Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Access to information

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Access to information
09Feb

Building Digital Safety and Agency for Young Women in Somalia

Author CIPESA Posted on

By Digital Shelter |

Digital inclusion is often framed as access and numbers – how many people are trained, device ownership, and how many users are connected. In Somalia, however, the reality is far more complex. While recent data suggest that internet penetration has reached approximately 55 percent of the population, and there are over 10 million internet users, social media adoption remains low and skewed toward male users, with women constituting a smaller proportion of those who are online.

Meanwhile, the political and civic space remains constrained. Due to protracted conflict, fragmented governance and insecurity, Somalia is classified as “Not Free” in global democracy assessments. The country also ranks near the bottom in press freedom indices, with journalists and media houses facing threats, harassment, arbitrary closures, and censorship pressures, particularly in conflict-affected regions, making open expression online and offline perilous.

Young Somali women are joining digital spaces shaped by these fragile conditions, coupled with unequal power relations and persistent safety concerns. Many are navigating unstable job markets, expectations to contribute to family livelihoods, and social norms that continue to question women’s visibility and voice, both online and offline. In such a context, digital upskilling is not merely technical but rather deeply social, economic, and political. If approached narrowly, it risks reproducing existing exclusions by focusing only on tools and outputs.

The Digital Skills for Girls (DS4G) programme by Digital Shelter is designed with this in mind, treating digital skilling and inclusion not as isolated competencies but as entry points into broader questions of participation, agency, and voice within Somalia’s evolving digital ecosystem. Combining practical digital skills, digital safety and rights awareness, DS4G has supported 35 women and girls, conducted monthly meet ups and stakeholder engagements to empower young Somali women.

With initial funding from AccessNow in 2024, the US funding cuts affected the continuity of DS4G. A discretionary award under the Africa Digital Rights Fund (ADRF) – an initiative of the Collaboration on International ICT Policy for East and Southern Africa (CIPESA)—supported continued implementation through 2025.

As noted by Ali, “At a time when many organisations were forced to scale back activities due to funding instability, CIPESA’s discretionary support allowed Digital Shelter to remain operational and responsive, ensuring that young women continued to access skills and learning spaces designed to support meaningful participation in digital, social and civic life”. He added that through DS4G, Digital Shelter had strengthened its role as a trusted, women-centered digital rights actor with a replicable programme model.

The DS4G’s sessions included graphic design, personal branding, emerging technologies, data protection and privacy, online threats and risks, and career development. A key component of DS4G was the Cyber Safety for Women event, which reinforced digital safety as a collective concern. The event featured a documentary screening on lived digital experiences and panel discussions on gender, online safety, and participation.

“DS4G recognised that technical skills alone are insufficient unless young women are also equipped to navigate digital environments safely, communicate confidently and position themselves for future opportunities,” said Digital Shelter’s Executive Director, Abdifatah Ali.

According to Digital Shelter, the inclusion of graphic design in the DS4G programme was a strategic one. The team argues that sitting at the intersection of creativity, communication, and influence, design shapes how information is interpreted, whose stories are amplified, and which messages gain traction. For the participants of DS4G, many of whom were students or recent graduates, it offered an accessible entry into digital work.

“As the training progressed, participants moved beyond executing tasks to interrogating purpose and impact, asking who messages are for, what they communicate, and how design can support causes, campaigns, and community conversations,” said Ayan Khalif, Digital Shelter’s Program Manager.

Indeed, participant feedback reflects positive outcomes – both skills acquisition and agency. “Before this project, I used social media without thinking much about safety. Now I understand how to protect myself online and how important digital security is for women like us,” said one participant. As part of reflection exercises, participants explored how design could support community initiatives, advocacy efforts and communicate messages. Another participant stated, “The monthly meetups helped me gain confidence. Speaking in front of others was difficult at first, but now I feel more comfortable expressing my ideas.”

The DS4G initiative has empowered a cohort of young women to navigate digital spaces with confidence and security, equipped with skills to exploit economic opportunities, advocate for change, and engage safely and confidently in community affairs.

04Feb

Why Data and AI Governance Are Central to Africa’s Digital Trade Ambitions

Author CIPESA Posted on

By CIPESA Writer |

Digital technologies are changing how African businesses trade and connect across borders. However, digital trade on the continent remains hugely constrained, including by regulatory fragmentation, infrastructure gaps, and bureaucratic hurdles. How then should African countries leverage the growing digitalisation and emerging technologies such as Artificial Intelligence (AI) to boost their digital economies?

According to the World Trade Organization (WTO), in 2024, Africa’s exports of digitally delivered services (DDS) were valued at USD 41.3 billion, representing just one percent of global exports. Nonetheless, the continent’s prospects are promising. The WTO and the World Bank project that greater use of digital technologies could boost Africa’s digital services exports by USD 74 billion between 2023 and 2040, doubling Africa’s share of global exports.

Evidently, if African countries do not address existing barriers and take decisive action, the continent risks becoming an even more marginal player in the global digital trade ecosystem. How to bridge the barriers and leverage data and AI to shape digital trade and Africa’s economic future was at the centre of discussions at the African Economic Research Consortium (AERC) Summit 2025, held in Nairobi, Kenya, last December.

A panel on digital trade and the governance of digital and AI economies, where the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) featured, stressed that, although frameworks such as the African Continental Free Trade Area (AfCFTA) Digital Trade Protocol are a step in the right direction, they could fail to significantly grow digital trade if member states lack enabling data and AI governance systems and practices.

Today, DDS account for approximately 35% of Africa’s total services export value, and have been rising at a double-digit rate, outpacing growth in other regions globally. However, growth in digital services trade remains uneven, concentrated in a handful of countries, mostly South Africa, Morocco, Ghana, Egypt, and Mauritius. Kenya, Nigeria and Tunisia are also notable players but with lower export values than the leading African countries.

Regional initiatives such as the AfCFTA Digital Trade Protocol can help to expand digital trade beyond domestic markets, including in countries that currently lag. The protocol, which was adopted two years ago, aims to harmonise rules for cross-border digital trade across Africa, including on electronic transactions, data governance, and digital payments. Meanwhile, the African Guidelines on Integrating Data Provisions in Protocols on Digital Trade of 2024, emphasise harmonised data governance as an enabler of secure and inclusive digital trade across Africa.

The African Union Data Policy Framework (AUDPF) similarly provides for interoperable data ecosystems across the continent, that are enabled by harmonised laws that support both innovation and rights protection. The various regional efforts support the dream of a Digital Single Market by 2030, as envisaged by the Africa Digital Transformation Strategy of the African Union.

The Galore of Barriers

The region currently lacks an operational continent‑wide harmonised framework for data protection, e‑commerce regulation, digital taxation, or AI governance. This gap raises compliance costs and presents a barrier to businesses that aim to scale operations across borders. This undermines cross‑border digital trade and data flows. Moreover, lack of regulations for paperless trade, including on electronic invoicing, e-signatures and e-contracts, presents an additional hurdle.

On the other hand, high taxes on goods, services, data, and devices drive up costs for businesses, yet several entrepreneurs struggle to access affordable digital financial services, including for effecting cross-border payments. These challenges are made worse by low internet speeds, unreliable electricity supply, as well as weak understanding of export regulations, data protection, and cybersecurity.

Addressing these barriers would offer entrepreneurs a range of benefits. Businesses can reach new customers beyond national borders without investing much in physical export infrastructure, which can reduce costs and expand their market reach. Also, interoperable digital payments can help to minimise settlement delays and overcome currency conversion hurdles.

Priorities on AI and Data Governance

Projections by a WTO 2025 report show that AI could boost the value of cross-border flows of goods and services by around 40% by 2040, due to productivity gains and lower trade costs. However, Africa’s readiness for AI regulation and uptake, particularly by small and medium enterprises, remains low. The WTO report points to AI’s potential to reduce logistics costs, overcome language barriers, ease regulatory compliance, and boost productivity.

In a March 2025 survey among firms from across the world, the most cited benefits of AI were improved trade efficiency (22%), optimised trade decision-making (14%), expanding the foreign customer base (10%), enhanced supply chain management (9%), and broader import and export product ranges (9% and 8% respectively).

How data and AI are governed is therefore key for the future of Africa’s digital economy. If African countries do not put in place robust and harmonised legislation, they will risk perpetuating patterns of the so-called “AI colonialism” in which African data and users fuel global AI markets yet their economies do not receive proportionate economic benefits. Many African countries are adopting AI in the public and private sectors but lack comprehensive AI-specific laws and governance frameworks and often rely instead on outdated laws that pre-date the current technologies.

The State of Internet Freedom in Africa 2025 report calls for human‑centred AI laws that ensure transparency in algorithms, clear accountability, and effective mechanisms for liability and redress. The report urges governments to strengthen independent AI and data oversight institutions, invest in digital infrastructure and inclusion, expand internet access, and ensure AI tools serve local languages. The report also highlights that Africa’s AI market is projected to grow from USD 4.51 billion in 2025 to USD 16.5 billion by 2030.

Africa thus urgently needs cross-border data governance frameworks that support trusted data flows, reduce fragmented national rules, and establish interoperable standards to boost regional digital trade under initiatives such as AfCFTA and the AUDPF. At the same time, investments in affordable connectivity, local cloud capacity, public digital platforms, and datasets in African languages are essential.

The Role of Civil Society and Think Tanks

The Summit discussion stressed the urgent need for research to inform policy, particularly on cross-border data flows, AI adoption, and ways for Africa to avoid new forms of dependency while getting greater value from its data and digital innovation.

Also essential is civil society engagement in monitoring the implementation of continental digital trade and data initiatives, supporting harmonisation of policies and standards, and building the capacity of policymakers, regulators, and businesses.

Actions to Grow Digital Trade in Africa

  • Embrace digital transformation and connectivity by investing in robust networks and backup systems.
  • Implement robust cyber security frameworks while ensuring effective cyber leadership and prioritising investments in cyber infrastructure, skilling, awareness.
  • Recognise data as a trade enabler by ensuring trade agreements have provisions that prevent unnecessary restrictions on data flows.
  • Harmonise data protection standards to reduce compliance costs for businesses and build trust among different stakeholders.
  • Adopt and implement Intellectual Property (IP) laws to ensure that local innovators and individuals in the region benefit.
  • Build robust digital infrastructure with a focus on Digital Public Infrastructure (DPI) and data privacy.
  • Assess and address the impact of emerging technologies like artificial intelligence, blockchain and IoT, ensuring they foster innovation and address ethical challenges.

Source: CIPESA – Policy Considerations for Enhancing Digital Trade in East Africa

29Jan

Data Protection Officers Convene to Strengthen Privacy Leadership on International Data Privacy Day

Author CIPESA Posted on

By Anitah Ahebwa |

Data Protection Officers (DPOs) from across the country gathered at Four Points by Sheraton, Kampala, on Wednesday, 28 January 2026, for a masterclass aimed at strengthening strategic data protection leadership. Organised by the Personal Data Protection Office (PDPO) in partnership with the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), the event marked the annual International Data Privacy Day and focused on helping DPOs balance compliance, risk, and business needs within their organisations.

While giving opening remarks at the masterclass, Baker Birikujja, the National Personal Data Protection Director, highlighted the everyday realities of personal data protection.

“Some of the most damaging privacy incidents do not begin with hackers,” he said. “They begin with a printed report left on a desk, a patient file discussed in an open corridor, an unlocked cabinet, or a phone call handled without discretion. Personal data exists not only online, but on paper, in recordings, photographs, CCTV footage, and everyday conversations and it deserves the same discipline and respect wherever it sits.”

He added that modern privacy management is not merely a file of policies. “It is a system of decisions, behaviors, controls, and accountability,” he said, noting that effective data protection requires attention to both digital environments such as databases, apps, and cloud services, and physical or offline environments, including paper records, filing systems, CCTV, and call recordings.

Edrine Wanyama, Programme Manager Legal at CIPESA, noted that the partnership with the PDPO was driven by a shared commitment to building strong and effective collaborations in data governance and protection. “We believe in building good partnerships, and we have actively leveraged and worked through these processes to buttress efforts,” he said. He added that data protection is central to CIPESA’s work.

He further noted that marking International Data Privacy Day through the workshop was intentional, explaining that the masterclass was designed to enhance knowledge of Data Protection Officers and build their capacity to effectively respond to emerging data protection risks and take appropriate actions

Edrine Wanyama, Programme Manager, Legal at CIPESA, explained why CIPESA partnered with PDPO; “We believe in building strong partnerships and have leveraged these collaborations over time. Data protection is central to what we do, and data is critical because it relates directly to individuals.”

He also highlighted that the timing of the masterclass on International Data Privacy Day was intentional. He noted that the workshop was designed to bring Data Protection Officers together to not only acquire knowledge but also build their capacity to effectively do their work.

The masterclass featured three key sessions. The first explored the evolving role of the DPO as a strategic advisor, covering legal mandates, independence, and repositioning from a compliance officer to a trusted advisor. The second session focused on applying a risk-based approach to data protection, helping DPOs identify high-risk processing activities, prioritise compliance actions, and use risk assessments to guide management decisions. The final session addressed balancing compliance, risk, and business needs, equipping DPOs with strategies to advise leadership in clear business language, support innovation, and document recommendations effectively.

The sessions come against a backdrop of broader challenges for DPOs in Uganda. A recent PDPO training needs assessment conducted by the PDPO in November 2022, revealed that around 90.6% of DPOs lack formal certification in data protection and privacy, and only a small proportion have technical or legal backgrounds. Many officers are also less involved in core compliance tasks such as audits, breach reporting, and managing data protection complaints. These findings highlight the continued importance of professional development and knowledge-sharing forums like this masterclass.

By convening DPOs on International Data Privacy Day, PDPO and CIPESA emphasised the need for proactive privacy leadership in safeguarding personal data and maintaining public trust. Participants were equipped with practical tools to advise management, manage data protection risks, and integrate privacy considerations into organisational practices.

The masterclass is part of PDPO’s ongoing efforts to foster a culture of responsible data governance in Uganda, ensuring that personal data protection extends beyond regulatory compliance to build public confidence in the country’s growing digital economy.

Following the sessions, participants agreed on collective actions to:

  • Prioritise privacy-by-design and continually engage in robust cybersecurity practices aimed at protecting and securing individuals’ personal data.
  • Develop internal data protection policies to guide the implementation of data practices and ensure personal data protection.
  • Keep abreast of technological developments, including AI, and ensure minimisation of risks associated with it for progressive data protection.
  • Conduct staff and customer tailored trainings and raise awareness amongst them on data protection and the need to safeguard their data.
  • Ensure that as DPOs, they take on pivotal leadership over data protection to ensure compliance with the data protection principles and protection of data protection rights.
  • Hold all perpetrators of data breaches accountable for their actions in order to deter any further similar breaches by errant data controllers and processors.
  • Conduct regular data mapping and maintain up-to-date records of processing activities to understand what data is in their possession and how to rightly handle it in the changing technological and business spaces.
  • Foster collaboration across teams and recognise that privacy cannot be managed in isolation but through joint responsibility and efforts.
  • Recognise their central role in the compliance and reporting function to ensure the establishment of safeguards that protect their organisations from reputational, legal, and financial harms.

Please see an emerging press release here.

19Jan

CIPESA Condemns Ongoing Internet Disruption in Uganda

Author CIPESA Posted on

Statement |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) condemns the ongoing internet disruptions in Uganda and urges the government to immediately restore full access to social media platforms, blocked websites, and mobile money services. We further call upon the Government of Uganda to cease and desist from ordering internet throttling and blockages, which unjustifiably deny citizens the right to express themselves and to access, share and disseminate information. Internet disruptions further limit the public’s ability to conduct business, access public services, participate in community and civic affairs, socialise, and maintain contact with friends, family, and associates.

CIPESA joins numerous independent observers who have strongly condemned the disruptions to digital communications, including the Uganda Law Society, which has described the disruptions as unlawful. While the Uganda Communications Act (2013) grants powers to the national communications regulator, according to the Uganda Law Society, the Uganda Communications Commission (UCC) may order a blockage of communications following a formal declaration of a state of emergency. No such state of emergency was declared at the time the regulator ordered a nationwide shutdown two days before the January 15, 2026, polls. Government officials said the disruption was aimed at curbing the spread of online misinformation, electoral fraud, and incitement to violence in the lead-up to the elections.

As affirmed by the African Commission’s Special Rapporteur on Freedom of Expression and Access to Information, as well as global civil society organisations, governments must refrain from imposing network disruptions and instead address security or public order concerns through lawful, necessary, and proportionate measures. Indeed, internet shutdowns and restrictions are a disproportionate measure that violate Uganda’s constitutional guarantees and its regional and international human rights obligations, including those under the African Charter on Human and Peoples’ Rights.

Furthermore, CIPESA is concerned by the broader pattern of repression, including relentless attacks on civil society organisations. In the days preceding the elections, several organisations working on media rights, democratic governance, and human rights protection were suspended, in what appears to be a deliberate attempt to silence independent voices. This broader crackdown on civic space also included the arrest of human rights defender Sarah Bireete, Executive Director of the Centre for Constitutional Governance, further illustrating the shrinking environment for civil society and human rights work in the country.

A free, independent, and vibrant civil society is indispensable to any democratic society and should not be treated as government adversaries. The Government of Uganda should therefore recognise civil society organisations as legitimate and valuable partners in improving livelihoods, strengthening rights protection, and advancing democratic governance and socio-economic transformation.

Similarly, CIPESA urges the government to immediately cease attacks against journalists and media workers, particularly those from independent media houses and journalists who are critical of government actions. These violations, which have been widely documented by national and international actors, including the United Nations, undermine media freedom and the public’s right to access information, especially during electoral periods.

1 2 3 22