Inscrivez-vous au Forum sur la liberté d’Internet en Afrique (#FIFAfrica23) !

Par FIFAfrica |

Êtes-vous passionné par la liberté d’Internet et les droits numériques en Afrique ? Souhaitez-vous rejoindre et vous engager avec la communauté qui fait avancer les droits numériques en Afrique ? Inscrivez-vous pour participer à l’édition 2023 du Forum sur la liberté d’Internet en Afrique (FIFAfrica23), et rejoignez une communauté de diverses parties prenantes de tout le continent et d’ailleurs, pour débattre des questions les plus urgentes et des opportunités pour améliorer les libertés en ligne. Les inscriptions sont ouvertes pour une participation en présentiel ou à distance !

FIFAfrica23 se tiendra à Dar es Salam, en Tanzanie, les 26 et 27 septembre (pré-événements uniquement sur invitation) et les 28 et 29 septembre (conférence principale) 2023. L’événement est organisé par la Collaboration sur la politique internationale des TIC pour l’Afrique de l’Est et australe (CIPESA), en partenariat avec le ministère tanzanien de l’information, des communications et des technologies de l’information. L’événement aura lieu au Hyatt Regency Dar es Salaam.

Le Forum marquera une décennie de rassemblement de décideurs politiques, de régulateurs, de défenseurs des droits de l’homme, d’universitaires, de représentants de la loi, de médias et d’autres acteurs pour discuter des lacunes, des préoccupations et des possibilités de promotion de la vie privée, de la libre d’expression, de la non-discrimination, de la libre circulation de l’information et de l’innovation en ligne.

Le programme de FIFAfrica23 comprend 10 thèmes sur une diversité de sujets émergeant des soumissions retenues dans le cadre d’un récent appel à sessions.  Ces thèmes comprennent des panels, des présentations, des conférences éclair, des discours liminaires et des ateliers méticuleusement sélectionnés, à travers lesquels les participants au Forum pourront sonder le paysage des droits numériques et de la liberté de l’internet en Afrique, ainsi que les interventions collaboratives pour relever les défis et exploiter les opportunités d’un internet plus ouvert et plus inclusif en Afrique.

Vous pouvez vous inscrire ici et prendre note du Code de Conduite de l’événement et de la Note de voyage qui comprend des informations logistiques.

Ne manquez pas l’occasion de participer à cet événement historique et de contribuer à faire progresser la liberté de l’internet en Afrique !

Ne manquez pas de suivre @cipesaug sur les médias sociaux et de participer à la conversation en ligne en utilisant les hashtags #FIFAfrica23 #InternetFreedomAfrica.

Register for the Forum on Internet Freedom in Africa (#FIFAfrica23)!

By FIFAfrica |

Are you passionate about internet freedom and digital rights in Africa? Do you want to engage with and join the community advancing digital rights in Africa? Register to attend the upcoming 2023 edition of the  Forum on Internet Freedom in Africa (FIFAfrica23) and join a diverse community of stakeholders from across the continent and beyond to deliberate on the most pressing issues and opportunities for advancing online freedom. Registration is open for both in-person and remote attendance! 

FIFAfrica23 will take place in Dar es Salam, Tanzania on September 26-27 (pre-events by invitation only) and September 28-29 (main conference), 2023, hosted by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in partnership with the Tanzanian Ministry of Information, Communications and Information Technology. The event will take place at the Hyatt Regency Dar es Salaam.

The Forum will mark a decade of bringing together policy makers, regulators, human rights defenders, academia, law enforcement representatives, media, and other actors to deliberate on gaps, concerns and opportunities for promoting privacy, free expression, non-discrimination, free flow of information and innovation online.

The FIFAfrica23 agenda will feature 10 tracks on a diversity of topics emerging from successful submissions to a recent open call for sessions.  The tracks include carefully curated panels, presentations, lightning talks, keynote addresses and workshops, through which participants at the Forum will have the opportunity to delve into the deeper layers of the digital rights and internet freedom landscape in Africa and collaborative interventions to address the challenges and harness the opportunities of a more open and inclusive internet in Africa.

You can register here and also take note of the event Code of Conduct and Travel note which includes logistical information.

Don’t miss this chance to be part of this landmark event and contribute to advancing internet freedom in Africa!

Be sure to follow @cipesaug on social media and join the online conversation using the hashtags #FIFAfrica23 #InternetFreedomAfrica.

Submit Your Session Proposal or Travel Support Application to the Forum on Internet Freedom in Africa 2023 (FIFAfrica23)

Announcement |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) invites interested parties to submit session proposals to the 2023 edition of the Forum on Internet Freedom in Africa (FIFAfrica23). Successful submissions will help to shape the agenda of the event, which will gather hundreds of policymakers, regulators, human rights defenders, journalists, academics, private sector players, global information intermediaries, bloggers, and developers.

FIFAfrica23, which is set to take place in Dar es Salaam, Tanzania on September 27-29, 2023, offers a platform for deliberation on gaps and opportunities for advancing privacy, free expression, inclusion, free flow of information, civic participation, and innovation online. This year will mark a decade of hosting the landmark event in various African countries, including Ethiopia, Ghana, South Africa, Uganda, and Zambia.

As part of the registration, we invite session proposals including panel discussions, lightning talks, exhibitions, and skills workshops to shape the FIFAfrica23 agenda. 

CIPESA is committed to ensuring diversity of voices, backgrounds and viewpoints in attendance and as organisers and speakers at panels at FIFAfrica. In line with this, there is limited funding to support travel for participation at FIFAfrica23. Preference will be given to applicants who can partially support their attendance and those who organise sessions.

Submissions close at 18.00 (East Africa Time) on July 14, 2023. Successful session proposals and travel support applicants will be directly notified by August 14, 2023.

The session proposal and travel support form can be accessed here.

NOTE: All data collected as part of the registration and session proposal exercise will only be used for purposes of the FIFAfrica event management.   

Follow @cipesaug on Twitter and on the dedicated FIFAfrica website for regular updates on the Forum.

Towards Effective Biometrics and Digital Identity Systems in Africa

By Victor Kapiyo |

In many countries across Africa, identity systems have largely been paper-based. It is estimated by the World Bank that at least 500 million people in Sub-Saharan Africa lack proof of legal identification. In order to bridge this gap, several countries have adopted some form of digital identity (ID) system for civil registration, including birth, national IDs, voting purposes, incorporating biometrics such as fingerprint, facial or iris recognition as a form of authentication. Indeed, the systems have gained popularity given their benefits as part of digital transformation journeys to promote accessibility, efficiency, and transparency in service delivery – in health, migration, education, social security, and elections. 

Within the last decade, Lesotho, Mozambique,  Tanzania, Uganda,  Zambia and Zimbabwe have introduced national biometric digital identity cards.  

Lesotho’s national ID has so far covered 85% of the eligible population. Mozambique has a digital ID card with a Unique Citizen Identification Number (NUIC), assigned during birth registration. This national identification number is used on NID cards, health cards, driver’s licenses, and passports. The country also has the National Immigration Service (SENAMI), for its immigration system for travel documents and residence permits; as well as the Electronic System for Civil Registration and Vital Statistics (e-SIRCEV) for civil registration.  Birth certificates are a prerequisite for obtaining NIDs. The NID is valid for five years for individuals below 40 years of age and valid for 10 years for individuals between the ages of 40 and 50 years.

Tanzania introduced its biometric national ID programme in 2013 and started issuing cards in 2016..  As of 2020, at least 22.1 million individuals or 80% of the adult population had been registered for the National Identification Number (NIN). Also, mandatory SIM card registration requires the collection of fingerprint data in addition to official documentation such as national identity cards, birth certificates, driver’s licenses or passports.

Zambia introduced its National Registration Card (NRC), in 2013. The USD 54.8 million Integrated National Registration Information System (INRIS) replaced the paper-based system introduced in 1965 and would issue biometric-based documents such as national registration cards, birth and death certificates, and facilitate voter registration. 

In the early 2000s, the  Zimbabwean government introduced biometric IDs by the then Registrar General, Tobaiwa Mudede, as a formalised transition to reportedly enhance issues of e-governance. Unfortunately, there was very limited publicity and awareness on this transition, as well as transparency about the tendering and procurement processes. In 2018, the government also adopted a biometric system for the registration of voters, and for the registration of civil servants in 2019. 

It is worth noting that these systems, despite their benefits, present risks which were previously not common in paper-based identity systems. Some common risks to digitalised personal data include data breaches, surveillance, misuse of personal information, unwarranted intrusion, and financial harm. These risks may be amplified in the absence of comprehensive policy, legal and institutional frameworks for privacy and data protection. Notably, even where laws exist, if they are weak, fragmented, outdated, poorly enforced, lack strong and independent oversight mechanisms, or fail to provide effective remedies, the risk of harm to the data collected is heightened. 

Also, the use of centralised databases, weak information-sharing safeguards, and the lack of transparency and accountability in the management of identity databases have been documented as loopholes that could inevitably create opportunities for abuse by state and non-state actors with access to the information. 

Furthermore, the incomprehensive implementation of biometric digital ID programmes could entrench digital exclusion and discrimination of vulnerable groups, such as the elderly and refugees, from accessing government services due to lack of a national ID as the case was in Uganda. In Zimbabwe, the country’s Human Rights Commission’s (ZHRC) inquiry into access to documentation revealed that there is often neglect and marginalisation of people living with disabilities and members of minority groups. In Mozambique for example, studies showed that citizens who live in remote areas are more at risk of exclusion than others, as they have to travel further, and possibly a number of times, to complete the registration, and thus, bear higher costs.

Currently, 30 African countries have enacted data protection laws and policies. One of the early adopters of data protection laws is Lesotho, which adopted its Data Protection Act, in 2011. Uganda adopted its Data Protection and Privacy Act in 2019. Zambia and Zimbabwe adopted their Data Protection Acts in 2021, while Tanzania adopted its Personal Data Protection Bill in 2022. However, not all these countries have adopted the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention). So far, only Mozambique and Zambia have signed the Convention and deposited the instruments of ratification. Lesotho, Tanzania, Uganda and Zimbabwe are yet to sign or ratify the convention.

Whereas having data protection laws is critical, African countries should also have in place appropriate policy, regulatory and institutional frameworks for the implementation of their digital identity programmes. Such frameworks are essential for fostering public trust and confidence in the use of digital identity systems, especially in the digital economy. 

However, enactment of the relevant laws and policies (including reviewing the existing ones) is just the first step in harnessing the dividends of biometrics and digital ID systems. States need to ensure that the implementation of digital ID systems meets certain thresholds.

  • Biometrics and digital identity systems should be user-centric, rights-respecting, privacy-respecting by default and by design, and secure throughout their lifecycle. 
  • Developers of such systems should anticipate and recognise potential privacy risks such as data breaches and fraud, and address them within the existing systems and frameworks. In addition, the developers should adopt a distributed and federated approach rather than a centralised approach. 
  • Further, there should be a clear governance framework, with independent oversight, well-defined roles and responsibilities, rules and standards. In addition, the systems should entrench accountability, including compliance with data protection laws and the conduct of data protection impact assessments (DPIAs). 
  • Countries should establish independent and robust oversight data protection bodies to regulate data and privacy protection including biometric data. The bodies should be given a commendable level of autonomy and facilitated sufficiently with the required resources to ensure that they function effectively, independently and with minimal external influence over their mandate.
  • In countries where digital identity systems were implemented prior to the enactment of data protection laws, the existing processes should be reviewed to ensure compliance with data protection laws. Key aspects to be considered include the conduct of DPIAs, review of data-sharing arrangements, compliance with data protection principles on consent, accuracy, purpose limitation, automated data processing, children, lawfulness, fairness and transparency, data minimisation, storage limitation, and security. 
  • In addition, countries should review the emerging best practices in the implementation of digital identity systems, learn from other countries and adopt those suitable for their context. 
  • Countries should build the capacity of government officials responsible for biometric digital ID systems, including data protection bodies, law enforcement, prosecution, regulators, and the Judiciary in effective data protection, with skills and knowledge in key principles of data protection and the rights of data subjects.
  • Programme implementation should proactively plan and ease the accessibility of services by the most vulnerable and marginalised groups – elderly, persons with disabilities, women, those in remote areas. This would include phased implementation of digital ID systems, wide distribution of enrollment centers in disability and poor-friendly environments, as well as cost waivers.  
  • Finally, stakeholder engagement and proactive disclosure of information relating to such programmes should always be integrated into the design and deployment of the programmes. 

State of Internet Freedom in Africa 2022: The Rise of Biometric Surveillance

FIFAfrica22 |

Digital biometric data collection programmes are becoming increasingly popular across the African continent. Governments are investing in diverse digital programmes to enable the capture of biometric information of their citizens for various purposes.

A new report by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) documents the emerging and current trends in biometric data collection and processing in Africa. It focuses on the deployment of national biometric technology-based programmes in 16 African countries, namely Angola, Cameroon, Central African Republic, Democratic Republic of Congo, Kenya, Lesotho, Liberia, Mozambique, Nigeria, Senegal, Sierra Leone, Tanzania, Togo, Tunisia, Uganda, and Zambia.

The report published today is the ninth consecutive one issued by CIPESA since 2014 under the State of Internet Freedom in Africa series. It was released at the Forum on Internet Freedom in Africa (FIFAfrica), which is taking place in Lusaka, Zambia.

The biometric data collection programmes reviewed by the report include those related to civil registrations, such as the issuance of National Identity cards, biometric voter registration and identification programmes, government-led CCTV programmes with facial recognition capabilities, national ePassport initiatives, refugees’ registration, and mandatory biometric SIM card registration.

The report highlights the key trends, potential risks, challenges and gaps relating to biometric data collection projects in the continent. These include limited public engagement and awareness campaigns; inadequate legal frameworks that heighten risks to privacy; exclusion from accessing essential services; enhanced surveillance, profiling and targeting; conflicting interests and the wide powers of third parties; and limited capacity and training. 

Consequently, the study notes that these biometric programmes are being implemented in countries with poor digital rights records, declining democracy and rising digital authoritarianism, which casts doubt on the integrity of biometric data collection programmes and the resultant databases. Thus, viewed collectively, the developments, trends and risks outlined in the report heighten concern over the growing threats to the right to privacy of personal data and potential violations of digital rights on the continent. 

Finally, the report presents recommendations to various stakeholders including the government, civil society, the media, the private sector and academia, which, if implemented, will go a long way in addressing data protection and privacy gaps, risks and challenges in the study countries. 

The key recommendations include a call to:

  • Governments to implement the laws and policy frameworks on identity systems and data protection and privacy while paying keen attention to compliance with regionally and internationally recognised principles and minimum standards on data protection and privacy for biometric data collection and require the adoption of human rights-based approaches. 
  • Countries without data protection and privacy laws such as Liberia, Mozambique, Sierra Leone and Tanzania should expedite the process of enacting appropriate data protection laws so as to guarantee the data protection and privacy rights of their citizens. 
  • Governments to ratify the AU Convention on Cyber Security and Personal Data Protection (Malabo Convention) to ensure government commitment to regional data protection and privacy as a means to hold them accountable.
  • Governments to establish independent and robust oversight data protection bodies to regulate data and privacy protection including biometric data.
  • Civil society to engage in advocacy and lobby governments to develop, implement and enforce privacy and data protection policies, laws and institutional frameworks that are in compliance with regional and international minimum human rights standards.
  • Civil society to monitor, document and report on the risks, threats, abuses and violations of privacy and human rights associated with biometric data collection programmes, and propose effective solutions to safeguard rights in line with international human rights standards.
  • The media to progressively document and report on initiatives such as advocacy by civil society and other stakeholders to keep track of developments. 
  • The media to conduct investigative journalism to identify and expose privacy violations arising from the implementation of biometric data collection programmes.
  • The private sector to take deliberate efforts to ensure that all their respective biometric data collection programmes and systems are developed implemented and managed in compliance with best practices prescribed by the national, regional and international human rights standards and practices on privacy and data protection, including the UN Guiding Principles on Business and Human Rights.
  • The private sector to ensure that they progressively adopt and develop comprehensive internal privacy policies to guide the collection, storing and processing of personal data. 
  • The private sector to take deliberate efforts aimed at involving data subjects in the control and management of their personal data by providing timely information on external requests for information. 
  • Academia to conduct evidence-based research on data protection and privacy including biometrics, highlighting the challenges, risks, benefits and trends in biometric data collection programmes. 

The full State of Internet Freedom in Africa 2022 Report can be accessed here.