New Toolkit to Guide National Human Rights Institutions in Promoting Digital Rights

Edrine Wanyama |

In an increasingly digital world, safeguarding human rights requires innovative tools, robust mechanisms, and strategic collaboration. Recognising this need, the International Center for Not-for-Profit Law (ICNL), the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), and Paradigm Initiative (PIN) have developed a groundbreaking Toolkit to strengthen the ability of National Human Rights Institutions (NHRIs) in Africa to protect and promote human rights in the digital era. 


While emphasising the role of NHRIs in both promoting and protecting these rights, the Toolkit demystifies digital rights by providing their relationship with the traditionally known rights and demonstrating how digital rights violations can occur. 

The digital transformation sweeping across the globe has created new opportunities for citizens to communicate, express themselves, and claim their various rights. However, it has also ushered in unprecedented challenges, including online censorship, surveillance, misinformation, and violations of privacy. These digital threats disproportionately affect marginalised communities, activists, and human rights defenders, making the role of NHRIs more critical than ever.

The Toolkit equips NHRIs with the knowledge, tools, and strategies they need to effectively address these challenges. It emphasises the intersection of human rights with digital technologies and provides actionable insights to promote accountability, transparency, and inclusivity in digital governance.

The Toolkit highlights the various forms of digital rights violations  such as internet shutdowns, throttling, and blocking; content restrictions including filtering and takedown orders, onerous obligations on intermediaries, restrictive content moderation policies, and the widespread and unchecked digital surveillance.  

Among the roles that NHRIs should play are providing technical advice to government ministries, legislators, the judiciary, and other stakeholders to shape progressive laws, designing digital literacy curricula, and capacity and awareness building of the relevant institutions and stakeholders. Others are research on the impact of digital technologies, application of regional and international human rights approaches, and oversight over public sector procurement of digital technologies.

How NHRIs Can Protect Digital Rights

In the context of digital rights, NHRIs may:

  • Monitor proposed legislation with respect to its impact on digital rights and submit recommendations on how to ensure human rights compliance. 
  • Incorporate digital rights topics, such as online privacy rights violations and incidents of government ordered network disruptions, into annual reporting and submissions to UN mandate holders and the Universal Periodic Review (UPR) and other regional and international human rights monitoring processes. 
  • Connect with domestic and regional digital rights organisations to coordinate efforts to address digital rights violations.
  • Revise existing intake material to systematically receive complaints of digital rights violations
  • Ensure internal policies and methodologies for investigating, analysing, and reporting take into consideration the types of information, data, and tools needed to address digital rights violations
  • When supporting complainants and victims, provide resources and referrals for digital security best practices and capacity building so they can better protect themselves as they seek redress
  • Investigate digital rights violations and call for the necessary measures to end them and ensure non-recurrence.

The Toolkit also underscores the need for NHRIs to build their internal capacities to report and respond to digital rights violations, reporting and monitoring the implementation of laws, coordinating digital rights issues with regional and international institutions, and investigating digital rights violations to ensure that violations stop and justice is served. 

The Toolkit is an important resource that can be utilised to equip various stakeholders with knowledge to respond to emerging digital rights challenges and to identify viable solutions, such as monitoring, documenting and reporting, to enhance the promotion and protection of digital rights. As such, it could go a long way in helping to address common digital rights violations and leveraging resources and partnerships for the protection and promotion of digital rights in Africa.

The AU Disability Protocol Comes Into Force: Implications for Digital Rights for Persons with Disabilities in Africa

By Paul Kimumwe & Michael Aboneka |

On this International Day for Persons with Disabilities, CIPESA reflects on the impact of the African Union (AU) Disability Protocol and its Implication on digital rights for persons with disabilities in Africa and calls upon the African Commission to establish a Special Mandate to enhance the respect for and protection of the rights for persons with disabilities in Africa

Six years after its adoption, the Protocol to the African Charter on Human and Peoples’ Rights on the Rights of Persons with Disabilities in Africa came into force in May 2024 after securing the mandatory 15th ratification by the Republic of Congo. The other 14 African Union member states that have ratified the Protocol are Angola, Burundi, Cameroon, Kenya, Mali, Malawi, Mozambique, Namibia, Nigeria, Niger, Rwanda, South Africa, the Sahrawi Arab Democratic Republic, and Uganda. 

For disability rights activists, this was a defining moment as the protocol augments the rights of persons with disabilities to barrier-free access to the physical environment, transportation, information, and other communication technologies and systems. Specifically, under articles 23 and 24 of the protocol, States Parties should take “effective and appropriate measures” to facilitate the full enjoyment by persons with disabilities of the right to freedom of expression and opinion and access to information, including through the use of Information and Communication Technologies (ICT).

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has been a longstanding advocate for African governments to urgently ratify the protocol. However, CIPESA has also stated, including in submissions to the Africa Commission on Human and People’s Rights (ACHPR), that ratifying the protocol would be a major but insufficient step in ensuring that persons with disabilities access and use digital technologies and that there is sufficient disaggregated data to inform programme interventions.

Indeed, article 24(2) requires States Parties to put in place policy, legislative, administrative, and other measures to ensure that persons with disabilities enjoy the right to freedom of expression and access to information on an equal basis, including:

  1. Providing information intended for the general public as well as information required for official interactions with persons with disabilities in accessible formats and technologies appropriate to different kinds of disabilities in a timely manner and without additional cost to persons with disabilities. 
  2. Requiring private entities that provide services to the general public, including through the internet, to provide information and services in accessible and usable formats for persons with disabilities. 
  3. Recognising and promoting the use of sign language. 
  4. Ensuring that persons with visual impairments or with other print disabilities have effective access to published works, including by using information and communication technologies.

The protocol adds to the available digital rights advocacy tools for disability rights actors, including the 2006 United Nations Convention on the Rights of Persons with Disabilities (CRPD), which places significant obligations on States Parties to take appropriate measures to ensure that persons with disabilities have equal and meaningful access to ICT, including the internet. 

The CRPD was the first international human rights treaty requiring the accessibility of digital tools as a prerequisite for persons with disabilities to fully enjoy their fundamental rights without discrimination. It highlights the inherent risks of exclusion of persons with disabilities from participating equally in society by defining ICT accessibility as integral to general accessibility rights and on par with access to the physical environment and transportation.

While there has been some progress in the enactment of disability rights-respecting and ICT-enabling laws for persons with disabilities in Africa, implementation is a challenge. Moreover, the Protocol comes into force when the digital divide and exclusion of persons with disabilities has worsened despite the exponential growth and penetration of digital technologies on the continent. Persons with disabilities have consistently remained disproportionately excluded from the digital society due to factors such as low levels of ICT skills, high illiteracy levels, and high cost of assistive technologies such as screen readers, screen magnification software, text readers, and speech input software.

It is against this background that CIPESA adds its voice to other calls to the African Commission to expedite the establishment of a special mandate at the level of Special Rapporteur for Persons with Disabilities. This elevated position will ensure that the rights of persons with disabilities in Africa are mainstreamed and upheld.

CIPESA recognises that as a regional human rights instrument, the protocol empowers disability rights actors to demand the enactment and full implementation of policies and laws that promote the rights of persons with disabilities, including in accessing and using digital technologies.

For example, disability rights actors, including civil society, activists, and Disability Rights Organisations (DPOs), should develop mechanisms to monitor the status of implementation of the protocol, including ensuring that the states parties submit their statutory reports as required by Article 34 of the protocol. The DPOs should also actively participate in developing shadow reports on the status of implementation of the protocol, especially on access to information and participation in public affairs.

In addition, disability rights organisations should work with policymakers and the executive to ensure that more countries ratify the protocol and domesticate it through national policies, laws, and practices. Both the protocol and the CRPD should become a reference point during any discussions of draft laws and policies that affect persons with disabilities.

For the media, it is important that, through their reporting, they hold governments accountable for failure to ratify or to fully implement the provisions of the protocol.

Member countries can also demand for accountability of their peers on the status of implementation of the key provisions of the protocol through the African Peer Review Mechanism (APRM).

Please read more about CIPESA submissions on policy actions governments should take after ratifying the protocol. See also The Disability and ICT Accessibility Framework for Monitoring the Implementation of ICT Accessibility Laws and Policies in Africa.

African Commission Resolution to Bolster Data Governance

By Edrine Wanyama |

The Resolution adopted by the African Commission on Human and Peoples’ Rights (ACHPR) during its 81st Ordinary Session held from October 17 to November 6, 2024 in Banjul, The Gambia potentially bolsters data protection and governance on the African continent.

The Resolution calls upon states parties to take all relevant measures to ensure transparent and accountable collection, processing, storage and access to data. It also underscores the importance of ethical principles in data usage, equitable access to data, and addressing biases to prevent structural inequalities while safeguarding privacy and combating discrimination.​

The resolution acknowledges the rapid advancement of technology and the increased dependence on data in governance and socio-economic development, and is in line with the African Union Convention on Cyber Security and Personal Data Protection, African Union’s Data Policy Framework, and the Digital Transformation Strategy for Africa (2020–2030).

Similarly, this timely resolution aligns closely with the vision of the Global Digital Compact (GDC), which calls for inclusive, rights-based governance of digital technologies and artificial intelligence (AI), and the ACHPR’s Resolution 473 on the need to undertake a study on human and peoples’ rights and AI, robotics and other new and emerging technologies. These frameworks emphasise the potential of data and digital technologies while cautioning against risks such as bias, inequities, unwarranted surveillance, and privacy violations.

By embedding human rights principles in digital governance, both the ACHPR’s Resolution 473 and the GDC advocate for responsibly leveraging digital tools to reduce inequalities and protect vulnerable populations. The ACHPR’s focus on equitable data access and capacity-building within African states resonates with the GDC’s call for global collaboration to address disparities in digital infrastructure and skills. Together, these initiatives present a unified agenda to ensure that digital technologies and AI are harnessed for equity, justice, and sustainable development that foster a shared vision for a more inclusive digital age.

The ACHPR Resolution further urges state parties to ensure open access to data which is in possession of public and private in public interest, in accordance with the prescribed regional and international human rights standards.

The Resolution reinforces the African Union’s Data Policy Framework which, among others, seeks to maximise the benefits of the data-driven economy for African countries. With common anticipated benefits, data governance systems will be harmonised to enable secure and free data flow on the continent which potentially contributes to a people-centred approach which is not inward-looking for individuals, institutions and businesses and, enhances data utility for accelerated attainment of Agenda 2063 and the Sustainable Development Goals (SDGs).

There is increasing recognition of the need for data governance frameworks that create a safe and trustworthy digital environment, foster intra-Africa digital trade, enable states’ cooperation on data governance, enable domestication of continental policies, and ensure free and secure data flows across the continent. As such, the  Resolution also calls for the establishment of collaborative mechanisms, coordinating data issues, enabling and facilitating competitiveness in the global economy, promoting sustainable data use and benefits to society, as well as facilitating innovative ways to promote and maximise benefits of data for the African peoples.

Besides, the Resolution will potentially grow the impetus of Regional Economic Communities (RECs) to adopt harmonised data governance systems, which will quicken continental initiatives such as the African Continental Free Trade Area (AfCFTA) Agreement whose growth and benefits depend on secure and free cross-border data flows. For instance, the East African Community (EAC) and the Southern African Development Community (SADC) are set to develop regional data governance policy frameworks with the aim of harmonising data governance in the region for economic growth and regional integration.

The Resolution echoes sentiments shared in various panels at the September Forum on Internet Freedom in Africa 2024 (#FIFAfrica), which highlighted contemporary issues in data governance in Africa, including in collection, management, and processing of data. The Forum emphasised the role of national and regional actors in policy harmonisation, enabling greater cross-border data flows, maximising the benefits of data for all countries and all citizens, and the need for greater privacy protections over personal data. Among others, speakers at FIFAfrica singled out  national parliaments, RECs, civil society organisations, the African Union, and the private sector as having pivotal roles to play in promoting effective data governance.

Uganda Set to Harness Data as A Critical Resource for Socio-Economic Development

By Edrine Wanyama |

On November 19, 2024, Uganda’s Ministry of Information, Communication Technology, and National Guidance (MoICT&NG) validated a draft data strategy, marking a significant milestone in the country’s digital transformation journey. This process follows a 2022 review that identified critical weaknesses in Uganda’s data-sharing ecosystem, including limited data sharing, fragmentation, silos, lack of common standards, and low trust in the system.

The strategy is a cornerstone of the Uganda Digital Transformation Road Map, which drives the Digital Uganda Vision and the country’s broader Digital Revolution agenda. Its goal is to foster a data-driven environment that stimulates innovation, economic growth, and social development. The strategy focuses on three main pillars: data governance, data infrastructure, and strategic data utilisation for efficient and effective use of data.

A robust institutional framework is central to the strategy, comprising a National Data Steering Committee, a National Data Office, and links to data personnel within various Ministries, Departments, and Agencies (MDAs). Additionally, the strategy emphasises the importance of a comprehensive legal and policy framework aligned with national, regional, and international standards.

Uganda’s data protection framework is still in its early stages, with enabling legislation passed in 2019 and implementing regulations adopted in 2021. However, the framework has faced criticism for lacking clear oversight mechanisms and prioritising government access to individuals’ data—justified under national security and lawful purposes—over the protection of data and privacy rights.

The adoption of this data strategy has the potential to introduce stronger oversight and policy guidance, effective stakeholder engagement, and improved monitoring and evaluation in data management processes. This would pave the way for a robust, data-driven economy in Uganda.

Dr. Wairagala Wakabi, Executive Director of CIPESA stated, “Uganda’s Data Protection Strategy coincides with the recent African Commission on Human and Peoples’ Rights Resolution on Promoting and Harnessing Data Access as a Tool for Advancing Human Rights and Sustainable Development in the Digital Age (ACHPR/Res.620 (LXXXI) 2024). If rightly applied and implemented within the existing data governance frameworks at the African Union level, its aims, goals, and objectives cannot be defeated.”

As Africa slowly moves towards a harmonised data regime, Uganda’s strategy represents a key step toward achieving the African Union’s goals. It has the potential to enhance governance, public service delivery, and economic growth while contributing to the continent’s broader socio-economic transformation within the digital economy.

Introducing “Community Fakes”, A Crowdsourcing Platform to Combat AI-Generated Deepfakes

ADRF Grantee Update | 

As the world enters the era of artificial intelligence, the rise of deepfakes and AI-generated media presents significant threats to the integrity of democratic processes, particularly in fragile democracies. These processes are vital for ensuring fairness, accountability, and citizen engagement. 

When compromised, the foundational values of democracy—and society’s trust in its leaders and institutions—are at risk. Safeguarding democracy in the AI era requires vigilance, collaboration, and innovative solutions, such as building a database of verified AI manipulations to protect the truth and uphold free societies.

In the Global South, where political stability is often tenuous, the stakes are even higher. Elections can easily be influenced by mis/disinformation, now accessible at minimal cost and requiring little technical skill. Malicious actors can easily use these tools to create and amplify false content at scale. This risk is amplified in authoritarian regimes, where AI-generated mis/disinformation is increasingly weaponised to manipulate public opinion, undermine elections, or silence dissent. From fabricated videos of political figures to manipulated media, such regimes exploit advanced technologies to sow confusion and mistrust, further destabilising already fragile democracies.

Despite ongoing efforts by social media platforms and AI companies to develop detection tools, these solutions remain inadequate, particularly in culturally and linguistically diverse regions like the Global South. Detection algorithms often rely on patterns trained on Western datasets, which fail to account for local cultural cues, dialects, and subtleties. This gap allows deepfake creators to exploit these nuances, leaving communities vulnerable to disinformation, especially during critical events like elections.

Recognising the urgency of addressing these challenges, Threats developed Community Fakes, an incident database and central repository for researchers to submit, share, and analyse deepfakes and other AI-altered media. This platform enables collaboration, combining human insights with AI tools to create a robust defence against disinformation. By empowering users to identify, upload, and discuss suspect content, Community Fakes offers a comprehensive, adaptable approach to protecting the integrity of information.

The initiative was made possible through the CIPESA-run African Digital Rights Fund (ADRF), which supports innovative interventions to advance digital rights across Africa. The grant to Thraets for the project titled “Safeguarding African Elections—Mitigating the Risk of AI-Generated Mis/Disinformation to Preserve Democracy” aims to counter the increasing risks posed by AI-generated disinformation, which could jeopardise free and fair elections. 

The project has conducted research on elections in Tunisia and Ghana, with the findings feeding into tutorials for journalists and fact-checkers on identifying and countering AI-generated electoral disinformation and awareness campaigns on the need for transparency on the capabilities of AI tools and their risks to democracy. 

Additionally, the project held an Ideathon to generate novel ideas for combating AI-generated disinformation and developed the Spot the Fakes quiz, which gives users the opportunity to dive into the world of AI-generated synthetic media and how to distinguish between the authentic and the fake.

Community Fakes will crowdsource human intelligence to complement AI-based detection, thereby allowing users to leverage their unique insights to spot inconsistencies in AI-generated media that machines may overlook, while having conversations with other experts around the observed patterns. Users can submit suspected deepfakes to the platform, which the global community can then scrutinise, verify, and expose. According to Thraets, this approach ensures that even the most convincing deepfakes can be exposed before they can do irreparable harm. 

Find a full outline of Community Fakes here.