Promoting Effective and Inclusive ICT Policy in Africa

Category Archives: Blog

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog  /  Blog
02Sep

CIPESA and PALU Challenge Rwanda to Address Digital Rights Gaps in UPR Review

Author CIPESA Posted on

By Edrine Wanyama |

Rwanda’s digital rights record has been assessed by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the Pan African Lawyers Union (PALU) in a joint submission to the United Nations Human Rights Council. The review contributes to the efforts of the Universal Periodic Review (UPR) mechanism to strengthen human and digital rights within the country. Notably, the review underscores the urgent need for reforms to safeguard freedom of expression, privacy, and digital inclusion in the face of evolving technologies and governance challenges.

The report highlights positive progress such as the enactment of the Data Protection and Privacy Law (Law No. 058/2021) which protects individuals’ data and establishes the Rwanda National Cyber Security Authority (NCSA) to oversee personal data management. The report also notes the establishment of the Irembo platform, which serves as a basis for enhancing access to public services.

Through the National Strategy for Transformation (NST2) for the period 2024 to 2029, the Rwanda government aims to attain 100% e-service access for Rwandans by 2030, including through enhancing digital skills and literacy under the Digital Ambassadors Programme. There have also been concerted efforts aimed to ensure the financial inclusion of women.

Nevertheless, fundamental freedoms, including free expression, access to information, assembly and association, remain severely restricted in the country. The report observes elevated and systematic threats and intimidation, harassment, arrests and detention and prosecution of government opponents and critics, human rights defenders (HRDs), journalists, and other online activists. This has had a chilling effect on the exercise of freedoms. Access to several websites has been blocked on government orders, while victims of government wrath are often slapped with lengthy prison sentences, which also serves as a tool to silence those who do not agree with the government.

Digital inclusion is also still a major challenge, especially for women, persons with disabilities and the rural populace. According to the report, digital inclusion continues to have adverse effects on the exercise of online rights and freedoms, although the country has a high broadband coverage (99%). Smart phone penetration remains low at 22% and the majority of citizens do not use the internet. The high taxes and high internet costs have further aggravated the inclusion gap.

In terms of its data protection landscape, the report acknowledges the positive step of enacting the Data Protection Act, but notes that the law is weak, lacks strong safeguards such as judicial oversight, and contains a substantively less effective redress mechanism.

Moreover, the report underscores that there is enhanced surveillance of individuals and their communications using sophisticated spyware and malware, such as NSO Group’s Pegasus spyware, and the extensive Closed Circuit Television (CCTV) networks. The surveillance has been deployed to target, threaten and intimidate journalists and other critics.

The report makes several recommendations to the committee to consider if the human rights record of Rwanda in online spaces is to be improved. These recommendations call on the government of Rwanda to:

  • Decriminalise defamation and review vague laws used to suppress freedom of expression and peaceful dissent.
  • Establish independent oversight over surveillance practices and introduce judicial safeguards to protect privacy.
  • Strengthen the implementation of the Access to Information law and ensure that public bodies proactively disclose information.
  • Enhance the capacity of the Rwanda National Cyber Security Authority to enforce data protection while ensuring its independence from executive interference.
  • Promote inclusive digital access, especially for women, persons with disabilities, and rural communities.
  • Cease censorship and arbitrary removal of online content, and establish transparent mechanisms for content moderation.
  • Establish a favourable and safe environment for operations of human rights defenders, journalists and other online activists as opposed to persecuting them by repealing or amending laws to provide for rights-respecting provisions.
  • Prohibit and penalise tech-facilitated gender-based violence especially against women and ensure their access to timely and effective redress.
  • Investigate all cases of enforced disappearance, ensuring punishment for any perpetrators and justice for survivors and their family members.
  • Make strong and repeated public statements at the highest government levels to make clear that all law enforcement authorities and investigation agencies should comply with the law, and that all detained people must be brought to court within 24 hours.
  • Embrace universal design and ensure its full integration into the IremboGov platform to cater for and ensure that persons with disabilities especially visual impairments have full access to all of its services.

  See full Report here.

13Aug

Claiming Digital Rights in Uganda’s Business Sector

Author CIPESA Posted on

By CIPESA Writer |

In an era where digital technologies are reshaping every sector including health, agriculture, finance, education and the labour market, Uganda is fast-tracking its ambition to become a fully connected, inclusive digital society. Yet, as the country rolls out its Digital Transformation Roadmap, critical questions remain: Who is being left behind? Who bears the cost of connecting the unconnected? How do we ensure that technological innovation does not come at the expense of human rights protection?

These were the central concerns at the inaugural National Business and Digital Rights Policy Dialogue hosted by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) on July 23, 2025. The event brought together 55 participants comprising policymakers, innovators, civil society, the private sector, and development partners to explore how Uganda’s digital transformation is affecting human rights, especially data protection, privacy, access, and equity. The dialogue reviewed not just Uganda’s      progress, but the power dynamics, policy gaps, and human rights risks shaping digitalisation in business.

The Digital Vision vs. The Digital Reality

Uganda’s Digital Transformation Roadmap sets bold targets: 90% household connectivity, nationwide broadband coverage, and widespread e-service access by 2040. Progress is visible, with over 4,000km of national optical fibre infrastructure laid, and more than 100 digital public services rolled out. Yet, beneath these achievements, gaps in digital literacy, access and utility, as well as funding constraints, persist.

According to the 2024 National Population and Housing Census, Uganda’s population stands at 45.9 million, of whom 50.5% are under the age of 18, representing a massive youth cohort born into a digital world yet often lacking affordable internet access and digital tools. Connectivity gaps are further shaped by geography, with over 75% of the population living in rural areas where infrastructure is limited.

On the gender lens, women who comprise 23.4 million of the population, slightly outnumbering men at 22.5 million, continue to disproportionately face digital access barriers. These range from high data costs, low digital literacy, and limited access to devices and digital infrastructure, especially in rural and remote districts. As one of the panelists during the policy dialogue noted, “Digital transformation is moving fast, but our institutions and communities are not always keeping pace.”

Meanwhile, the informal sector, which employs approximately 80-92% of the country’s workforce, remains largely invisible in national digital strategies and compliance frameworks. This informal sector significantly overlaps with Micro, Small, and Medium Enterprises (MSMEs), which are central to Uganda’s economic growth, yet they often operate without proper tools to secure user data or navigate the evolving digital compliance landscape due to limited awareness, resources, and technical capacity.

As businesses digitise, their responsibility to protect users’ rights increases. However, many of them lack the knowledge to protect these rights. Uganda’s laws and enforcement mechanisms also have gaps. As a result, there is weak oversight over fintech platforms and digital lenders, low awareness and implementation of the Data Protection and Privacy Act, rampant digital surveillance, and gendered digital harms, including online harassment.

Data Is Power but Who Holds It?

Uganda’s fast-growing population is generating an unprecedented amount of personal data. The 2024 population census itself relied on tablet-based digital enumeration for the first time. However, while digital data collection is expanding, data governance is not keeping pace. The Personal Data Protection Office (PDPO) and National Information Technology Authority Uganda (NITA-U) are key players, but capacity and resourcing gaps persist. If left unaddressed, digital innovation risks entrenching inequality, with vulnerable populations, especially refugees, informal workers, and low-income women, paying the price for systems that were not designed with their rights in mind.      

Digital Rights are Human Rights

The future of work in the advent of technology emerged as a key aspect of digital rights, with Moses Okello of the National Organisation of Trade Unions (NOTU) warning that Uganda’s labour laws have not kept pace with the rise of gig work and digital employment. Millions of informal workers remain unprotected and unaware of their rights in the digital economy. He called for urgent legal reforms and a national strategy that integrates labour protections into digital policy, while urging stronger collaboration with civil society to build grassroots awareness and empower workers to navigate digital transitions.

Ruth Ssekindi, Director at the Uganda Human Rights Commission (UHRC), underscored the commission’s constitutional duty to uphold human rights across both state and private sectors, particularly in Uganda’s fast-evolving digital landscape. She highlighted growing concerns over digital rights violations including uninformed data consent, artificial intelligence (AI) manipulation, child exploitation, and poor data security, noting that these challenges disproportionately affect vulnerable populations amid low digital literacy and weak enforcement.

Ssekindi called on businesses to embrace a broader duty of care that goes beyond tax compliance and profit, stressing the need to respect, protect, and remedy digital rights violations. She also pointed to the persistent gender gap in digital access and urged greater inclusion of women and marginalised communities in digital development. While the UHRC plays a key role in shaping digital governance through legal review, education, and policy oversight, she noted that the commission must be adequately resourced, empowered and supported to effectively fulfil its mandate in the digital age.

The dialogue reinforced a clear message that connectivity alone is not enough. Uganda must build an inclusive digital economy anchored in justice, transparency, and community voice. This means empowering watchdog institutions like the PDPO, updating outdated laws and regulations, investing in digital literacy, especially for youths and women, and supporting civic participation in digital policy-making.

In direct response, CIPESA launched the #BeeraSharp (translated as “Be Smart”) campaign. This initiative aims to equip Ugandan businesses with the knowledge and tools to act responsibly in the digital space. #BeeraSharp champions a culture of accountability, urging businesses to take charge of how they collect, store, share, and protect user data. It also promotes understanding of legal obligations under Uganda’s Data Protection and Privacy Act, while encouraging ethical digital conduct across sectors.

A Digital Future for All?

As Uganda ramps up its digitalisation agenda and embraces emerging technologies such as AI and robotics, businesses, policymakers, and civil society must work hand in hand to ensure Uganda’s digital revolution is not just a story of innovation but also a story of inclusion and respect for human rights. As the dialogue closed, one key takeaway stood out: Uganda’s digital future must be intentionally inclusive and rights-driven. Achieving this will require cross-sector collaboration to scale digital skills, reform of outdated laws, more financial and capacity support to institutions like UHRC, NITA-U and the PDPO to protect data rights, and empowering communities through digital literacy, local innovation, and inclusive governance.

12Aug

CIPESA Submits Report on the State of Digital Rights in Liberia to the Universal Periodic Review

Author CIPESA Posted on

By Edrine Wanyama |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the West Africa ICT Action Network (WAICTANET) have submitted to the United Nations Human Rights Council a report that shines a light on Liberia’s human rights record in the digital domain. The report documents developments in Liberia’s digital civic space and offers key information to countries and other stakeholders involved in scrutinising Liberia’s performance under the Universal Periodic Review (UPR) mechanism.

The UPR process offers all United Nations (UN) member states the opportunity to declare what actions they have taken to improve the human rights situation in their countries and to fulfil their human rights obligations. The report notes that while Liberia has taken some steps to promote the realisation of digital rights, it maintains regressive laws, such as the 1978 Penal Code, and there have been instances of curtailment of rights.

According to Patricia Ainembabazi, Policy and Advocacy Officer at CIPESA, this report is essential for tracking the progress made by Liberia in protecting and promoting human rights in online spaces in accordance with domestic, regional and international obligations. She added: “The report forms the basis for identifying opportunities and shaping the human rights situation to enable the realisation of civil liberties in online spaces. Liberia should take these observations seriously and undertake the necessary reforms.”

The report notes that since Liberia was last reviewed in 2020, it has made some progressive steps towards recognising the importance of online spaces and enacted the Kamara Abdullah Kamara Act on Press Freedom which, among others, decriminalises defamation. It has also taken strides to enhance child protection online and to promote gender equality.

Nevertheless, evidence over the years shows a clear onslaught on the digital civic space, with targeted actions against journalists, human rights defenders (HRDs) and activists. These actors often face intimidation and threats, arrests, detention and lengthy prison sentences that are often enabled by laws that are overly broad and ambiguous. In other cases, there have been violent attacks and unresolved deaths of journalists under suspicious situations including assault. These actions have cast a chill on freedom of expression and led to self-censorship by journalists and HRDs and online activists.

Liberia does not have a specific law on data protection, although a validation of the draft law was conducted in late 2024. Since Liberia does not have a data protection authority, individuals’ data remains vulnerable to misuse by unscrupulous individuals, yet there are limited avenues for legal redress for aggrieved parties.

Furthermore, data protection standards in the country fall short of regional and international data protection standards such as those prescribed by the African Union Convention on Cyber Security and Personal Data Protection – which Liberia is yet to ratify.

Meanwhile, Liberia continues to grapple with high levels of digital exclusion due to poverty, digital illiteracy and the concentration of digital access in urban centres.

The report calls upon the Liberian government to:

  1. Repeal all restrictive laws and provisions that criminalise speech and undermine freedom of expression, including section 11.11 of the Penal Law, which penalises individuals for publicly accusing the President of misconduct, even if the accusation is true; section 11.12 on sedition that broadly criminalises acts deemed as incitement against the government; and section 11.14 on criminal malevolence that targets statements which could harm the reputation of public officials. These provisions deter investigative journalism and public accountability.
  2. Expedite the enactment of a specific law on data protection to safeguard and protect personal data. Additionally, ratify and domesticate the Malabo Convention on Cyber Security and Personal Data Protection to show commitment to cyber security and personal data protection.
  3. Amend the Freedom of Information Act to strengthen enforcement and ensure greater accessibility to public information. The law should include clear, enforceable penalties for public officials who unjustifiably deny access to information, and establish mechanisms for timely, proactive disclosure by government bodies.
  4. Codify legal safeguards for internet freedom by explicitly protecting online expression within the provisions of the Telecommunications Act 2007, and fast-track the enactment of the Cybercrime Act.
  5. Empower the Independent National Commission on Human Rights (INCHR), by among others, increasing human and financial resources to enhance and facilitate its role in promoting and protecting human rights.
  6. Enhance the capacity of judicial officers and law enforcement officers on online freedoms.
  7. Implement strict protocols preventing the arbitrary arrest or harassment of journalists for their work, and train security forces in this regard.
  8. Comprehensively investigate and prosecute all cases of abuse and killing of journalists to ensure that justice is served.
  9. Enact a specific law on the protection of children’s privacy, protection against online violence, exploitation, sex predation, grooming and abuse, and pornography to ensure children’s safety online.

See full report here

06Aug

Making AI More Participatory and Inclusive for the Benefit of All Africans

Author CIPESA Posted on

Joint Statement |

Artificial Intelligence (AI) is reshaping our societies; we must ensure ethical, inclusive, and rights-based approaches rooted in the lived realities of our communities, guide its development and application in Africa. 

The Global AI Summit on Africa 2025 held in April in Kigali is one of the important movements and platforms, bringing together civil society organizations, african leaders, parliamentarians, youth actors, researchers, and private sector leaders, to champion principles that uphold human dignity, safeguard marginalized voices, and foster responsible innovation. We applaud the inspiring conversations around AI’s transformative potential for the continent, driven at the Summit. However, such a conversation should not end there. To move from inspiration to impact, we must recognize that some critical voices need to be involved in decision-making spaces.

In collaboration with Niyel, Mozilla, Pollicy, ACM Nigeria, Innovation for Policy Foundation, MISA, and the Namibia University, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) contributed to the development of this call, addressed to african leaders, organisers, and co-chairs of the Global AI Summit 2025 to emphasise the need for more inclusive and participatory approaches.

Through this statement, we are calling for clear commitments and tangible actions around three priorities:

  • Decent AI Jobs for Africa’s people
  • Meaningful public participation in AI governance
  • Resources and support for inclusive, participatory AI development

We invite you to join the call for action and become a signatory to a collective statement that pushes for global collaboration, transparency, and oversight in AI governance. Your voice matters in shaping a future where AI serves humanity, not the other way around. 25 signatories are on board. Whether you’re advocating for gender justice, digital inclusion, or ethical tech, this is your moment to co-create solutions that reflect shared values and lived realities.

Sign the call. Share it widely. Mobilize your networks. Together, we can build an AI ecosystem rooted in equity, accountability, and collective knowledge.

To sign the statement, fill out this form and click here to download the statement.

04Aug

Lesotho Charts a Progressive Path on Data Governance

Author CIPESA Posted on

Patricia Ainembabazi |

From July 28-31, Lesotho’s highland capital of Maseru buzzed with the energy of a data governance sprint. Government officials, academics, civil society, and the private sector assembled for an intensive workshop convened by the African Union Development Agency-NEPAD and AU-GIZ with support from the Lesotho Ministry of Information, Communications, Science, Technology and Innovation (MICSTI), the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the Kenya ICT Action Network (KICTANet). 

The gathering drew over 60 participants with a shared proposition: get everyone on the same page about what good data governance should look like in Lesotho and how to achieve it. The workshop charted a pathway for Lesotho to domesticate the African Union Data Policy Framework (AUDPF), which was adopted by the African Union in 2022. The framework provides guidance to Member States on building harmonised, rights-respecting data governance policies that support digital transformation, innovation, and secure cross-border data flows. 

Lesotho’s efforts to domesticate this framework come at a crucial time, as the country seeks to modernise its digital policy environment and position itself within the continent’s increasingly data-driven economy. These efforts, including the workshop, demonstrate Lesotho’s political will to align with continental digitalisation and data governance blueprints such as the AUDPF and to build an inclusive digital future.

Lesotho’s Minister for Information, Communications, Science, Technology and Innovation,  Nthati Moorosi, stated that the various workshop sessions aimed to “instill more understanding on data governance for clear domestication of the [AUDPF] policy framework.” Sessions saw participants introduced to key concepts such as data as a public good, the importance of ethics and accountability, and the need for harmonised cross-border data policies. Case studies from across Africa helped illustrate how sound data governance could unlock value in sectors such as agriculture, health, and education.  

CIPESA led practical sessions during which participants examined Lesotho’s Data Protection Act and the draft Data Management Policy (2025) in relation to key African instruments, including the AUDPF, the Malabo Convention, the African Continental Free Trade Area (AfCFTA), and the Digital Transformation Strategy for Africa. Participants noted areas of alignment between the national and continental frameworks but also identified gaps in the national data governance framework

As such, effort went into mapping out where Lesotho is already aligned with the AUDPF and which specific areas need to be prioritised in revising the country’s legal and policy framework. Recommendations from this mapping exercise included establishing an independent Data Protection Commission, clarifying categories of personal and sensitive data, improving inter-agency coordination, and investing in digital literacy and data privacy skills across the public and private sectors. 

The workshop was complemented by a strategic stakeholder survey to assess perceptions on Lesotho’s data governance framework. The survey revealed a minimal understanding of the country’s data governance frameworks. Over half of the respondents stated that existing policies were outdated and unable to address current challenges such as cross-border data flows, cloud computing, and evolving digital privacy threats. Respondents identified digital trade, innovation, health research, and public trust as key benefits of robust data governance. Responses further emphasised the importance of inclusive policymaking, public awareness on data governance campaigns in both English and Sesotho, alongside targeted support for rural and marginalised communities. 

By the conclusion of the meeting, participants had agreed on a national data governance strengthening roadmap. With contributions coming from the broad spectrum of participants, who included Princess Senate Mohato Seeiso, through to Principal Secretary Kanono Leronti Ramashamole of the MICSTI, who noted that “data is no longer a by-product of administration but a strategic national asset”, the meeting reinforced the value multistakeholderism holds in digital governance. 

Undeniably, no single institution can carry the policymaking load by itself. The real story from Maseru is the multistakeholder collaboration, with the MICSTI anchoring at home, the AUDA-NEPAD and AU-GIZ bringing continental scaffolding, civic and technical communities translating frameworks into practice, and a steady emphasis that data governance has to work for everyone. Ultimately, this process could enable Lesotho to not just catch up with the AUDPF, but to help show what a people-centred, innovation-friendly data ecosystem looks like in the region. 

As regional leaders in digital rights and digital governance, CIPESA is committed to providing continued support to Lesotho as it works to reform its policies and institutionalise stronger data governance mechanisms. Our involvement helps to ensure that national efforts are grounded in best practices and aligned with continental and global standards, such as those set by the African Union.

1 4 5 6 7 8 94