Universal Periodic Review: Civic Groups Urge Burundi to Respect Free Expression

By Edrine Wanyama and Kesa Pharatlhatlhe |
The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) alongside Article 19, the East Africa Law Society, the Pan African Lawyers Union (PALU) and DefendDefenders have called for repeal of Burundi’s Penal Code and the 2015 Press Law to address provisions that undermine freedom of expression. In a submission to the third cycle of the Universal Periodic Review (UPR) of Burundi to be considered in January 2018, the five organisations highlighted the worsening situation for freedom of expression and association in Burundi since its last UPR in 2013.
The organisations stress the need for the Burundi government to reopen closed radio stations, create an enabling environment for media freedom, and refrain from attacks against journalists and critics. Additionally, the submission called for the establishment of an independent body to conduct thorough investigations into crimes of violence against journalists and opposition leaders.
The UPR submission covers the legal and regulatory framework on freedom of expression, including restrictions on press freedom, restrictions on freedom of assembly and association as well as freedom of information online and offline in the East African country.
Despite recommendations made to Burundi in the second cycle of the UPR to ensure that these rights are upheld in line with international standards, it continues to maintain a repressive regime. The government has enacted draconian legislation and severely curtailed citizens’ fundamental human rights and basic freedoms.
Article 31 of the country’s constitution guarantees the protection of freedom of expression but it has been undermined by the government’s restrictions on the media, failure to reform existing laws that violate freedom of expression such as the Penal Code Act, and the enactment of laws such as the 2015 Press Law that do not conform to international human rights standards.
In its second review, Burundi received numerous recommendations to safeguard journalists against violence and harassment and to guarantee that journalists and human rights defenders have the freedom to carry out their work independently and without fear of persecution, prosecution or intimidation. However, the country has failed to implement these recommendations. The situation is by the lack of an independent judiciary and law enforcement authorities that condone violations of these rights.
In the latest submission, it is highlighted that the media regulatory body – the National Communications Council (Conseil National de la Communication) lacks independence from the executive and wields broad powers to regulate all media. Additionally, access to information is limited due to the absence of an access to information law..
The submission notes continued efforts to control and limit the online flow of information. It cites cases of government-initiated internet blockages and the arrests of social media users. Further, the introduction of mandatory SIM card registration leaves user information vulnerable to abuse in the absence of a data privacy and protection law.
The report notes that there remain restrictions to freedom of assembly and association including limiting opportunities to demonstrate against the ruling party. Towards the end of 2013, Burundi enacted Law 1/28 to, regulate public demonstrations and assemblies, which contravenes the country’s ’s constitutional guarantees under Article 19 and 32.
The report also notes that the Burundi government has failed to fully implement freedom of assembly and association as outlined in the International Covenant on Civil and Political Rights to which it is party.
The submission thus echoes recommendations made in the previous UPR round in 2013 and calls for legal reform in the areas of press freedom, freedom of expression and access to information. Additionally, the submission urges Burundi to refrain from blocking access to social media platforms and to repeal legislation on SIM card registration which violates privacy and freedom of expression.
Echoing the 2013 submission, there is also a call for private media establishments shut down by the government to be reopened. The submission also calls for the immediate release of journalists who are in detention and an end to the harassment and persecution of journalists and human rights defenders. This is in the wake of the 2016 indefinite suspension of operating permits of five civil society organisations and five media organisations, including the Burundi Union of Journalists. Additionally, the submission calls for an independent body to regulate the communications sector, in accordance with international and regional freedom of expression standards.
The report calls for the enactment of a right to information law so as to enhance transparency and accountability in governance.
Read the full submission here.

The Growing Trend of African Governments’ Requests for User Information and Content Removal From Internet and Telecom Companies

Policy Brief |
The relationship between communications service providers, users and governments with regards to data protection, requests of user information and content take downs is increasingly taking centre stage in discussions around free, open and secure use of digital technologies.
In February 2017, Millicom issued its second Law Enforcement Disclosure Report. Millicom’s report is one of many by private companies aimed at promoting transparency and accountability, through periodically publishing reports detailing information on government requests for user data, content removals, and compliance with those requests.
Google is credited with being the first internet company to publish a transparency report back in 2009, followed by Twitter in 2012. Facebook and Yahoo have published reports since 2013. Vodafone and Orange were among the first telecommunications companies to publish transparency reports, both in 2014.
These reports have become vital to understanding censorship, surveillance and more importantly the commitment of service providers to protecting the privacy of their users and promoting freedom of expression online. Based on the reports alone, it remains unclear what the true extent of governments’ surveillance of citizens’ communications and censorship of content across the world is. Nonetheless, the reports indicate a growing trend among countries, including African governments, of requests for subscribers’ data and content removal.
On the social media front, from five African countries being listed by Facebook among those that requested users’ details in the first half of 2013, the number on the continent has grown to 18 as at the end of 2016. Meanwhile, requests to remove content from Google have also grown from only Libya in 2010 and 2011, to four African countries in 2016 alone. Twitter, which only received one user information request from South Sudan in 2012, has since gone on to receive requests from an additional four countries on the continent. The countries which have consistently made requests for user information to Google, Facebook and Twitter include South Africa, Nigeria, Sudan, Kenya and Egypt.
In telecommunications, figures are scanty as only four companies operating in Africa issue transparency reports – one of which, MTN, does not disclose any statistics while Vodafone’s extent of disclosure is limited due to legal provisions in some of its countries of operation that prohibit publishing of such information. Even then, user data requests from five African governments to Millicom have increased from 5,000 in 2015 to nearly 7,000 in 2016. Requests to Orange from the 20 African countries where it had operations as at the end of 2016 have tripled in the past three years – from 22,930 in 2014 to 67,718 in 2016.
In this brief, we provide a summary of the user data and content removal requests which governments in Africa have made to select internet and telecommunications companies in recent years.
 
 

Join us at the Forum on Internet Freedom in Africa 2017 (FIFAfrica17): Register Today!

#FIFAfrica17 |
It is closing in yet again on that time of the year when we convene to explore the many aspects of online rights at the Forum on Internet Freedom in Africa (FIFAfrica).  Between September 27 and 29, 2017 we converge in Johannesburg, South Africa to share ideas, experiences and insights as we continue to build the movement for #InternetFreedomAfrica!
Register and join those who already have set their sights on joining us at #FIFAfrica17 as we continue to advocate for an internet that is free, secure and open. We have received many session proposals and suggestions but are still open to receiving a few more. As you register, you are still welcome to add your suggestion – we’ll try our best to find a way of addressing the topics you raise. Successful session proposals will be listed on the Forum webpage on August 10, 2017.
Travel Support
Last year we received over 400 applications for travel support of which we were able to support less than one-fifth of the applicants. Our vision is to have a Forum with representation from as many countries in Africa as possible. As part of the registration process, we make room for interested participants to submit an application for travel support.
Exhibit at #FIFAfrica17
Participation in the Forum takes various forms. Some want to talk, others want to listen and some want to show what they do. We are expanding exhibition space at the Forum and are thus inviting proposals from individuals,organisations and companies who wish to showcase their work, projects and products at #FIFAfrica17. The exhibition opportunity is free but we encourage a voluntary contribution to enable us ensure that the #FIFAfrica17 experience is as insightful as it is memorable. Please follow this link and let us know your exhibition idea.

#FIFAfrica17 is co-hosted by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the Association for Progressive Communications (APC)
 

What African Countries Can Learn from European Privacy Laws and Policies

By Edrine Wanyama |
The General Data Protection Regulation (GDPR) came into force in the European Union (EU) in May 2016. The 28 EU member states have until May 2018 to apply the Regulation to existing national laws to ensure the protection of citizens with regard to the processing of personal data and its transfer within the EU and beyond.
In Africa, only 14 countries (Angola, Benin, Burkina Faso, Mali, Gabon, Ghana, Ivory Coast, Lesotho, Madagascar, Morocco, Senegal, South Africa, Tunisia and Zimbabwe) have enacted data protection and privacy laws. Others, including Kenya, Niger, Nigeria, Tanzania and Uganda, have bills that are yet to be passed into law.
Whereas a continent-wide convention on Cyber Security and Personal Data protection was adopted by the African Union back in 2014, only eight countries (Benin, Chad, Congo, Guinea-Bissau, Mauritania, Sierra Leone, Sao Tome & Principe and Zambia) are signatories and only one (Senegal) has ratified the convention.
Meanwhile, as part of efforts to ensure data protection within the different regional blocs, the Southern African Development Community (SADC) has developed a model law on data protection while as of 2010, the Economic Community of West African States (ECOWAS) had the  Supplementary Act A/SA.1/01/10 on Personal Data Protection Within ECOWAS. Unlike its regional bloc counterparts in the south and west, the East African Community (EAC) has not adopted legislation on data protection and privacy – it only has a Framework for Cyberlaws which calls for member states to enact laws that protect personal data.
Meanwhile, some of the proposed and existing national laws fall short of comprehensively protecting data and privacy. For instance, Uganda’s Data Protection Bill, 2015 and Ghana’s Data Protection Act, 2012 lack succinct clauses on key areas such as notification of breach and data portability, and also have limitations on the right to access, among others. Despite this, mass collection of personal data continues across the continent, leaving the majority of Africans vulnerable to the violation of their data privacy.
This contrasting state of affairs formed part of the discussions at a July 2017 convening of lawyers, government officials, civil society representatives, academics, and students at the Institute for Information Law at the University of Amsterdam for a five-day training course on issues pertaining to privacy and data protection law relate to the internet and electronic communications.
For over 60 years, the European Convention on Human Rights (1950) has functioned as the framework to guarantee the right of privacy for private and family life. More recently, the European Charter of Fundamental Rights, 2000 has reinforced this right. These instruments are the basis of the robust protections provided for under the GDPR. In Africa similar frameworks which address privacy are less than 15 years old, such as the Declaration of Principles on Freedom of Expression in Africa (2002) (Part V), the  Resolution on the Right to Freedom of Information and Expression on the Internet in Africa – ACHPR/Res. 362(LIX) 2016, and the civil society led African Declaration on Internet Rights and Freedoms.
However, where European instruments have been largely endorsed and supported by member states, many African instruments still struggle to gain similar recognition by member states.  As in the EU, African countries need to uphold the principles laid down in these instruments towards the recognition and enforcement of citizens’ right to privacy and data protection.
Further, per the GDPR, European states are required to establish Data Protection Authorities (DPAs) to ensure that safeguards are in place to protect user data including across different jurisdictions. African states should embrace similar measures to guard against infringement on citizens’ privacy.

Data Protection Authorities are mandated to independently monitor, raise awareness, handle complaints and conduct investigations, among others, to uphold personal data protection.

Overall, the course highlighted the need for a robust privacy regime across the world to ensure that citizens enjoy due protection of their online data. It also highlighted the need for more efforts in citizen sensitisation on data protection and privacy alongside better frameworks in the African context to support these rights.
CIPESA participated in the course together with representatives from Ohio State Moritz College of Law and Capital University Law School; Global Privacy Practice, Covington & Burling; Institute for Information Law, University of Amsterdam; Berkeley Center for Law & Technology, UC Berkeley School of Law; Dutch Data Protection Authority; and the Washington University Law School, among others.
There are lessons for Africa to learn from the European experience, including the establishment of state and regional mechanisms that strengthen data protection frameworks. However, it is integral that more African countries enact data protection laws, and for countries that have with this law, it should be implemented with oversight from independent bodies as more user data is generated and stored online.
 
 

Promoting Youth Participation in Governance Through ICT in Kenya

By Tracy Kadesa |
Youths have emerged at the forefront of online activism and citizen journalism in Kenya. During a December 2016 to March 2017 strike by doctors, young doctors shared their grievances online, ranging from lack of resources in government hospitals to inadequate staffing and poor compensation. One of the stories was that of Dr. Ouma Oluga, the secretary general of the Kenya Medical Practitioners, Pharmacists and Dentists Union, who shared how he had to perform a caesarean section using a torch on his mobile phone due to a power outage. He was only 27 at the time.
Ahead of Kenya’s elections scheduled for August 2017, there have been increased calls for young Kenyans to participate in related processes and vote as a means of positively influencing concerns such as the high rates of unemployment. According to a 2016 World Bank report, Kenya has among the highest youth unemployment rates in Africa.
Against this background, on May 9-10, 2017, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) convened 30 youth and civil society activists to explore rights and responsibilities, as well as effective and secure ways to engage in the country’s governance processes including through ICT.
The workshop raised awareness about various ICT-based initiatives that have given Kenyan youths an opportunity to regularly discuss issues and analyse the manifestos of candidates running for elective posts. For instance, SiasaPlace runs weekly Twitter chats using #SiasaWednesday with the aim of amplifying women and youth voices. Siasa Place is a hub and co-working space that is passionate about engaging youth and women on civic agency.
Tribeless Youth is another vibrant movement that uses Twitter to engage youth in governance. Ongoing discussions facilitated by #TribelessYouth include #MeetTheNewCandidates where first-time political candidates, mostly youthful ones, are given an opportunity to present what they plan to deliver if elected come August.
Other youth-led initiatives that participated in the workshop included Fatuma’s Voice, a youth empowerment organisation, and Centre for Public Engagement & Social Economic Affairs Kenya (CPESEAK), which works on promoting youth participation in social accountability. Irungu Houghton of Society for International Development; Kenya Dialogues Project (KDP) participated as guest speaker and highlighted KDP’s commitment to advancing youth leadership in Kenya.
The workshop also explored government efforts to motivate the youth to participate in the August 2017 general elections through an initiative dubbed Y-VOTE (Youth Vote). The initiative spearheaded by the Independent Electoral and Boundaries Commission (IEBC) in partnership with the International Foundation for Electoral systems (IFES) leverages social media and on-ground activations to mobilise 18-29 year olds to vote come August 8. The campaign was launched on June 20, 2017 and run to late July.
Participants in the workshop explored ways of leveraging the various civic agency and elections-related initiatives to exercise their rights but also champion a peaceful electioneering period through online activism. Furthermore, discussions entailed digital safety tools and practices to facilitate secure communications.
The participants agreed that they were “no longer leaders of tomorrow but of today” and it was therefore their duty to zealously participate in governance processes towards improved livelihoods. See more insights in video below.

The youth in governance in Kenya workshop was organised in the context of the ICT4Democracy in East Africa initiative which is aimed at leveraging ICT to promote civic participation, democratic governance and respect for human rights.