Uganda's Social Media Tax Undermining Covid-19 Fight

By Juliet Nanfuka |

Globally, in the wake of the outbreak of coronavirus disease (COVID19), social media has played various roles, such as  filling information vacuums and providing channels for citizens to demand accountability and transparency. In Uganda, the government and other agencies have utilised social media as one of the avenues for disseminating information to citizens, including providing status updates on confirmed cases, as well as running public health and safety campaigns. 

However, the effectiveness of social media to reach a wider audience in Uganda has likely been undermined by the social media tax, which the finance ministry introduced in July 2018. The tax on so-called Over-the-Top (OTT) services requires  telecom subscribers to pay a daily subscription in order to access popular social media platforms, such as Facebook, Twitter, Instagram and WhatsApp. 

Despite several requests to suspend the tax during the pandemic, the government has upheld it, thereby  excluding segments of the population from easily accessing information and resources via the taxable platforms. Last month, the Speaker of Parliament joined the chorus of those urging the suspension of the tax so as to aid the fight against the pandemic. Her call rode on the revelation by the tax authority that the OTT tax had dismally failed to raise the revenue earlier anticipated, and admission from the minister for information and communications technology that the tax needed to be rethought.

Uganda’s internet penetration stands at 38%, but with research indicating that many subscribers have more than one internet subscription, the proportion of citizens that use the internet could be much lower than 38%. A key challenge is cost. An average Ugandan telecom subscriber spends UGX 10,500 (USD 2.8) per month on voice, SMS and data, yet  access to social media for a month costs an additional USD 1.6 as OTT tax.

Indeed, multiple and high taxation on digitisation remains a stumbling block to increased inclusion not only to basic social media access but also for mobile money usage, digital banking, and access to public e-services.

While all forms of communication including radio, television and in some cases, loudspeakers are playing vital roles in keeping citizens informed on Covid-19, social media is providing a valuable channel for reporting public health gaps, encouraging transparency, accountability, clarification and case monitoring – yet its reach is limited by the OTT tax.

In the early stages of Uganda’s lockdown, it was through social media posts of academic and satirist, Dr. Spire Ssentongo, that many citizens learnt of the cracks in the states’ quarantine processes, such as the forced excessive accommodation prices for quarantined individuals, and the continued public operations of hotels that had been designated as gazetted quarantine centres. Many others also took to social media to share their experiences and the Ministry of Health was forced to respond to these concerns.

Meanwhile, opposition Member of Parliament Robert Kyaluganyi used his social media platform to launch an educative music video on the pandemic in March, and within 10 hours of its release it had garnered more than 700,000 views. He later tweeted that he had  numerous requests for authorisation for the song to be played on television and radio stations.

At government level, some key ministries are struggling with the optimal utilisation of their social media platforms and basic information availability on their websites. For instance, the Ministry of Education and Sports website has no information related to how the education sector should cope with the pandemic. Instead, a series of tweets were made through the account of the ministry’s head, Janet Museveni, pointing to a PDF which details some measures the ministry is undertaking, none of which make any reference to the use of technology or have any indication of where the suggested educational content could be found online.

Yet some entities have showed how technology is aiding their efforts to combat Covid-19. Among them was a tweet by the  Uganda Revenue Authority (@URAuganda) highlighting how investment in the Regional Cargo Tracking System (RCTS) had helped to intercept a truck driver who tested positive for Covid-19. The system was launched in 2017 to track goods under customs control from point of loading to a final destination within Kenya, Rwanda and Uganda.

Back in 2017, the government launched the Uganda Digital Vision,  a national policy and strategic framework to guide the country’s digital transformation and provide a unified direction for ICT development. With the social media tax undermining access to digital information and services, and key ministries failing to leverage digital technologies in providing critical public services, the Digital Vision does not seem to be delivering well on its promises.

 

CIPESA Submission to UN Special Rapporteur Spotlights Rights Concerns in Africa’s Covid-19 Response

By Daniel Mwesigwa |

Many African governments have employed heavy-handed methods in response to the Covid-19 pandemic. These measures, both offline and online, have undermined various rights and there are fears that they might be entrenched after the pandemic subsides.

In response, the United Nations Special Rapporteur on Freedom of Association and Assembly  has  issued detailed key principles which governments and law enforcement agencies should follow to avoid human rights abuses. During consultations to inform the guidelines, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) made submissions to the Special Rapporteur, highlighting major rights concerns in various African countries’ Covid-19 response.

Restrictions on the enjoyment of civil and political rights are permitted under the International Covenant on Civil and Political Rights (ICCPR) in order to protect public health. The International Covenant on Economic, Social and Cultural Rights (ICESCR) also permits the restriction of the enjoyment of the right to the highest attainable standard of physical and mental health, subject to the conditions under Article 4 including “promoting the general welfare in a democratic society”. However, CIPESA’s submission notes that various countries have abused emergency powers and thereby violated numerous rights.

Many African countries that have announced curfews, travel bans, compulsory quarantines, restrictions on public gatherings and closure of education institutions. These include Burkina Faso, Democratic Republic of Congo, Eritrea, Ghana, Ivory Coast, Kenya, Mauritius, Nigeria, Rwanda, Senegal, South Africa, Tunisia, Uganda and Zimbabwe. In enforcing these measures, many rights have been violated. In Nigeria, security forces had killed 18 people while enforcing the lockdown, by April 16, 2020, according to the National Human Rights Commission. In Rwanda, police shot and killed two people for violating the two-week lockdown. In Uganda, security forces have shot and wounded two people.

To stem the spread of misinformation, for instance, in Kenya, South Africa and Zimbabwe, it is now criminal to spread alleged misinformation on Covid-19. Scores of journalists and bloggers in Kenya, Guinea, Uganda, Egypt, among others, have been beaten, detained, or arraigned in court over their reporting on Covid-19.

Meanwhile, the extent of surveillance and data-based contact tracing in African countries is not fully known. So far, Kenya is reportedly monitoring the mobile phones of individuals who are under self-isolation. In South Africa, telecom companies are compelled to give the government location data unde the published amendments to the National Disaster Act to combat Covid-19. And in Uganda, a presidential adviser coordinating the Covid-19 fight said on April 3 that an “intensive surveillance” campaign was being launched with the aid of telecom companies to trace more than 2,000 individuals.  Disturbingly, most of the information about governments’ location surveillance programmes is ad hoc and dispersed across departments and agencies that might not have the remit to conduct such sensitive duties.

In his 10 key principles, the UN Special Rapporteur said that where new laws or regulations are adopted, any limitations on rights imposed must adhere to the principles of legality, necessity and proportionality. He added that the free-flow of information is crucial in times of crisis and laws criminalising ‘false news’, including those targeting human rights defenders, must be avoided.

CIPESA has made various recommendations for state authorities to speedily reinstate  full protection for freedoms once the emergency is over. They include:

  • Dismantle the surveillance apparatus constituted as part of combating the spread of the coronavirus and destroy all the data collected during the tracking exercise as it would have served the purpose for which it was collected.
  • Make public announcements specifying the end of the restrictions and the reinstatement of all freedoms. This should specifically aim to assure citizens of confidence to enjoy their rights.
  • Issue transparency reports detailing the Corona virus-linked surveillance activity, including tools and technologies used, state agencies and private entities involved, number of persons whose phones and data were tracked, the types of data that was collected, which entities accessed the data, and what safeguards were instituted to guard against misuse of the data and the surveillance apparatus.
  • Repeal all laws, decrees, declarations and guidelines that could have intended to limit freedoms in the wake of Covid-19. There should be express declarations and statements that such interim or temporal measures were not aimed at limiting assembly and association but at containing Covid-19 and should not be applied in the aftermath of Covid-19.

Please find the full submission here.

COVID-19 Content Moderation Research Letter

Open Letter |

As the COVID-19 pandemic spreads across the globe, the importance of  technology platforms and their real world impact has never been clearer. The various platforms are being used to communicate, assemble, research the virus, provide mutual aid, and more. This statement notes that many platforms have increased their reliance on automated content moderation during the pandemic, while simultaneously removing misinformation and apparently inaccurate information about COVID-19 at an unprecedented rate.

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) joined 74 organisations and individuals in signing a letter to technology platforms urging them to

  1. Immediately commit to preserving all data on content removal during the COVID-19 pandemic, including but not limited to information about which takedowns did not receive human review, whether users tried to appeal the takedown (when that information is available), and reports that were not acted upon.
  2. Preserve all content that the platform is automatically blocking or removing, including individual posts, videos, images, and entire accounts.
  3. Produce transparency reports that include information about content blocking and removal related to COVID-19
  4. Provide access to this data in the future to researchers and journalists, recognizing that privacy will need to be ensured.

Find the full coalition letter here.

Joint Civil Society Statement: States Use of Digital Surveillance Technologies to Fight Pandemic Must Respect Human Rights

Joint Statement |

The COVID-19 pandemic is a global public health emergency that requires a coordinated and large-scale response by governments worldwide. However, States’ efforts to contain the virus must not be used as a cover to usher in a new era of greatly expanded systems of invasive digital surveillance.

We, the undersigned organizations, urge governments to show leadership in tackling the pandemic in a way that ensures that the use of digital technologies to track and monitor individuals and populations is carried out strictly in line with human rights.

Technology can and should play an important role during this effort to save lives, such as to spread public health messages and increase access to health care. However, an increase in state digital surveillance powers, such as obtaining access to mobile phone location data, threatens privacy, freedom of expression and freedom of association, in ways that could violate rights and degrade trust in public authorities – undermining the effectiveness of any public health response. Such measures also pose a risk of discrimination and may disproportionately harm already marginalized communities.

These are extraordinary times, but human rights law still applies. Indeed, the human rights framework is designed to ensure that different rights can be carefully balanced to protect individuals and wider societies. States cannot simply disregard rights such as privacy and freedom of expression in the name of tackling a public health crisis. On the contrary, protecting human rights also promotes public health. Now more than ever, governments must rigorously ensure that any restrictions to these rights is in line with long-established human rights safeguards.

This crisis offers an opportunity to demonstrate our shared humanity. We can make extraordinary efforts to fight this pandemic that are consistent with human rights standards and the rule of law. The decisions that governments make now to confront the pandemic will shape what the world looks like in the future.

We call on all governments not to respond to the COVID-19 pandemic with increased digital surveillance unless the following conditions are met:

  1. Surveillance measures adopted to address the pandemic must be lawful, necessary and proportionate. They must be provided for by law and must be justified by legitimate public health objectives, as determined by the appropriate public health authorities, and be proportionate to those needs. Governments must be transparent about the measures they are taking so that they can be scrutinized and if appropriate later modified, retracted, or overturned. We cannot allow the COVID-19 pandemic to serve as an excuse for indiscriminate mass surveillance.
  2. If governments expand monitoring and surveillance powers then such powers must be time-bound, and only continue for as long as necessary to address the current pandemic. We cannot allow the COVID-19 pandemic to serve as an excuse for indefinite surveillance
  3. States must ensure that increased collection, retention, and aggregation of personal data, including health data, is only used for the purposes of responding to the COVID-19 pandemic. Data collected, Fed, and aggregated to respond to the pandemic must be limited in scope, time-bound in relation to the pandemic and must not be used for commercial or any other purposes. We cannot allow the COVID-19 pandemic to serve as an excuse to gut individual’s right to privacy.
  4. Governments must take every effort to protect people’s data, including ensuring sufficient security of any personal data collected and of any devices, applications, networks, or services involved in collection, transmission, processing, and storage. Any claims that data is anonymous must be based on evidence and supported with sufficient information regarding how it has been anonymized. We cannot allow attempts to respond to this pandemic to be used as justification for compromising people’s digital safety.
  5. Any use of digital surveillance technologies in responding to COVID-19, including big data and artificial intelligence systems, must address the risk that these tools will facilitate discrimination and other rights abuses against racial minorities, people living in poverty, and other marginalized populations, whose needs and lived realities may be obscured or misrepresented in large datasets. We cannot allow the COVID-19 pandemic to further increase the gap in the enjoyment of human rights between different groups in society.
  6. If governments enter into data sharing agreements with other public or private sector entities, they must be based on law, and the existence of these agreements and information necessary to assess their impact on privacy and human rights must be publicly disclosed – in writing, with sunset clauses, public oversight and other safeguards by default. Businesses involved in efforts by governments to tackle COVID-19 must undertake due diligence to ensure they respect human rights, and ensure any intervention is firewalled from other business and commercial interests. We cannot allow the COVID-19 pandemic to serve as an excuse for keeping people in the dark about what information their governments are gathering and sharing with third parties.
  7. Any response must incorporate accountability protections and safeguards against abuse. Increased surveillance efforts related to COVID-19 should not fall under the domain of security or intelligence agencies and must be subject to effective oversight by appropriate independent bodies. Further, individuals must be given the opportunity to know about and challenge any COVID-19 related measures to collect, aggregate, and retain, and use data. Individuals who have been subjected to surveillance must have access to effective remedies.
  8. COVID-19 related responses that include data collection efforts should include means for free, active, and meaningful participation of relevant stakeholders, in particular experts in the public health sector and the most marginalized population groups.

Signatories:

7amleh – Arab Center for Social Media Advancement

Access Now

African Declaration on Internet Rights and Freedoms Coalition

AI Now

Algorithm Watch

Alternatif Bilisim

Amnesty International

ApTI

ARTICLE 19

Asociación para una Ciudadanía Participativa, ACI Participa

Association for Progressive Communications (APC)

ASUTIC, Senegal

Athan – Freedom of Expression Activist Organization

Barracón Digital

Big Brother Watch

Bits of Freedom

Center for Advancement of Rights and Democracy (CARD)

Center for Digital Democracy

Center for Economic Justice

Centro De Estudios Constitucionales y de Derechos Humanos de Rosario

Chaos Computer Club – CCC

Citizen D / Državljan D

Civil Liberties Union for Europe

CódigoSur

Coding Rights

Coletivo Brasil de Comunicação Social

Collaboration on International ICT Policy for East and Southern Africa (CIPESA)

Comité por la Libre Expresión (C-Libre)

Committee to Protect Journalists

Consumer Action

Consumer Federation of America

Cooperativa Tierra Común

Creative Commons Uruguay

D3 – Defesa dos Direitos Digitais

Data Privacy Brasil

Democratic Transition and Human Rights Support Center “DAAM”

Derechos Digitales

Digital Rights Lawyers Initiative (DRLI)

Digital Security Lab Ukraine

Digitalcourage

EPIC

epicenter.works

European Digital Rights – EDRi

Fitug

Foundation for Information Policy Research

Foundation for Media Alternatives

Fundación Acceso (Centroamérica)

Fundación Ciudadanía y Desarrollo, Ecuador

Fundación Datos Protegidos

Fundación Internet Bolivia

Fundación Taigüey, República Dominicana

Fundación Vía Libre

Hermes Center

Hiperderecho

Homo Digitalis

Human Rights Watch

Hungarian Civil Liberties Union

ImpACT International for Human Rights Policies

Index on Censorship

Initiative für Netzfreiheit

Innovation for Change – Middle East and North Africa

International Commission of Jurists

International Service for Human Rights (ISHR)

Intervozes – Coletivo Brasil de Comunicação Social

Ipandetec

IPPF

Irish Council for Civil Liberties (ICCL)

IT-Political Association of Denmark

Iuridicum Remedium z.s. (IURE)

Karisma

La Quadrature du Net

Liberia Information Technology Student Union

Liberty

Luchadoras

Majal.org

Masaar “Community for Technology and Law”

Media Rights Agenda (Nigeria)

MENA Rights Group

Metamorphosis Foundation

New America’s Open Technology Institute

Observacom

Open Data Institute

Open Rights Group

OpenMedia

OutRight Action International

Pangea

Panoptykon Foundation

Paradigm Initiative (PIN)

PEN International

Privacy International

Public Citizen

Public Knowledge

R3D: Red en Defensa de los Derechos Digitales

RedesAyuda

SHARE Foundation

Skyline International for Human Rights

Sursiendo

Swedish Consumers’ Association

Tahrir Institute for Middle East Policy (TIMEP)

Tech Inquiry

TechHerNG

TEDIC

The Bachchao Project

Unwanted Witness, Uganda

WITNESS

World Wide Web Foundation

Building a Robust Data Protection Regime in Senegal

By Simone Toussi |
Across Africa, there is a push for digitalisation with different countries at various stages of technology adoption and varying levels of legislative regimes that uphold human rights in the digital sphere.
Senegal is among the African countries that remain committed to upgrading legal and institutional frameworks governing the technology sector. Senegal passed a data protection law twelve years ago and was among the  first African states and the first African Francophone country to ratify the Africa Union Convention on Cyber Security and Personal Data Protection in 2016. It has therefore established itself among the pioneers in data governance in Africa.
Given rapid developments related to biometrics, big data, artificial intelligence, and cloud computing, among others, the government of Senegal is in the process of repealing law n° 2008-12 of January 25, 2008 which governs personal data protection. A draft bill published at the tail end of 2019 to replace the preceding law is currently under public consultation.
On February 27 – 28, 2020, Jonction Senegal, in partnership with the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and Facebook hosted a workshop to review the Personal Data Protection Bill, 2019 and make relevant recommendations from a digital rights perspective. The workshop brought together 25 participants including officials from the Personal Data Commission (CDP), the Ministry of Digital Economy and Telecommunications, the Ministry of Women, Family and Gender, the Ministry of Justice, and representatives from the private sector, and civil society organisations including human rights defenders, lawyers, academia, bloggers and journalists.
Opening the workshop, Professor Mamadou Niane, Director of the Legal Department of the CDP justified the draft bill, citing inadequacies in the 2008 law given the dynamic digital environment and emergence of a diversity of players and threats. Furthermore, he noted the need for convergence with regional and international data protection developments and standards such as those laid out in the General Data Protection Regulation (GDPR), the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data signed and ratified by Senegal in 2016, the Budapest Convention, and the African Union Convention on Cyber Security and Personal Data Protection. According to Prof. Niane, other considerations for a new law related to the composition and oversight powers of the CDP and compliance monitoring mechanisms are also to be addressed. He stated that the draft bill provided for data protection principles in the proposed article 7 including the need for processing within the legal requirements, seeking consent, and necessity with exceptions tied to processing for lawful purpose.
Indeed, Diagne El Hadji Daouda, a cybersecurity specialist from the Computech Institute highlighted the importance of data security and commended the draft bill for outlining the principles of identification and authentication, confidentiality, availability and integrity (non-alteration or modification of the data during processing) under Articles 42 and 43. He also commended the proposed obligations for data controllers to put in place encryption measures and regularly review them to ensure data security; and the notification of breaches  to data subjects and authorities (Article 44). However, Daouda noted that despite these provisions, the draft bill did not incorporate the principle of anonymisation, which is crucial for preserving personal data confidentiality and guaranteeing its security.
The draft bill proposes the establishment of the Personal Data Protection Authority (APDP) to replace the CDP – with a diverse member composition including non-governmental representation. Member nomination is by decree of the president (Article 52). However, a number of provisions in the draft bill refer to a Control Authority and a Protection Authority, which seem separate from the APDP.
Dr. Ndiogou Thierno Amadou, Lecturer and Researcher at the Faculty of Legal and Political Sciences of Cheikh Anta Diop University (UCAD), raised concerns about the distinction between the three different authorities mentioned in the draft bill. Participants therefore urged for clarity on the role of the Control Authority (Article 44), as well as a clear definition and distinction between the APDP and the Protection Authority (Article 62) to avoid ambiguities. The  CDP’s Prof. Niane clarified that all mentions of an authority  in the draft bill refer to the APDP and that the necessary revisions would be made in the next draft.
The need to strike a balance between freedom of expression and personal data protection also emerged.  In his presentation, independent journalist and Director of PressAfrik.com Faye Ibrahima Lissa cited the continent-wide trend in legislative restrictions to freedom of expression on grounds of national security and public order. He emphasised that exemptions under the proposed article 105 of the draft bill relating to personal data for the purposes of journalism, research, artistic or literary expression should be precise to avoid them being used to persecute critical voices.
Similarly, Joe Marone, a media trainer and head of online radio Futurs Media noted the fundamental role of journalists in seeking the truth and being the moral conscience of public opinion and civil society. In this regard, journalism ethics and code of conduct pre-empt personal data protection through protection of sources. However, given the advent of data journalism and citizen journalists, the draft bill serves to better guarantee personal data protection within the profession.
Other issues that emerged included age of consent to data collection. Consent is defined as a declaration or clear affirmative action, either orally or in writing that gives permission to process personal data (article 8). The age of consent is not provided for in the draft bill.  Prof. Niane stated that ongoing efforts at the CDP and Ministry of Justice in partnership with the Ministry of Digital Economy and Telecommunications seek to establish a Children’s Code and related strategy dedicated to minors’ protection in the context of data protection and privacy.
The workshop participants made the following formal recommendations for revision in the next draft of the bill:

  • Set a minimum age of consent
  • The president of the ADPD should be appointed through an internal election by members in order to guarantee the authority’s autonomy.
  • Provide for adequate resource allocation to the APDP to facilitate smooth implementation and enforcement of the law
  • Provide for APDP oversight in procurement and contracting of public or government projects involving personal data collection and processing
  • Provide for authority of the APDP to collect and recover financial penalties imposed on offenders and pass them on to the victims of data breaches.
  • Strengthen the financial autonomy of the APDP by granting it 50% of the amounts recovered from any data protection operations
  • Provide for legal personality of the ADPD to give it perpetual succession with capacity to sue and be sued in its name.

Representatives of the CDP and the Ministry of Digital Economy and Telecommunications welcomed the recommendations and committed to including them in the next draft of the bill, before submission to the General Secretariat of the Presidency of Senegal.