Report Documents A Decade of Internet Freedom in Africa

Announement | The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is proud to announce the launch of its 2023 edition of the State of Internet Freedom in Africa report titled, ‘A Decade of Internet Freedom in Africa: Recounting the Past, Shaping the Future of Internet Freedom in Africa’. This year marks a decade since the first State of Internet Freedom in Africa report was produced. Similarly, it marks a decade of the Forum on Internet Freedom in Africa (FIFAfrica) which has since 2014 served as the platform for the launch of every State of Internet Freedom in Africa report. 

This special edition honours the efforts of various state and non-state actors in the promotion of internet freedom in Africa. The report takes a deep dive into the dynamic landscape of internet freedom on the African continent and offers contextual information and evidence to inform ICT policymaking and practice, creates awareness on internet freedom issues on the continent, and shapes conversations by digital rights actors across the continent. 

Through a series of essays, authors in this special issue of the report reflect on the past 10 years on the state of Internet freedom in Africa, exploring various thematic issues around digital rights, including surveillance, privacy, censorship, disinformation, infrastructure, access, advocacy, online safety, internet shutdowns, among others. Authors featured in the report include, Admire Mare, Amanda Manyame, Blaise Pascal Andzongo Menyeng, Rima Rouibi, Victor Kapiyo, Felicia Anthonio. Richard Ngamita, Nanjala Nyabola, Professor Bitange Ndemo, Paul Kimumwe, and Edrine Wanyama.

The report maps the way ahead for digital rights in Africa and the role that different stakeholders need to play to realise the Digital Transformation Strategy for Africa and Declaration 15 of the 2030 Agenda for Sustainable Development on leveraging digital technologies to accelerate human progress, bridge the digital divide, and develop knowledge societies.

The report was unveiled at the closing ceremony of the FIFAfrica which this year was held in Dar es Salaam, Tanzania. 
Find the full report here.

Inscrivez-vous au Forum sur la liberté d’Internet en Afrique (#FIFAfrica23) !

Par FIFAfrica |

Êtes-vous passionné par la liberté d’Internet et les droits numériques en Afrique ? Souhaitez-vous rejoindre et vous engager avec la communauté qui fait avancer les droits numériques en Afrique ? Inscrivez-vous pour participer à l’édition 2023 du Forum sur la liberté d’Internet en Afrique (FIFAfrica23), et rejoignez une communauté de diverses parties prenantes de tout le continent et d’ailleurs, pour débattre des questions les plus urgentes et des opportunités pour améliorer les libertés en ligne. Les inscriptions sont ouvertes pour une participation en présentiel ou à distance !

FIFAfrica23 se tiendra à Dar es Salam, en Tanzanie, les 26 et 27 septembre (pré-événements uniquement sur invitation) et les 28 et 29 septembre (conférence principale) 2023. L’événement est organisé par la Collaboration sur la politique internationale des TIC pour l’Afrique de l’Est et australe (CIPESA), en partenariat avec le ministère tanzanien de l’information, des communications et des technologies de l’information. L’événement aura lieu au Hyatt Regency Dar es Salaam.

Le Forum marquera une décennie de rassemblement de décideurs politiques, de régulateurs, de défenseurs des droits de l’homme, d’universitaires, de représentants de la loi, de médias et d’autres acteurs pour discuter des lacunes, des préoccupations et des possibilités de promotion de la vie privée, de la libre d’expression, de la non-discrimination, de la libre circulation de l’information et de l’innovation en ligne.

Le programme de FIFAfrica23 comprend 10 thèmes sur une diversité de sujets émergeant des soumissions retenues dans le cadre d’un récent appel à sessions.  Ces thèmes comprennent des panels, des présentations, des conférences éclair, des discours liminaires et des ateliers méticuleusement sélectionnés, à travers lesquels les participants au Forum pourront sonder le paysage des droits numériques et de la liberté de l’internet en Afrique, ainsi que les interventions collaboratives pour relever les défis et exploiter les opportunités d’un internet plus ouvert et plus inclusif en Afrique.

Vous pouvez vous inscrire ici et prendre note du Code de Conduite de l’événement et de la Note de voyage qui comprend des informations logistiques.

Ne manquez pas l’occasion de participer à cet événement historique et de contribuer à faire progresser la liberté de l’internet en Afrique !

Ne manquez pas de suivre @cipesaug sur les médias sociaux et de participer à la conversation en ligne en utilisant les hashtags #FIFAfrica23 #InternetFreedomAfrica.

Register for the Forum on Internet Freedom in Africa (#FIFAfrica23)!

By FIFAfrica |

Are you passionate about internet freedom and digital rights in Africa? Do you want to engage with and join the community advancing digital rights in Africa? Register to attend the upcoming 2023 edition of the  Forum on Internet Freedom in Africa (FIFAfrica23) and join a diverse community of stakeholders from across the continent and beyond to deliberate on the most pressing issues and opportunities for advancing online freedom. Registration is open for both in-person and remote attendance! 

FIFAfrica23 will take place in Dar es Salam, Tanzania on September 26-27 (pre-events by invitation only) and September 28-29 (main conference), 2023, hosted by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in partnership with the Tanzanian Ministry of Information, Communications and Information Technology. The event will take place at the Hyatt Regency Dar es Salaam.

The Forum will mark a decade of bringing together policy makers, regulators, human rights defenders, academia, law enforcement representatives, media, and other actors to deliberate on gaps, concerns and opportunities for promoting privacy, free expression, non-discrimination, free flow of information and innovation online.

The FIFAfrica23 agenda will feature 10 tracks on a diversity of topics emerging from successful submissions to a recent open call for sessions.  The tracks include carefully curated panels, presentations, lightning talks, keynote addresses and workshops, through which participants at the Forum will have the opportunity to delve into the deeper layers of the digital rights and internet freedom landscape in Africa and collaborative interventions to address the challenges and harness the opportunities of a more open and inclusive internet in Africa.

You can register here and also take note of the event Code of Conduct and Travel note which includes logistical information.

Don’t miss this chance to be part of this landmark event and contribute to advancing internet freedom in Africa!

Be sure to follow @cipesaug on social media and join the online conversation using the hashtags #FIFAfrica23 #InternetFreedomAfrica.

Submit Your Session Proposal or Travel Support Application to the Forum on Internet Freedom in Africa 2023 (FIFAfrica23)

Announcement |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) invites interested parties to submit session proposals to the 2023 edition of the Forum on Internet Freedom in Africa (FIFAfrica23). Successful submissions will help to shape the agenda of the event, which will gather hundreds of policymakers, regulators, human rights defenders, journalists, academics, private sector players, global information intermediaries, bloggers, and developers.

FIFAfrica23, which is set to take place in Dar es Salaam, Tanzania on September 27-29, 2023, offers a platform for deliberation on gaps and opportunities for advancing privacy, free expression, inclusion, free flow of information, civic participation, and innovation online. This year will mark a decade of hosting the landmark event in various African countries, including Ethiopia, Ghana, South Africa, Uganda, and Zambia.

As part of the registration, we invite session proposals including panel discussions, lightning talks, exhibitions, and skills workshops to shape the FIFAfrica23 agenda. 

CIPESA is committed to ensuring diversity of voices, backgrounds and viewpoints in attendance and as organisers and speakers at panels at FIFAfrica. In line with this, there is limited funding to support travel for participation at FIFAfrica23. Preference will be given to applicants who can partially support their attendance and those who organise sessions.

Submissions close at 18.00 (East Africa Time) on July 14, 2023. Successful session proposals and travel support applicants will be directly notified by August 14, 2023.

The session proposal and travel support form can be accessed here.

NOTE: All data collected as part of the registration and session proposal exercise will only be used for purposes of the FIFAfrica event management.   

Follow @cipesaug on Twitter and on the dedicated FIFAfrica website for regular updates on the Forum.

Towards Effective Biometrics and Digital Identity Systems in Africa

By Victor Kapiyo |

In many countries across Africa, identity systems have largely been paper-based. It is estimated by the World Bank that at least 500 million people in Sub-Saharan Africa lack proof of legal identification. In order to bridge this gap, several countries have adopted some form of digital identity (ID) system for civil registration, including birth, national IDs, voting purposes, incorporating biometrics such as fingerprint, facial or iris recognition as a form of authentication. Indeed, the systems have gained popularity given their benefits as part of digital transformation journeys to promote accessibility, efficiency, and transparency in service delivery – in health, migration, education, social security, and elections. 

Within the last decade, Lesotho, Mozambique,  Tanzania, Uganda,  Zambia and Zimbabwe have introduced national biometric digital identity cards.  

Lesotho’s national ID has so far covered 85% of the eligible population. Mozambique has a digital ID card with a Unique Citizen Identification Number (NUIC), assigned during birth registration. This national identification number is used on NID cards, health cards, driver’s licenses, and passports. The country also has the National Immigration Service (SENAMI), for its immigration system for travel documents and residence permits; as well as the Electronic System for Civil Registration and Vital Statistics (e-SIRCEV) for civil registration.  Birth certificates are a prerequisite for obtaining NIDs. The NID is valid for five years for individuals below 40 years of age and valid for 10 years for individuals between the ages of 40 and 50 years.

Tanzania introduced its biometric national ID programme in 2013 and started issuing cards in 2016..  As of 2020, at least 22.1 million individuals or 80% of the adult population had been registered for the National Identification Number (NIN). Also, mandatory SIM card registration requires the collection of fingerprint data in addition to official documentation such as national identity cards, birth certificates, driver’s licenses or passports.

Zambia introduced its National Registration Card (NRC), in 2013. The USD 54.8 million Integrated National Registration Information System (INRIS) replaced the paper-based system introduced in 1965 and would issue biometric-based documents such as national registration cards, birth and death certificates, and facilitate voter registration. 

In the early 2000s, the  Zimbabwean government introduced biometric IDs by the then Registrar General, Tobaiwa Mudede, as a formalised transition to reportedly enhance issues of e-governance. Unfortunately, there was very limited publicity and awareness on this transition, as well as transparency about the tendering and procurement processes. In 2018, the government also adopted a biometric system for the registration of voters, and for the registration of civil servants in 2019. 

It is worth noting that these systems, despite their benefits, present risks which were previously not common in paper-based identity systems. Some common risks to digitalised personal data include data breaches, surveillance, misuse of personal information, unwarranted intrusion, and financial harm. These risks may be amplified in the absence of comprehensive policy, legal and institutional frameworks for privacy and data protection. Notably, even where laws exist, if they are weak, fragmented, outdated, poorly enforced, lack strong and independent oversight mechanisms, or fail to provide effective remedies, the risk of harm to the data collected is heightened. 

Also, the use of centralised databases, weak information-sharing safeguards, and the lack of transparency and accountability in the management of identity databases have been documented as loopholes that could inevitably create opportunities for abuse by state and non-state actors with access to the information. 

Furthermore, the incomprehensive implementation of biometric digital ID programmes could entrench digital exclusion and discrimination of vulnerable groups, such as the elderly and refugees, from accessing government services due to lack of a national ID as the case was in Uganda. In Zimbabwe, the country’s Human Rights Commission’s (ZHRC) inquiry into access to documentation revealed that there is often neglect and marginalisation of people living with disabilities and members of minority groups. In Mozambique for example, studies showed that citizens who live in remote areas are more at risk of exclusion than others, as they have to travel further, and possibly a number of times, to complete the registration, and thus, bear higher costs.

Currently, 30 African countries have enacted data protection laws and policies. One of the early adopters of data protection laws is Lesotho, which adopted its Data Protection Act, in 2011. Uganda adopted its Data Protection and Privacy Act in 2019. Zambia and Zimbabwe adopted their Data Protection Acts in 2021, while Tanzania adopted its Personal Data Protection Bill in 2022. However, not all these countries have adopted the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention). So far, only Mozambique and Zambia have signed the Convention and deposited the instruments of ratification. Lesotho, Tanzania, Uganda and Zimbabwe are yet to sign or ratify the convention.

Whereas having data protection laws is critical, African countries should also have in place appropriate policy, regulatory and institutional frameworks for the implementation of their digital identity programmes. Such frameworks are essential for fostering public trust and confidence in the use of digital identity systems, especially in the digital economy. 

However, enactment of the relevant laws and policies (including reviewing the existing ones) is just the first step in harnessing the dividends of biometrics and digital ID systems. States need to ensure that the implementation of digital ID systems meets certain thresholds.

  • Biometrics and digital identity systems should be user-centric, rights-respecting, privacy-respecting by default and by design, and secure throughout their lifecycle. 
  • Developers of such systems should anticipate and recognise potential privacy risks such as data breaches and fraud, and address them within the existing systems and frameworks. In addition, the developers should adopt a distributed and federated approach rather than a centralised approach. 
  • Further, there should be a clear governance framework, with independent oversight, well-defined roles and responsibilities, rules and standards. In addition, the systems should entrench accountability, including compliance with data protection laws and the conduct of data protection impact assessments (DPIAs). 
  • Countries should establish independent and robust oversight data protection bodies to regulate data and privacy protection including biometric data. The bodies should be given a commendable level of autonomy and facilitated sufficiently with the required resources to ensure that they function effectively, independently and with minimal external influence over their mandate.
  • In countries where digital identity systems were implemented prior to the enactment of data protection laws, the existing processes should be reviewed to ensure compliance with data protection laws. Key aspects to be considered include the conduct of DPIAs, review of data-sharing arrangements, compliance with data protection principles on consent, accuracy, purpose limitation, automated data processing, children, lawfulness, fairness and transparency, data minimisation, storage limitation, and security. 
  • In addition, countries should review the emerging best practices in the implementation of digital identity systems, learn from other countries and adopt those suitable for their context. 
  • Countries should build the capacity of government officials responsible for biometric digital ID systems, including data protection bodies, law enforcement, prosecution, regulators, and the Judiciary in effective data protection, with skills and knowledge in key principles of data protection and the rights of data subjects.
  • Programme implementation should proactively plan and ease the accessibility of services by the most vulnerable and marginalised groups – elderly, persons with disabilities, women, those in remote areas. This would include phased implementation of digital ID systems, wide distribution of enrollment centers in disability and poor-friendly environments, as well as cost waivers.  
  • Finally, stakeholder engagement and proactive disclosure of information relating to such programmes should always be integrated into the design and deployment of the programmes.