing and updating data on the identity of registered individuals. The law requires all citizens and residents in Togo to obtain a Unique Identification Number (NIU) by submitting their demographic and biometric data (Article 4). The biometric data specified for purposes of obtaining a NIU are photograph and / or facial recognition, fingerprints, and iris scan. The National Identification Agency (ANID) is mandated to collect biometric data for the NIU.

SIM Card Registration
In July 2021, a SIM card registration and limitation of subscriptions per individual and network campaign was launched by the telecommunications regulatory authority ARCEP, supported by leading telecom operators Moov Africa Togo and TogoCom. The SIM registration requirements include a national identity card or passport and collection of biometric and demographic data. 

But this extensive collection of individuals’ personal data raises concerns for the safety of such data. These concerns are not unfounded and they partly arise from the state’s record on respect for digital rights, which have seen it order network disruptions and use malware to target opponents and dissidents.

State Surveillance
In 2020, lingering suspicions that the Togolese government was undertaking interceptions of communications gained credence when the Citizen Lab revealed that Israeli-made spyware Pegasus, supplied by the NSO Group, was used between April and May 2019 to target Togolese civil society, including a Catholic bishop and a priest, as well as two members of Togo’s political opposition. The surveillance reportedly coincided with nationwide pro-reform protests that were forcibly dispersed. The Togolese government did not respond to the allegations, which nonetheless sparked debate within Togolese media and civil society.

Further, in October 2021, Amnesty International research found that Togolese activists had been targeted with spyware by the Donot Team hacker group based in India – the  first time that Donot Team spyware was found in use outside of South Asia. According to the report, the activists’ devices were targeted between December 2019 and January 2020, during a tense political climate ahead of the 2020 presidential election.

Network Disruptions

During the February 2020 elections, authorities disrupted access to messaging services (WhatsApp, Facebook Messenger, and Telegram). Later that year, the Economic Community of West African States (ECOWAS) Court of Justice ruled that the 2017 internet shutdown in Togo was illegal and an affront on the right of freedom to expression. 

According to Access Now, the court ordered the government of Togo to pay two million francs (USD 3,459) to the plaintiffs as compensation, and to take all the necessary measures to guarantee the implementation of safeguards with respect to the right to freedom of expression of the Togolese people.

Privacy and Data Protection

Togo’s laws provide safeguards against unlawful surveillance and unauthorised access to data whilst also granting authorities sweeping powers to violate privacy. Law No. 2012-018 on electronic communications provides for privacy of communications but article 92 empowers the Prime Minister, and the Ministers responsible for the economy and finance, defence, justice, and security and civil protection, to trigger the interception of communications and electronic content.

The biometrics identification law requires the National Identification Agency to encode and encrypt data on its registry and only allows access to authorised agents (article 10, 21 & 22). Violation of the obligation of non-disclosure of personal data, identity theft and unauthorised processing of personal data are punishable with fines ranging from one million to 10 million Central African Francs (USD 1,747 to 17,472), imprisonment between one and five years, or both.   

Article 94 of Togo’s 2012 electronic communication law obliges encryption service providers to comply with lawful interception orders, with refusal to provide secret decryption codes to government agencies punishable with a fine of between USD 3,544 and USD 14,178. Cryptology services providers are required to retain for one year, content and data allowing the identification of anyone who has used their services, and to provide the technical means that enable the identification of those users. The service providers are required to avail this data, on request, to the investigating judge, Prime Minister, Minister for the Economy and Finance, the Minister of Defence, the Minister  of Justice, and the Minister of Security. The multiple officials who access data – similar to the various officials that can trigger the interception of communications – offers wide latitude for abuse of citizens’ data privacy rights.

Digital Exclusion
In the wake of Covid-19, Togo initiated a relief programme for vulnerable citizens whose livelihoods were affected by the state of emergency. As at March 2021, the programme, known as NOVISSI, had disbursed a total of 13.3 billion francs (USD 22 million) to 819,972 citizens via mobile money.

However, the programme was criticised for requiring applicants to possess a voter’s ID card. During the last electoral census, opposition parties called on the population to boycott the exercise, which meant that some citizens had not renewed their voter ID cards. There were also cases of unscrupulous individuals utilising the voter’s ID details of other citizens to fraudulently benefit from the programme. As a result, the government temporarily halted the program to allow for physical verification of beneficiaries at dedicated centres.

Way forward

Whereas the various sanctions within the existing legal framework might be a deterrent against unauthorised access to and misuse of personal data, there is wide latitude for state agencies and officials to access the data, which could be abused. This calls for a review of the provisions to ensure they uphold citizens’ right to privacy and data protection, with adequate oversight and redress mechanisms. Further, the e-ID should be rolled out in a manner that ensures agency and dignity, without enhancing exclusion and surveillance. 

15Apr

CIPESA Makes Submission to the OHCHR on Human Rights in the Tech Sector

Author CIPESA Posted on

Submission |

The Collaboration on International ICT Policy for East & Southern Africa (CIPESA) has made submissions to the Office of the United Nations High Commissioner for Human Rights (OHCHR) on how businesses in the technology sector can improve the observance of human rights. 

The submissions, made in February 2022 in response to a call for inputs on the application of the United Nations Guiding Principles on Business and Human Rights (UNGPs) to the activities of technology companies, will feed into a report the OHCHR will submit to the Human Rights Council in June 2022. 

Below is a summary of CIPESA’s submission.

Emerging Trends

The digital age presents new challenges and ways of working that necessitate a review of how the UNGPs can be applied in the technology sector. Increasingly, states have become purchasers of digital technologies from technology companies to facilitate the implementation of various national programmes which present previously unforeseen risks to privacy as they facilitate mass surveillance. Commonly implemented national programmes posing threats to individual privacy include national digital identification systems, voter registration using digital biometric systems, mandatory SIM card registration, smart cities programmes, and installation of national video surveillance (CCTV) programmes integrating facial recognition systems.

Furthermore, digital technologies have fallen prey to retrogressive legal measures undertaken by states. Across Africa, countries have enacted legislation which compel telecommunications service providers to embed capability within their systems to facilitate the interception of communications by state security agencies, and the state acquisition of software and hardware equipment to facilitate surveillance and interception. 

In addition, some states have taken advantage of digital tools to carry out cyber attacks, censor online content, disseminate propaganda and disinformation. Moreover, many African governments have adopted laws limiting anonymity and the use of encryption.

Pressure on tech companies

Some governments continue to apply undue pressure on technology companies including social media platforms to provide personal information, take down content, and shut down the internet. Others have adopted repressive legislation to control the spread of information on social media, or to regulate internet intermediaries by placing undue liability on them for content on their platforms. During the Covid-19 pandemic, states developed various contact tracing systems and applications without adequate legal frameworks, or an assessment of the human rights impact of the applications. Also, state responses to hold companies accountable remain ad hoc, fragmented and not aligned with international standards.

Questionable company practices
Across the continent, social media, online search, fintech and advertising companies have adopted business models that are based on surveillance capitalism and thus continue to threaten the privacy of users, in some cases without users’ explicit knowledge or consent. Further, social media platforms have also contributed to the spread of harmful content online, which companies have failed to take effective measures to address. Also, social media content policies do not always adopt definitions of content that are rights-respecting, and their practices around content moderation are problematic. Content is often moderated using automated systems which lack local context, are discriminatory and embed bias.

Moreover, some platforms’ practices around content takedowns remain inaccessible, their content policies are not uniformly applied, and redress mechanisms do not always apply the rules of natural justice. In addition, some companies have continued to develop and sell surveillance technology to autocratic governments on the continent, which is subsequently used against human rights activists, government critics, and opposition leaders, which further exacerbates risks to human rights.

Trade of privacy for business continuity

The total sum of the government measures coupled with the pressure imposed on tech sector players is continent-wide trade of privacy for business continuity by technology companies. This is commonly seen in state surveillance through electronic technologies, including interception of communications, hacking of information of target persons especially political dissidents, activists and human rights defenders. The tech sector has, however, not done enough to ensure that individual privacy is guaranteed for their customers. 

In a continent where strong privacy laws remain scanty, the increased usage of online platforms and social media in the absence of adequate safeguards and oversight over companies remains a critical risk for privacy rights. The enjoyment of human rights and freedoms, especially freedom of expression and  access to information, association, assembly and movement have sharply declined.

Recommendations

Addressing human rights risks in business models:

  • The commitment to respect human rights as envisaged by the UNGPs  should be integrated at all levels in the company hierarchy and embedded across all its functions and processes.
  • Companies should take steps to mitigate risks within their existing business models, and continuously innovate new business models that are rights-respecting.
  • There is a need for continued research to promote greater understanding of the human rights risks in technology business models on the continent. 
  • Multistakeholder engagement should be promoted as it is a critical avenue to promote shared understanding of the human rights risks and impacts of technology in Africa.

Human Rights Due Diligence and end-use

Companies should do the following:

  • Conduct due diligence to identify, prevent or mitigate risks of harmful impact on their business. The due diligence should be conducted from project design and development phase of new products, services and solutions, and thereafter periodically through the lifecycle including promotion, deployment, sale and use.
  • Assess and monitor the effectiveness of their responses to human rights risks, with results of

such assessments guiding decision-making.

  • Review their state clients’ human rights records and ensure they do not develop, sell or offer

them technology products, services or solutions that contribute to or result in adverse human

rights impacts.

Accountability and remedy 

  • Companies should be transparent and accountable in how they address their human rights impact. Such transparency and accountability can be enhanced through periodic reporting to external stakeholders including through public reports.
  • Create platforms and avenues for engagement, information sharing and feedback between technology companies and various stakeholders.  
  • Implement credible and effective complaints reporting and handling mechanisms.
  • Companies should put in place measures to monitor and promote rights-respecting and responsible business practices and culture, and to remedy and mitigate adverse impacts caused by their actions.

The State’s duty to protect

  • Put in place administrative, policy, legislative, institutions to hold technology companies accountable for human rights violations, provide effective remedies for victims of rights violations related to technology, require companies to conduct due diligence and to have proper safeguards to protect the public from harm.
  • Develop laws, policies, regulations, standards, and guidance, including at the regional level to embed and ensure responsible business practices by technology companies and greater respect for human rights in the digital context.
  • Take measures to promote the use and adoption of digital technologies and address the growing digital divide, including by removing barriers to internet access and digital technologies.

See the full submission here.

07Apr

Policy Brief: Taxing Ugandan Citizens Out Of The Digital Society

Author CIPESA Posted on

By Edrine Wanyama |

Uganda’s Information and Communications Technology (ICT) sector contributes 9% of the country’s Gross Domestic Product (GDP) and could contribute to the country’s socio-economic transformation through innovation and food security, access to markets such as for agricultural produce, and improved service delivery. However, a new Policy Brief by CIPESA shows that universal, affordable access remains largely unattained due to the high and multiple taxes on digital products and services.

According to the GSMA’s Mobile Connectivity Index, which measures key enablers of mobile internet adoption such as infrastructure, affordability, content and services, Uganda lags behind its neighbours Kenya, Rwanda and Tanzania. 

According to the Uganda Communications Commission (UCC), by September 2021, the country had 29.1 million telephone subscriptions that translate into a national penetration of seven connections for every 10 Ugandans. However, the proportion of Ugandans who actually own or use mobile phones is less than 70% due to multiple SIM card ownership. Internet subscriptions stood at 22 million, or a penetration of 52%, yet the percentage of the population that actually uses the internet is much lower, as many users have multiple subscriptions.

Internet and mobile telephone penetration are still low in Uganda in comparison to  Kenya with 122% internet penetration and 133% mobile penetration, Rwanda with 64.4% internet penetration and 84.2% mobile penetration, and Tanzania with 50% internet penetration and 91% mobile penetration. The average phone subscriber in Uganda spends just UGX 10,500 (about USD 2.8) per month on voice, data and SMS services. This average revenue per user (ARPU) in Uganda is significantly lower than in other African countries.

Uganda levies  a direct 12% levy on the net price of internet data, after which a Value Added Tax (VAT) of 18% applies. There is also a 12% excise duty on prepaid airtime, postpaid airtime, and value added services, as well as a 10% import duty on devices. This multiple taxation translates into high cost of services, devices, hardware and software, with suppliers and service providers passing on the financial burden onto consumers, thereby aggravating the affordability challenge. 

With one of highest mobile data rates in the region, with 1 GB of data costing up to 16.2% of an average Ugandan’s monthly income, digital exclusion has been perpetuated with the groups most excluded from the digital economy being the elderly, rural communities, persons with disabilities , the youth, refugees  and migrants. Indeed,  research has found that Ugandan men are 43% more likely to be online than women. 

Meanwhile, according to the Brief, innovation and e-commerce continue to suffer regression with initiatives such as the National ICT Initiatives Support Programme (NIISP) and Digital Uganda Vision achieving minimal impact. This is because poor internet access hinders knowledge creation and stifles innovation in a world where fintechs, mobile payments and a growing array of e-services and e-trade are getting mainstreamed. Similarly, freedom of expression and access to information continue to be undermined despite consistent calls upon the government by the private sector to government to refrain from blocking access to the internet and some social media sites such as Facebook, a practice that undermines citizens’ access to information and freedom of expression, and which also cripples business operations.

The high and multiple digital taxation in Uganda has greatly undermined the ICT sector’s potential as a driver of socio-economic transformation and perpetuates exclusion. It also means that e-governance, e-services and e-commerce cannot achieve full scale, citizens’ access to information and public participation is undermined, and the innovation ecosystem remains frail.

The Brief  calls upon  the government, civil society and the technology sector to take the following measures for progressive reform in the sector. 

Government

  • Repeal all retrogressive legislation such as the Excise Duty (Amendment) Act of 2021 which provides for a 12% levy on the net price of internet data.
  • Lower the Value Added Tax on ICT services from the current 18% to not more than 12%, and reduce by 50% the import duty on ICT devices as well as the excise duty on airtime and value added services.
  • Undertake measures, such as tax incentives, to lower the cost of assistive technologies like screen readers, text-to-speech software, manual Perkins Brailler, hand-held magnifiers, hand frames/slates and communication boards for persons with disabilities.
  • Refrain from implementing measures that disrupt access to the internet and social media, and if any such measures are taken, they should be absolutely necessary, proportionate and for a very limited period of time.
  • Deliberately undertake measures to expand access and usage of ICT by disadvantaged groups, such as through leveraging the universal service fund (RCDF) to fund connectivity and services, as well as digital literacy programmes for rural dwellers, poor women, and persons with disabilities.

Civil Society

  • Advocate for affordable and inclusive access including through awareness campaigns and building the capacity of grassroots communities to push back against digital exclusion.
  • Engage in public policy consultations and challenge laws such as the Excise Duty (Amendment) Act of 2021 and others that impose an undue tax burden on digital services and devices.
  • Collaborate with government and technology actors in efforts to promote digital literacy and infrastructure sharing among others.
  • Research and document barriers to digital inclusion to form the basis for advocacy and engagement including through human rights review mechanisms 

Technology Sector

  • Comply with universal service obligations through infrastructure sharing and provision of accessible services/subsidies for marginalised communities.
  • Collaborate with civil society in efforts to promote digital literacy and innovation.
  • Engage in public policy consultations and challenge laws such as the Excise Duty (Amendment) Act of 2021 and others that impose an undue tax burden on digital services and devices.

Read the full Brief here

1 36 37 38 39 40 166