Promoting Effective and Inclusive ICT Policy in Africa

Blog

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog
23Jan

Call for Applications: Fundraising Consultant at CIPESA

Author CIPESA Posted on

About CIPESA
The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is a leading centre for research and analysis that works to defend and expand the digital civic space to enable the protection and promotion of human rights and to enhance innovation and sustainable development. With a focus on disparate actors including government, the private sector, civil society, media, policy makers and multinational institutions, our work aims to engender a free, open and secure internet that advances rights, livelihoods, and democratic governance. CIPESA’s work responds to a shortage of information, research, resources and actors consistently working at the nexus of technology, human rights and society.

CIPESA continues to address the rising threats and challenges to Africa’s digital landscape and the enjoyment of digital rights on the continent. Some of these include the arbitrary arrest, detention and prosecution and intimidation of users of digital technologies, digital taxation, internet disruptions, disinformation, digital exclusion, surveillance, cyber attacks, poorly regulated digital identity programmes, digital authoritarianism, and the proliferation of regressive legislation that undermines the digital economy.

We have responded to these challenges through ambitious programming that includes,

  • Knowledge and skills development; 
  • Generating research-based evidence;
  • Policy engagement;
  • Convenings;
  • Movement building; and 
  • Strategic litigation.

CIPESA is now actively searching for an experienced fundraising consultant with a passion for non-profit work to help us develop a comprehensive fundraising strategy to support the implementation of our new strategic plan.

The consultant will, among others:

  1. Conduct a situation analysis of CIPESA’s funding over the last planning period.
  2. Develop SMART objectives for the strategy.
  3. Conduct research to identify and map potential donors and funding sources for the new planning period.
  4. Develop a comprehensive fundraising plan, including specific tactics, budgets, and timelines.
  5. Develop a monitoring and evaluation framework for the fundraising strategy.
  6. Support the execution of select fundraising activities.
  7. Train Board members and staff on best practices for effective donor engagement. 

We expect the successful candidate to start the assignment by March 1, 2023 and complete by May 31, 2023.
If you are interested in working with a passionate team to make real impact in protecting and advancing the enjoyment of internet and digital rights in Africa, kindly send your detailed technical and financial proposal, CV and a cover letter explaining your qualifications and experience to [email protected] by February 15, 2023.

20Jan

Capacitating Civil Society Actors to Advance Digital Rights in Africa

Author CIPESA Posted on

By Paul Kimumwe |

Internet freedom in Africa has been on the decline over the past years with several countries continually adopting repressive measures that curtail civil liberties. Many governments have embraced digital authoritarianism, which has resulted in criminalisation of speech online, internet disruptions, arrests and prosecution of social media users, and abuse of citizens’ data rights, thus undermining free expression and civic participation. 

Several governments have continually enhanced their technical capacity to intercept and monitor electronic communications, including through the installation of equipment and software or spyware that enable remote controlled hacking and eavesdropping, and deployment of video surveillance systems, some of which have facial recognition capabilities. These enhancements have been partly aided by introduction of regressive laws ostensibly to fight terrorism and to protect national order. 

Some control measures – such as trolling and cyberbullying – target critical democracy actors, including women human rights defenders (WHRDs) and journalists, and have far-reaching impacts on rights protection, including free expression, access to information and civic participation. Other measures, such as digital taxation, registration and licensing of online users, greatly undermine internet access and affordability and weaken the potential of digital technologies to catalyse free expression and civic participation.

These measures are worrying not only because they directly undermine citizens’ digital rights and their appetite for public participation but also because they endanger the safety of some critical democratic actors. Without adequate digital security capacity, activists and human rights defenders (HRDs) are not able to meaningfully undertake advocacy and engagements around human rights, transparent and accountable governance. Concerningly, digital security and safety skills are lacking among some of the most at-risk groups, yet trainers and support networks are in short supply. In this brief we review some key intervention measures necessary to  grow the capacity of  civil society actors to navigate the rising digital authoritarianism and highlight CIPESA’s work in this regard.

Shrinking Civic Space

Recent years have seen an increase in the number of reported incidents of governments in the region cracking down on civil society organisations, especially those addressing human rights and social justice issues. Various illegal means, including physical assaults, arbitrary detention, torture, killings, intimidation and surveillance by security agencies, have been adopted to limit the rights to freedom of assembly, association, expression, and access to information.

The situation was exacerbated by measures adopted by national governments to curb the spread and mitigate the effects of the Covid-19 pandemic. The different measures including the clamp down on media platforms, intimidation, arrests, detention and prosecution, affected the work and operations of HRDss and civil society organisations (CSOs) in many countries. The ability of citizens to participate in civic matters and the conduct of public affairs were also eroded. Meanwhile, HRDs, journalists, activists, the political opposition, and ordinary citizens have been forced to self-censor, disengage from participating in public affairs, and refrain from exercising their rights to participate.

Limited Capacity of Civil Society Actors

Although there has been a growing number of civil society and justice actors responding to, and challenging government excesses, some of them have been hampered by lack of requisite knowledge, skills, and tools to engage in meaningful policy advocacy. There is also limited understanding of the linkages between Information and Communication Technologies (ICT), human rights and democracy and how government control measures undermine democratic participation.

According to Ashnah Kalemera, Programme Manager at CIPESA, advancing digital rights is a new phenomenon for most of the traditional human rights organisations in Africa, “with many still trying to understand the relationship between ICT and human rights, on top of dealing with an already hostile environment.” 

Through various interventions, CIPESA is building the capacity of different social justice organisations and equipping them with the requisite skills, including research, communicating digital rights, designing evidence-based advocacy campaigns, as well as digital resilience, especially how to cope with the increasing cyber attacks.

Findings from a 2017 joint research study conducted by Small Media, DefendDefenders, the Centre For Intellectual Property And Information Technology Law (CIPIT), and CIPESA showed that in Burundi, Rwanda, Tanzania, and Uganda, most CSOs failed to demonstrate a baseline of digital security knowledge and practices.

The study noted that although the internet and other ICT had empowered CSOs to engage with the public, share information, and advocate for citizens’ rights in sometimes challenging and closed political environments, it had also offered means and tools that regional state and non-state actors utilised to interfere with their work, surveil them, and censor their voices.

Similarly, an assessment CIPESA conducted in five countries during 2020 indicated a need to bolster capacity, organisational practices, and implementation of security and safety measures for social justice organisations and staff. It also found that skills and protections (software and hardware) were low and inadequate among many HRD organisations and individuals. 

Building Digital Resilience Among CSOs

In many countries in the region, skills in digital security and safety are lacking among some of the most at-risk groups, yet trainers and support networks are in short supply. Without adequate digital security capacity, activists and HRDs are not able to meaningfully continue advocacy and engagements around human rights, transparent and accountable governance.

For several years CIPESA has provided digital security resilience including conducted training for civil society groups, HRDs and other democracy actors. Through the Level-Up programme, CIPESA has provided security support to 16 HRD organisations in Kenya, Ethiopia, Tanzania, South Sudan, and Uganda. 

The initiative helped to strengthen the participating entities’ organisational and information systems security capacity, entailed a Training of Trainers (ToT) component – which benefitted 19 individuals – to grow the network of individuals and organisations that offer digital security training and support to journalists, activists, and HRDs, and organisational security assessments. The training and support were delivered through innovative approaches to geographically distributed individuals that could not meet physically due to Covid-19 social distancing and travel restrictions.

The individuals trained in turn conducted safety and security training sessions which benefitted 120 staff of HRD organisations. The Level Up programme also conducted an assessment of organisational digital security needs and practices which informed the provision of hardware, software and security equipment to nine beneficiary organisations in four countries, and the development of organisational digital security policies.

“Several justice actors, both individuals and organisations, have fallen victims to cyber attacks, hacking, and online harassment, with some reporting loss of  their brand assets. It is therefore important to bolster their capacity, enhance their organisational practices, especially the implementation of security and safety measures related to digital and social media platforms usage by the organisations and their staff,” says Brian Byaruhanga, Technology Officer at CIPESA.

Supporting Impactful Digital Rights Advocacy and Communication

Digital rights advocacy and communication has become crucial in promoting human rights in Africa. Accordingly, CIPESA has over the years supported capacity development for CSOs, HRDs particularly WHRDs, and key duty bearers, to cultivate cross-country and cross-sectoral partnerships, and promoted joint advocacy and communications campaigns. 

In June 2022, CIPESA convened a regional advocacy and engagement training workshop in Lusaka, Zambia that brought together media, civil society and technology policy actors from 10 African countries – Ethiopia, Kenya, Malawi, Mozambique, Rwanda, South Africa, Uganda, Zambia, and Zimbabwe. The regional engagement equipped participants with a keen understanding of key digital rights trends in the region, alongside practical skills in impactful digital rights advocacy and communication.

Also in June 2022, CIPESA convened a digital rights policy advocacy webinar where participants shared their experiences, challenges and lessons learned in advocating for digital rights in Africa. Panelists were mainly drawn from the Africa Digital Rights Fund (ADRF) beneficiaries, a grant facility managed by CIPESA whose main purpose is to offer flexible and rapid response grants to select initiatives in Africa to implement activities that advance digital rights, including advocacy, litigation, research, policy analysis, digital literacy and digital security skills building 

In July 2021, CIPESA in partnership with the African Centre for Media Excellence (ACME), conducted an intensive training course on Digital Rights and Impact Communication for grantees of the ADRF. The training was preceded by a capacity and training needs assessment. The ADRF was launched in April 2019 to offer funding and capacity development to expand the pool of actors that advance digital rights in Africa, amidst rising digital rights violations.

These capacity building efforts serve to equip civil society actors with skills, knowledge, and tools to effectively engage in evidence-based advocacy as well as communicating digital rights issues. They inspire these actors to approach advocacy and communication systematically in order to increase the visibility of digital rights issues in different media and to promote public discussion of digital rights issues.

Building Capacity and Collaborations for Digital Rights Research

Evidence-based digital rights advocacy has become particularly crucial in Africa as a growing number of governments and powerful private actors continue to undermine citizens’ online rights through legal and extra-legal means. However, as the need for internet policy advocacy that is informed by research grows, it is essential to increase the amount and depth of research originating from, and relevant to, Africa. 

Over the last few years, CIPESA has responded by building capacity and enhancing collaborations for digital rights research among academia and CSOs. During the 2019 Forum on Internet Freedom in Africa (FIFAfrica19) in Addis Ababa, Ethiopia, CIPESA organised a Digital Rights Research Methods Workshop as one of the pre-events. The workshop was attended by 58 participants who included university lecturers, staff of international human rights organisations, digital rights researchers, activists, technologists, and lawyers.

The Ethiopian training built on the foundations of a five-day intensive training on internet policy research methods co-organised with the Annenberg School for Communications Internet Policy Observatory in 2018, which aimed to train, connect, and build collaboration between researchers, activists, academics and internet freedom advocates, and brought together 40 participants from 17 countries.

CIPESA has continued to build this capacity through additional training, and providing research and grant opportunities through the CIPESA Academic and Media Fellowships, which seek to nurture university students’ and early career academics’ understanding of ICT for governance, human rights and development, as well as enhance the media’s understanding of and coverage of ICT, democracy and human rights issues, respectively.

Digital rights continue to evolve alongside technological changes and advancement. CIPESA will continue to tap into the opportunity of skilling civil society personnel to facilitate knowledge building and enhance their capacity to continually engage in digital rights proactively and securely.

12Jan

A Section of Uganda’s Computer Misuse Act Outlawed! But, the Greater Part of the Law Remains Thorny

Author CIPESA Posted on

By Juliet Nanfuka |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) welcomes the ruling by Uganda’s Constitutional Court that section 25 of the Computer Misuse Act of 2011, which penalises “offensive communication”, is null and void. This section has severally been used by state authorities to silence dissent, and CIPESA has for long supported efforts to expunge it from the eastern African country’s key internet law.

On January 10, 2023, Uganda’s constitutional court ruled that section 25 of the Computer Misuse Act is inconsistent with the country’s constitution and called for an immediate halt to its enforcement, including for all cases being prosecuted or investigated. The court’s decision could bring to an end the utilisation of this problematic provision that has for a decade been weaponised to silence critics, political opponents and dissidents. The government can appeal the constitutional court’s decision to the Supreme Court within 14 days.

This week’s ruling is the result of a 2016 petition in which the litigants argued that section 25 was vague, violated civil liberties, and contravened constitutional guarantees. 

The law on computer misuse defines offensive communication as the “willful and repeated use of electronic communication to disturb or attempt to disturb the peace, quiet or right of privacy of any person with no purpose of legitimate communication whether or not a conversation ensues.” The offence is punishable by a fine not exceeding USD 130 or imprisonment not exceeding one year, or both. 

However, opponents of the law have argued that this provision is vague, overly broad and ambiguous. Further, they contended that the provision does not give a fair warning regarding what conduct is deemed illegal under the right and freedom of speech and expression pursuant to article 29(1)(a) of Uganda’s constitution.

In this week’s ruling, Justice Kenneth Kakuru, who wrote the lead judgement, stated that he  had determined that the words used under section 25 were “vague, overly broad and ambiguous.” According to the judge, what constitutes an offence is “unpredictable” and this gives the law enforcer the discretion to choose what qualifies as offensive. Justice Kakuru added that the provision “gives law enforcement unfettered discretion to punish unpopular or critical protected expression.” 

Section 25 of the Computer Misuse Act has severally been invoked to issue threats, effect arrests, detention, and prosecution of individuals over their online communications. 

The Computer Misuse Act has been previously used to suppress digital rights including free expression and access to information. For instance, academic and social critic Dr. Stella Nyanzi was arrested for insulting the president in a social media post. In 2019, she was convicted of cyber harassment contrary to section 24 of the Act but acquitted of offensive communications, which is proscribed under section 25. Other individuals who have suffered the wrath of the same law include former presidential aspirant Henry Tumukunde who was arrested over alleged treasonable utterances in radio and television interviews, the Bizonto comedy group who were arrested over alleged offensive and sectarian posts, and author Kakwenza Rukirabashaija who was arrested, detained and prosecuted over offensive communication against the president and his son. (Source: CIPESA Submits Comments on the Computer Misuse (Amendment) Bill, 2022 to Parliament )

Despite this progressive decision by the Constitutional court, the Computer Misuse Act will remain a key impediment to free expression and the enjoyment of digital rights, notably because of amendments made to the law in late 2022. Those amendments ambiguously prohibit the “misuse of social media,” sending or sharing of unsolicited information through a computer, and sending, sharing or transmission of malicious information about or relating to any person. These prohibitions, whose introduction was condemned by wide sections of Ugandan civil society, human rights defenders and some government officials, present a key curtailment of freedom of expression and access to information. 

Promoters of the amendments argued that existing laws did not “specifically address the regulation of information sharing on social media” or were “not adequate to deter the vice”. However, critics argued that efforts should instead have focused on addressing the existing retrogressive provisions in the law, notably those on “cyber harassment” and “offensive communication”. 

Accordingly, CIPESA alongside 13 civil society organisations and individuals filed a petition challenging those amendments. This followed CIPESA’s submission of comments and presentation of concerns before the Parliamentary Committee on Information and Communication Technology ahead of the enactment of the amendments. In those submissions, CIPESA argued that since its enactment, the Computer Misuse Act had been used to suppress digital rights including free expression and access to information and the proposed amendment would present a further blow to online civil liberties.

In its ruling, the constitutional court noted that, “In a democratic and free society, prosecuting people for the content of their communication is a violation of what falls within guarantees of freedom of expression in a democratic society.” The ruling is a step in the right direction in combating wanton limitations to digital rights in Uganda, where a flurry of technology-related laws were enacted in the wake of the 2010 Arab Spring during which users leveraged digital platforms and social media to build movements and mobilise public protests against their autocratic governments.

Besides the Computer Misuse Act, other laws enacted in Uganda during this time include the Regulation of Interception of Communications Act, 2010, the Electronic Signatures Act, 2011, and the Electronic Transactions Act, 2011, all of which variously interfere with digital rights including data privacy, access to information, and freedom of expression.

02Jan

Move Fast and Fix Policy: African Digital Rights Advocacy in an Era of Rapid Policy Change

Author CIPESA Posted on

By CIPESA Staff Writer |

Across Africa, the fast-evolving technology landscape has created pressure to adopt appropriate legislation to keep up with the pace of technological development. However, these efforts are being shackled by numerous challenges, including silo approaches to policy development, limited citizens’ inclusion in policy formulation, failure to harmonise stakeholder positions, ad hoc advocacy efforts by Civil Society Organisations (CSOs), and the failure to leverage the influence of private sector actors.

At the Forum on Internet Freedom in Africa 2022 (FIFAfrica22), digital rights activists and policymakers examined how existing processes and mechanisms that provide input into digital policies can be improved. In a panel session organised by the Centre for International Private Enterprise (CIPE), participants explored experiences and practical tips for policy engagement that upholds democratic values.

A key concern was that, on the one hand, Africa’s digital rights landscape has for years remained unregulated, leading to resistance to efforts to regulate it, and yet the absence of laws creates room for violation of rights online and abuse by state and non-state actors. On the other hand, where laws have been enacted, implementation and enforcement have been weaponised to target critics and dissent, as reflected in the continued infringement of rights online. This creates the need for proactive multi-stakeholder efforts in pushing back against regressive developments.

“While we should be [engaged] at the beginning of the process, we are ignored and when we enact a law, CSOs come to challenge it, yet if they involve us early enough, we would all be in agreement,” said Neema Lugangira, Member of Parliament from Tanzania and Chair of the African Parliamentary Network on Internet Governance (APNIG).

She noted that with a negative attitude towards each other, many parliamentarians question the motives of CSOs in pushing certain agendas and called for a change in approach. “I want to champion issues in which I have been involved. How do we make your agenda my agenda? You can scream whatever you want but you cannot get legislative change without working with Parliament,” said Lugangira. 

Indeed, Boye Adegoke from Paradigm Initiative reiterated that one of the pitfalls of policy advocacy was to adopt the angel/devil relationship approach. He added that many CSOs lack  adequate knowledge and skills to engage in policy processes. In turn, he called for more proactive efforts in tracking parliamentary debates and business related to digital policy and undertaking research to inform policy advocacy. 

Building alliances, including with the local business and the tech community, was also cited as critical to strategic support for policy influence. “When they [business and tech community] speak, they tend to be listened to and governments tend to respect their views,” said Nashilongo Gervasius, a Namibian technology policy researcher and founder of NamTshuwe Media.

Equally emphasised was the need to leverage the power and influence of private sector players  at international level, where the quality of policy negotiations by some African governments remains wanting,  as noted by Ayaan Khalif, the Co-Founder of Digital Shelter, a digital rights group in Somalia. Citing the example of the 15% tax agreement between OECD countries and multinational companies, Ayaan stated that African countries and CSOs must bring the continent’s big market potential to the “negotiating table” in order to tap into the multinationals’ revenue.

Away from negotiations, the need to increase inclusive participation in public policy processes was also stressed. As Khalif stated, “Holistic stakeholder involvement should clearly define those being involved, ensure that they are actually given the opportunity to make meaningful input and outline the issues being addressed”.

Ultimately, context remains paramount given that most countries on the continent are at different levels of democracy and what is possible in one may not be tenable in another. What is important is to understand the policy making ecosystem and respond appropriately. “Policy advocacy is about incremental wins. If you are not invited to the table you can bring your own chair to the table, or you can set up your own table and bring people to it,” concluded Adegoke.

30Dec

Towards Effective Biometrics and Digital Identity Systems in Africa

Author CIPESA Writer Posted on

By Victor Kapiyo |

In many countries across Africa, identity systems have largely been paper-based. It is estimated by the World Bank that at least 500 million people in Sub-Saharan Africa lack proof of legal identification. In order to bridge this gap, several countries have adopted some form of digital identity (ID) system for civil registration, including birth, national IDs, voting purposes, incorporating biometrics such as fingerprint, facial or iris recognition as a form of authentication. Indeed, the systems have gained popularity given their benefits as part of digital transformation journeys to promote accessibility, efficiency, and transparency in service delivery – in health, migration, education, social security, and elections. 

Within the last decade, Lesotho, Mozambique,  Tanzania, Uganda,  Zambia and Zimbabwe have introduced national biometric digital identity cards.  

Lesotho’s national ID has so far covered 85% of the eligible population. Mozambique has a digital ID card with a Unique Citizen Identification Number (NUIC), assigned during birth registration. This national identification number is used on NID cards, health cards, driver’s licenses, and passports. The country also has the National Immigration Service (SENAMI), for its immigration system for travel documents and residence permits; as well as the Electronic System for Civil Registration and Vital Statistics (e-SIRCEV) for civil registration.  Birth certificates are a prerequisite for obtaining NIDs. The NID is valid for five years for individuals below 40 years of age and valid for 10 years for individuals between the ages of 40 and 50 years.

Tanzania introduced its biometric national ID programme in 2013 and started issuing cards in 2016..  As of 2020, at least 22.1 million individuals or 80% of the adult population had been registered for the National Identification Number (NIN). Also, mandatory SIM card registration requires the collection of fingerprint data in addition to official documentation such as national identity cards, birth certificates, driver’s licenses or passports.

Zambia introduced its National Registration Card (NRC), in 2013. The USD 54.8 million Integrated National Registration Information System (INRIS) replaced the paper-based system introduced in 1965 and would issue biometric-based documents such as national registration cards, birth and death certificates, and facilitate voter registration. 

In the early 2000s, the  Zimbabwean government introduced biometric IDs by the then Registrar General, Tobaiwa Mudede, as a formalised transition to reportedly enhance issues of e-governance. Unfortunately, there was very limited publicity and awareness on this transition, as well as transparency about the tendering and procurement processes. In 2018, the government also adopted a biometric system for the registration of voters, and for the registration of civil servants in 2019. 

It is worth noting that these systems, despite their benefits, present risks which were previously not common in paper-based identity systems. Some common risks to digitalised personal data include data breaches, surveillance, misuse of personal information, unwarranted intrusion, and financial harm. These risks may be amplified in the absence of comprehensive policy, legal and institutional frameworks for privacy and data protection. Notably, even where laws exist, if they are weak, fragmented, outdated, poorly enforced, lack strong and independent oversight mechanisms, or fail to provide effective remedies, the risk of harm to the data collected is heightened. 

Also, the use of centralised databases, weak information-sharing safeguards, and the lack of transparency and accountability in the management of identity databases have been documented as loopholes that could inevitably create opportunities for abuse by state and non-state actors with access to the information. 

Furthermore, the incomprehensive implementation of biometric digital ID programmes could entrench digital exclusion and discrimination of vulnerable groups, such as the elderly and refugees, from accessing government services due to lack of a national ID as the case was in Uganda. In Zimbabwe, the country’s Human Rights Commission’s (ZHRC) inquiry into access to documentation revealed that there is often neglect and marginalisation of people living with disabilities and members of minority groups. In Mozambique for example, studies showed that citizens who live in remote areas are more at risk of exclusion than others, as they have to travel further, and possibly a number of times, to complete the registration, and thus, bear higher costs.

Currently, 30 African countries have enacted data protection laws and policies. One of the early adopters of data protection laws is Lesotho, which adopted its Data Protection Act, in 2011. Uganda adopted its Data Protection and Privacy Act in 2019. Zambia and Zimbabwe adopted their Data Protection Acts in 2021, while Tanzania adopted its Personal Data Protection Bill in 2022. However, not all these countries have adopted the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention). So far, only Mozambique and Zambia have signed the Convention and deposited the instruments of ratification. Lesotho, Tanzania, Uganda and Zimbabwe are yet to sign or ratify the convention.

Whereas having data protection laws is critical, African countries should also have in place appropriate policy, regulatory and institutional frameworks for the implementation of their digital identity programmes. Such frameworks are essential for fostering public trust and confidence in the use of digital identity systems, especially in the digital economy. 

However, enactment of the relevant laws and policies (including reviewing the existing ones) is just the first step in harnessing the dividends of biometrics and digital ID systems. States need to ensure that the implementation of digital ID systems meets certain thresholds.

  • Biometrics and digital identity systems should be user-centric, rights-respecting, privacy-respecting by default and by design, and secure throughout their lifecycle. 
  • Developers of such systems should anticipate and recognise potential privacy risks such as data breaches and fraud, and address them within the existing systems and frameworks. In addition, the developers should adopt a distributed and federated approach rather than a centralised approach. 
  • Further, there should be a clear governance framework, with independent oversight, well-defined roles and responsibilities, rules and standards. In addition, the systems should entrench accountability, including compliance with data protection laws and the conduct of data protection impact assessments (DPIAs). 
  • Countries should establish independent and robust oversight data protection bodies to regulate data and privacy protection including biometric data. The bodies should be given a commendable level of autonomy and facilitated sufficiently with the required resources to ensure that they function effectively, independently and with minimal external influence over their mandate.
  • In countries where digital identity systems were implemented prior to the enactment of data protection laws, the existing processes should be reviewed to ensure compliance with data protection laws. Key aspects to be considered include the conduct of DPIAs, review of data-sharing arrangements, compliance with data protection principles on consent, accuracy, purpose limitation, automated data processing, children, lawfulness, fairness and transparency, data minimisation, storage limitation, and security. 
  • In addition, countries should review the emerging best practices in the implementation of digital identity systems, learn from other countries and adopt those suitable for their context. 
  • Countries should build the capacity of government officials responsible for biometric digital ID systems, including data protection bodies, law enforcement, prosecution, regulators, and the Judiciary in effective data protection, with skills and knowledge in key principles of data protection and the rights of data subjects.
  • Programme implementation should proactively plan and ease the accessibility of services by the most vulnerable and marginalised groups – elderly, persons with disabilities, women, those in remote areas. This would include phased implementation of digital ID systems, wide distribution of enrollment centers in disability and poor-friendly environments, as well as cost waivers.  
  • Finally, stakeholder engagement and proactive disclosure of information relating to such programmes should always be integrated into the design and deployment of the programmes. 
1 18 19 20 21 22 158