In an era where biometric data collection is rapidly expanding across Uganda’s public and private sectors, the need for expert oversight has never been more critical. From national ID systems to voter registration and SIM card verification, these digital transformations are reshaping privacy rights and surveillance capabilities in ways that demand careful scrutiny.
CIPESA is seeking a qualified consultant to peer review groundbreaking research on biometric data collection and its implications for digital rights in Uganda.
This consultancy offers a unique opportunity to:
Shape policy recommendations on digital rights and data protection in Uganda
Contribute to protecting citizens’ privacy rights in an increasingly digital ecosystem
Work with a leading organization at the intersection of technology and human rights
Deliver meaningful impact in just 15 days of focused work
The ideal candidate will bring:
An advanced degree in Law, international human rights law, or related field
Deep understanding of digital rights and data protection frameworks
Proven research and analytical capabilities
Strong track record in producing clear, actionable reports
Ready to contribute to this vital work? Submit your application by January 27, 2025 (18:00 EAT), including:
The Collaboration on International ICT Policy for East and Southern Africa (CIPESA), in partnership with Enabel and the European Union, is pleased to announce a new funding opportunity for Civil Society Organizations (CSOs) in Uganda. This initiative is part of the Advancing Respect for Human Rights by Business in Uganda (ARBHR) project, a collaborative effort to strengthen digital rights advocacy and awareness in the business sector while reducing human rights abuses connected to business activities, particularly those impacting women and children.
About the Opportunity
Through this EU-supported initiative, CIPESA will select six (6) CSOs to receive funding of up to €10,000 each subject to demonstrated need, for implementing digital rights awareness and advocacy programs. Selected organisations will benefit from comprehensive mentorship training and collaborative planning support to develop effective action plans that address the growing challenges of digital rights in Uganda’s business environment.
Eligibility Requirements
Organisations must demonstrate:
Relevant organisational mandate and scope
Innovative approaches to digital rights advocacy
Focus on human rights in agriculture, natural resources, or digital space
Commitment to inclusivity (youth, women, persons with disabilities, or refugees)
Geographic Coverage
Eligible organisations must be based or operational in one of these regions:
Busoga (Iganga, Mayuge, Bugiri, and Bugweri)
Albertine (Hoima, Kikuube, Masindi, Buliisa, and Kiryandongo)
Kampala Metropolitan (Kampala, Mukono, and Wakiso)
Project Duration
Selected projects will run for a maximum of eight (8) months.
How to Apply
To apply, please download the following documents:
All application components must be submitted using the online application form. Incomplete applications or those submitted through other channels will not be considered.
Deadline: Interested organisations should submit their applications by January 24, 2025.
Note: Only shortlisted candidates will be contacted.
The sixth edition of the Business and Human Rights Symposium in Uganda marked an essential step in Uganda’s journey to foster responsible and rights-respecting business conduct. Hosted on November 4-5, 2024, the symposium brought together over 200 participants from government, the private sector, academia, and civil society. It offered a platform to reflect on Uganda’s advancements in implementing its National Action Plan on Business and Human Rights and to consider newer frameworks such as the Corporate Sustainability Due Diligence Directive (CSDDD).
As part of the two-day proceedings, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) hosted a panel discussion on the interplay between digital innovation and the protection of human rights, highlighting both successes and challenges in Uganda’s tech ecosystem. The panel discussed the United Nations (UN) Guiding Principles on Business and Human Rights and how they align with the technology sector.
Highlighting Uganda’s growing technology sector, including increased mobile and internet penetration as well as digitalisation of private and public services, the session also spotlighted pressing concerns, such as internet disruptions, labour rights violations, gender discrimination, and data protection and privacy, which continue to challenge human rights protections in the country’s growing digital economy.
Joel Basoga, Head of Technology Practice at H&G Advocates, stated that it was “essential” for businesses in Uganda to embed respect for human rights as a core performance indicator guided by the UN Guiding Principles on Business and Human Rights. He added that for a tech-driven business landscape, legal frameworks surrounding digital rights need to be prioritised.
According to Patricia Ainembabazi, a Project Officer at CIPESA, there was limited understanding of business and human rights in the technology sector. Platforms such as the symposium were crucial in building a thematic understanding of digital rights.
In 2021, Uganda became the first African country to finalise a National Action Plan on Business and Human Rights (NAPBHR), based on the United Nations Guiding Principles on Business and Human Rights. The plan strengthens the government’s duty to protect human rights, enhances the corporate responsibility to respect human rights, and ensures access to remedies for victims of human rights violations and abuses resulting from non-compliance by business entities.
In October 2024, CIPESA joined the first meeting of the Multi-Sectoral Technical Committee on Business and Human Rights, which supports the Uganda labour ministry’s role of coordinating the National Action Plan and provides technical guidance on all business and human rights interventions. At that meeting, CIPESA made the case for mainstreaming digital rights in the implementation of the action plan and also urged stakeholders to leverage innovative technologies to improve the outcomes of the action plan.
Similar to other countries in Africa, Uganda’s plan does not provide for digital rights protection, yet digital technologies have become central not only to how many businesses operate, but also to how individuals learn, work, socialise, and participate in community affairs. This increased digitalisation has had an impact on the ability of businesses to respect their human rights obligations.
Objectives of Uganda’s National Action Plan on Business and Human Rights 1. To strengthen institutional capacity, operations and coordination efforts of state and non-state actors for the protection and promotion of human rights in businesses; 2. To promote human rights compliance and accountability by business actors; 3. To promote social inclusion and rights of the vulnerable and marginalised individuals and groups in business operations; 4. To promote meaningful and effective participation and respect for consent by relevant stakeholders in business operations; and 5. To enhance access to remedy to victims of business-related human rights abuses and violations in business operations.
Speakers urged for increased cross-sector collaboration among stakeholders to align national frameworks more closely with the UN Guiding Principles. Opportunities for intervention include a push for robust data protection and privacy protections by the private sector; affordability of the internet and related technologies to ensure access to digital spaces; and raising awareness on digital rights roles and responsibilities for consumers and business owners. The symposium called upon stakeholders such as telecommunication companies, Internet Service Providers (ISP), financial institutions, innovators, and online platform operators to harmonise business goals with digital rights principles.
As part of the implementation of the NAPBHR, CIPESA is part of the newly launched Advancing Respect for Human Rights by Businesses in Uganda project led by Enabel and Uganda’s Ministry of Gender Labour and Social Development. The project is part of the European Union’s support towards the implementation of Uganda’s National Action Plan on Business and Human Rights and focuses on three thematic areas: labour rights in the agricultural sector, natural resource governance and land, and digital rights and internet governance. The project will work with six civil society organisations to drive advocacy, dialogue, and actions that strengthen Uganda’s Business and Human Rights agenda. Additionally, 50 businesses will receive support to implement human rights due diligence aligned with national and international standards.
South Sudan has enacted the Cybercrimes and Computer Misuse Provisional Order 2021 aimed to combat cybercrimes. The country has a fast-evolving technology sector, with three mobile operators and 24 licensed internet service providers. Investments in infrastructure development have propelled internet penetration to 16.8% and mobile phone penetration to 23% of the country’s population of 11.3 million people, which necessitates a law to curb cybercrime.
The Order is based on article 86(1) of the Transitional Constitution of South Sudan 2011, which provides that when parliament is not in session, the president can issue a provisional order that has the force of law in urgent matters.
The Cybercrimes and Computer Misuse Order makes strides in addressing cybercrimes by extending the scope of jurisdiction in prosecuting cybercrimes to cover offences committed in or outside the country against citizens and the South Sudan state. The Order also establishes judicial oversight especially over the use of forensic tools to collect evidence, with section 10 requiring authorisation by a competent court prior to collecting such evidence. Furthermore, the Order attempts to protect children against child pornography (section 23 and 24), and provides for prevention of trafficking in persons (section 30) and drugs (section 31).
However, the Order is largely regressive of citizens’ rights including freedom of expression, access to information, and the right to privacy.
The Order gives overly broad definitions including of “computer misuse,” “indecent content,” “pornography,” and “publish” which are so ambiguous and wide in scope that they could be used by the state to target government opponents, dissidents and critics. The definitions largely limit the use of electronic gadgets and curtail the exercise of freedom of expression and access to information.
Article 22 of the Transitional Constitution of South Sudan 2011 guarantees the right to privacy. The country has ratified the International Convention on Civil and Political Rights (ICCPR) that provides for the right to privacy under article 17 and the African Charter on Human and Peoples Rights, whose article 5 provides for the right to respect one’s dignity, which includes the right to privacy. The Order appears to contravene these instruments by threatening individual privacy.
Despite a commendable provision in section 6 imposing an obligation on service providers to store information relating to communications, including personal data and traffic data of subscribers, for 180 days – a period far shorter compared to other countries – personal data is still potentially at risk. The section requires service providers and their agents to put in place technical capabilities to enable law enforcement agencies monitor compliance with the Order. With no specific data protection law in South Sudan and without making a commitment to the leading regional instrument, the African Union Convention on Cyber Security and Personal Data Protection, privacy of the citizens is at stake.
The section on offences and penalties lacks specificity on fines which may be levied on errant individuals or companies. On the other hand, some of the offences provided for under the Order potentially curtail freedom of expression and the right to information. For instance, the offence of spamming under section 21 could be interpreted to include all communications through online platforms including social media platforms like Facebook and WhatsApp. Under the provision, virtually all individuals who forward messages on social media stand the risk of prosecution. This also has a chilling effect on freedom of expression and the right to information.
The offence of offensive communication undersection 25potentially has a chilling effect on freedom of expression, media freedom and access to information. A similar provision under section 25 of the Computer Misuse Act, 2011 of Uganda has been widely misused to persecute, prosecute and silence political critics and dissidents.Section 25 of the South Sudan Cybercrimes Order could be used in a similar manner to target government critics and dissidents.
In CIPESA’s analysis of the Order, we call for specific actions that could ensure the prevention of cybercrime while at the same time not hurting online rights and freedoms, including:
Deletion of problematic definitions or provisions from the Order.
Enactment of a specific data protection law to guarantee the protection of data of individuals.
Urgent drafting of rules and regulations to prescribe the procedures for implementing the Order.
Ratification of the African Union Convention on Cyber Security and Personal Data Protection.
Service providers should not be compelled to disclose their subscribers’ information to law enforcement agencies except on the basis of a court order.
Amendment of the Order to emphasise the oversight role of courts during the processes of access, inspection, seizure, collection and preservation of data or tracking of data under section 9.
The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is accepting proposals for the fifth round of the Africa Digital Rights Fund (ADRF).
In this round, ADRF seeks to support initiatives in various thematic areas including but not limited to:
Access and affordability
Access to Information
Cybercrime
Data protection and privacy
Digital economy
Digital Identity (ID)
Digital security
Diversity and inclusion
eGovernance
Freedom of expression
Hate speech
Innovation for democratic participation, transparency and accountability (civic and social tech)
Misinformation/Disinformation
Network disruptions
Strategic litigation
Surveillance
Technology and Covid-19
Grant amounts range between USD 1,000 and USD 20,000, depending on the need and scope of the proposed intervention. The ADRF strongly encourages cost-sharing. The grant period will not exceed 10 months. It is anticipated that around 15 grants will be awarded in this round.
Launched in April 2019, the ADRF supports organisations and networks to implement activities that advance digital rights in Africa, including advocacy, litigation, research, engagement in policy processes, movement building, digital literacy and digital security skills building.
To-date, the Fund has awarded USD 418,000 to 33 initiatives across the continent. In the inaugural round of ADRF, initiatives with activities spanning 16 African countries received a total of USD 65,000. The second call for applications saw a total of USD 152,000 awarded to 14 initiatives that are advancing digital rights through various projects in 18 African countries. In its third round, the ADRF awarded USD 138,000 to 11 initiatives responding to the digital rights fallout from the fight against the coronavirus disease (Covid-19). The most recent and fourth round awarded USD 63,000 to eight current or previous grantees to deploy six-months policy advocacy campaigns that further the conversation on internet freedom in Africa.
Grantees have also received technical and institutional capacity building support to further enhance their digital rights efforts and ensure sustainability. In this regard, CIPESA partnered with the African Centre for Media Excellence (ACME) for capacity building support in impact communications. CIPESA also partnered with Data4Change on data literacy and advocacy support.
Application Guidelines
Geographical Coverage
ADRF is open to organisations/networks based and/or operational in Africa and with interventions covering any country on the continent.
Size of Grants
Grant size shall range from US$1,000 to US$20,000. Cost sharing is strongly encouraged.
Eligible Activities
The activities that are eligible for funding are those that protect and advance digital rights. These may include but are not limited to research, advocacy, engagement in policy processes, litigation, digital literacy and digital security skills building.
Duration
The grant funding shall be for a period not exceeding 10 months.
Eligibility Requirements
The Fund is open to organisations and coalitions working to advance digital rights in Africa. This includes but is not limited to human rights defenders, media, activists, think tanks, legal aid groups, and tech hubs. Entities working on women’s rights, or with youths, sexual minorities, refugees, and persons with disabilities are strongly encouraged to apply.
The initiatives to be funded will preferably have formal registration in an African country, but in some circumstances organisations and coalitions that do not have formal registration may be considered. Such organisations need to show evidence that they are operational in a particular African country or countries.
The activities to be funded must be in/on an African country or countries.
Ineligible Activities
The Fund shall not fund any activity that does not directly advance digital rights.
The Fund will not support travel to attend conferences or workshops, except in exceptional circumstances where such travel is directly linked to an activity that is eligible.
Reimbursements for costs that have already been incurred.
The Fund shall not provide scholarships.
Administration
The Fund is administered by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA). An internal and external panel of experts will make decisions on beneficiaries based on the following criteria:
If the proposed intervention fits within the Fund’s digital rights priorities.
The relevance to the given context/country.
Commitment and experience of the applicant in advancing digital rights.
Potential impact of the intervention on digital rights policies or practices.
The deadline for submissions is now Friday June 25, 2021. The application form can be accessed here.
