CIPESA Partners with AfricTivistes for the Forum on Internet Freedom in Africa 2024 (FIFAfrica24)

Announcement |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is pleased to announce a partnership with the Dakar-based AfricTivistes for the upcoming Forum on Internet Freedom in Africa 2024 (FIFAfrica24) set to take place on September 25-27, 2024 in Senegal. This partnership marks a significant milestone in ongoing efforts to advance digital democracy by both entities.

Established in 2015, AfricTivistes – the African League of Cyber-Activists and Bloggers for Democracy is a pan-African organisation that promotes and defends democracy, good governance and human rights through digital means. Across its programs, AfricTivistes works to foster digital transformation and enhanced citizenship in Africa led by change actors.

Indeed, AfricTivistes’ mission resonates with the goals of CIPESA and, ultimately, FIFAfrica, thus marking the foundation for an inclusive, informative, and responsive conference. Through its extensive network of actors, AfricTvistes brings to the Forum regional expertise and an in-depth understanding of advocacy and engagement for civic, social and political transformation.

“This partnership with CIPESA to organise a successful FIFAfrica is essential, as it will enable highlighting the state of participatory democracy in this region of Africa where it faces numerous challenges, and ultimately advance digital democracy by all stakeholders.”, noted Cheikh Fall, President of AfricTivistes.

The CIPESA-AfricTivistes partnership follows in FIFAfrica’s track record of galvanising multi-stakeholder efforts for shared strategies for advancing rights, participation and innovation online. Co-hosts of previous editions have included the Tanzania Ministry of Information, Communication and Information Technology (2023), the Zambia Ministry of Technology and Science (2022), Ministry of Foreign Affairs of Slovenia, Presidency of the Council of European Union (EU) 2021 (2021) and Paradigm Initiative (2020). The 2019, 2018 and 2017 editions of FIFAfrica were co-hosted with the Ethiopia Ministry of Innovation and Technology (MINT), Media Foundation for West Africa (MFWA) and the Association for Progressive Communications (APC), respectively.

This year, FIFAfrica24 – the first edition to be hosted in Francophone Africa – will serve as a key channel that feeds into the way ahead for digital rights in Africa and the role that different stakeholders need to play to realise the Digital Transformation Strategy for Africa and Declaration 15 of the 2030 Agenda for Sustainable Development. The Declaration notes that the spread of information and communications technology and global interconnectedness has great potential to accelerate human progress, to bridge the digital divide and to develop knowledge societies.

FIFAfrica24 objectives:

  1. Enhance Networking and Collaboration:  the Forum provides a platform that assembles African thought leaders and networks working on internet freedom from diverse stakeholder groups.
  2. Promote Access To Information: Since inception, FIFAfrica has commemorated September 28, the International Day for Universal Access to Information (IDUAI), creating awareness about access to information offline and online and its connection to wider freedoms and democratic participation.
  3. Practical Skills and Knowledge Development: The Forum features pre-event practical training workshops for various stakeholders on a range of internet freedom issues, including technical aspects of internet access, policy developments, digital resilience, and advocacy strategies.
  4. Showcase Advocacy Efforts: FIFAfrica provides a space for entities advancing digital rights to showcase their work through artistic installations, photography, reports, interactive platforms and physical stalls with organisational representatives.
  5. Connect Research to Policy Discussions: The annualState of Internet Freedom in Africa report, a themed report produced by CIPESA, has been launched at FIFAfrica since 2014. The report has served to inform policy and advocacy efforts around the continent.
  6. Strategic Networks: FIFAfrica has served as a platform for strategic meetings to be held, offering various African and global networks the opportunity to directly engage with each other and with the extended digital rights community.

We encourage all stakeholders, including policymakers, civil society organisations, technology experts, academics, and members of the media, to join us in Dakar, Senegal, for FIFAfrica24 in person or remotely. Registration is required and can be completed here.

For more information and updates, please visit www.internetfreedom.africa and stay tuned for announcements regarding the event including agenda and speaker line-ups.

Together with AfricTivistes, we are committed to fostering an environment where digital rights are upheld, and internet freedom is a reality for all Africans.

For further information contact [email protected].

CIPESA Joins Call Against Internet Shutdowns In Kenya During #RejectTheFinanceBill2024 Picketing

Statement |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has joined the Kenya ICT Action Network (LICTANET), Paradigm Initiative, and Internet Society Kenya Chapter in a call against internet shutdowns in Kenya during the ongoing #RejectTheFinanceBill2024 picketing.

The call states. “We strongly urge the Kenyan government to refrain from enforcing any Internet shutdowns or information controls in response to the ongoing protests against the Finance Bill 2024 through the hashtag #RejectFinanceBill2024. Such measures would infringe on the fundamental rights and freedoms of Kenyans as well as negatively impact Kenya’s economy, democracy, and reputation in the eyes of the international community.”

Kenya’s constitution and international human rights legislation safeguard the fundamental rights to freedom of expression, access to information, and picketing, which would be violated by internet shutdowns, censorship, and other information controls. By preventing citizens from engaging in public conversation and holding the government accountable, internet disruptions subvert democratic processes.

A blackout of the internet in Kenya will have disastrous economic effects for example:

  1. Kenya’s thriving e-commerce business would be severely disrupted. Kenya’s e-commerce market is predicted to reach US$801.4 million (Ksh 103 billion) by the end of 2024. The Internet Society’s Pulse NetLoss calculator estimates that a total Internet outage may cost Kenya’s economy Ksh 810 million (US$6.3m) in lost Gross Domestic Product (GDP) every day.
  2. Millions of Kenyans who depend on these services for daily transactions including banks, would be impacted by the paralysis of the mobile money industry, which includes M-Pesa, which handles over Ksh 6 billion transactions annually valued at over Ksh 6.4 trillion (US$50 billion).
  3. There would be major setbacks for Kenya’s digital startup sector, which attracted Ksh 141.3 billion (US$1.1 billion) in funding in 2022 and would cause investor confidence to decline.
  4. However short-lived, Internet disruptions affect many facets of the national economy and their effect persists far beyond the days on which access is disrupted. They carry reputational risk, hurt investor confidence, disrupt supply chains, and can discourage foreign direct investments (FDI).
  5. The tourism sector, which makes up a sizeable portion of Kenya’s GDP, would suffer because travelers rely mostly on internet connectivity to make reservations and obtain information.
  6. Furthermore, Internet shutdowns would hinder emergency services and access to vital information during crises. They would also damage Kenya’s reputation as a hub for technology and innovation in East Africa, as well as Africa’s Silicon Savannah.

The #FinanceBill2024 has already encountered strong opposition, and in particular, using digital activism. This has prompted the Kenya government to withdraw several contentious clauses. This illustrates the value of having open lines of communication between the public and the government and the influence that public discourse may have.

We urge the government to respect democratic values, have an honest conversation with demonstrators, and answer their concerns transparently.

A peaceful resolution of the current crisis and the maintenance of Kenya’s democratic and economic development depend on keeping lines of communication open and protecting and prioritizing Internet access.

For any clarification and media briefing, contact [email protected]

The ADRF Awards USD 134,000 to 10 Initiatives to Advance Tech Accountability in Africa

Announcement |

The grant recipients of the eighth round of the Africa Digital Rights Fund (ADRF) will implement projects focused on Artificial Intelligence (AI), hate speech, disinformation, microtargeting, network disruptions, data access, and online violence against women journalists and politicians. The work of the 10 initiatives, who were selected from 130 applications, will span the breadth of the African continent in advancing tech accountability.

“The latest round of the ADRF is supporting catalytic work in response to the urgent need to counter the harms of technology in electoral processes,” said Ashnah Kalemera, the Programmes Manager at the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) – the administrators of the Fund. She added that for many of the initiatives being supported, tech accountability was a new area of work but the various projects’ advocacy, research and storytelling efforts would prove instrumental in pushing for tech justice

Established in 2019 as a rapid response and flexible funding mechanism, the ADRF aims to overcome the limitations of reach, skills, resources, and consistency in engagement faced by new and emerging initiatives working to defend and promote rights and innovation in the face of growing digital authoritarianism and threats to digital democracy in Africa. The sum of USD 134,000 awarded in the latest round, which was administered by CIPESA in partnership with Digital Action, brings to USD 834,000 the total amount awarded by the ADRF since inception to 62 initiatives across the continent.

According to Kalemera, the growth in the number of applicants to the ADRF reflects the demand for seed funding for digital rights work on the continent. Indeed, whereas the call for proposals for the eighth round was limited to tech accountability work, many applicants submitted  strong proposals on pertinent issues such as digital inclusion, media and information literacy, digital safety and security, surveillance, data protection and privacy, access and affordability – underscoring the cruciality of the ADRF. 

Here’s What the Grantees Will be Up To

In the lead-up to local government elections in Tanzania, Jamii Forums will engage content hosts, creators and journalists on obligations to tackle hate speech and disinformation online as a means to safeguard electoral integrity. In parallel, through its Jamii Check initiative, Jamii Forums will raise public awareness about the harms of disinformation and hate speech.

Combating hate speech and disinformation is also the focus of interventions supported in Senegal and South Sudan. Ahead of elections in the world’s youngest nation, DefyHateNow will monitor and track hate speech online in South Sudan, host a stakeholder symposium in commemoration of the International Day for Countering Hate Speech as a platform for engagement on collective action to combat hate speech, and run multi-media campaigns to raise public awareness on the harms of hate speech. Post elections in Senegal, Jonction will analyse the link between disinformation and network disruptions and engage stakeholders on alternatives to disruptions in future elections.

In the Sahel region, events leading up to coups in Chad, Burkina Faso, Mali and Niger have been characterised by restrictions on media and internet freedom, amidst which disinformation and violent extremism thrived. As some of the states in the region, notably Burkina Faso and Mali, move towards an end to military rule and head to the polls, the Thoth Media Research Institute will research disinformation and its role in sustaining authoritarian narratives and eroding human rights. The learnings from the research will form the basis of stakeholder convenings on strategies to combat disinformation in complex political, social, and security landscapes. Similarly, Internet Sans Frontières (ISF) will study the role of political microtargeting in shaping campaign strategies and voter behaviour, and the ultimate impact on the rights to privacy and participation in Mali. 

In South Africa, the Legal and Resources Centre (LRC), will raise awareness about the adequacy and efficacy of social media platforms’ content moderation policies and safeguards as well as online political advertising models in the country’s upcoming elections. The centre will also provide legal services for reparations and litigate for reforms related to online harms.

A study has found that Africa’s access to data from tech platforms, for research and monitoring electoral integrity, was below that in Europe and North America. Increased access to platform data for African researchers, civil society organisations, and Election Management Bodies (EMBs) would enable a deeper understanding of online content and its harms on the continent, and inform mitigation strategies. Accordingly, the ADRF will support Research ICT Africa to coordinate an alliance to advocate for increased data access for research purposes on the continent and to develop guidelines for ethical and responsible access to data to study elections-related content.

The impact of AI on the information ecosystem and democratic processes in Africa is the focus of two grantees’ work. On the one hand, the Eastern Africa Editors Society will assess how editors and journalists in Kenya, Uganda, Tanzania and Ethiopia have adopted AI and to what extent they adhere to best practice and the principles of the Paris Charter on AI and Journalism. On the other hand, the Outbox Foundation through its Thraets initiative will research the risks of AI-generated disinformation on elections, with a focus on Ghana and Tunisia. The findings will feed into tutorials for journalists and fact checkers on identifying and countering AI-generated disinformation as part of elections coverage, and awareness campaigns on the need for transparency on the capabilities of AI tools and their risks to democracy. 

Meanwhile, a group of young researchers under the stewardship of the Tanda Community-Based Organisation will research how deep fakes and other forms of manipulated media contribute to online gender-based violence against women journalists and politicians in the context of elections in Ghana, Senegal, and Namibia. The study will also compare the effectiveness of the legal and regulatory environment across the three countries in protecting women online, hold consultations and make recommendations for policy makers, platforms  and civil society on how to promote a safe and inclusive digital election environment for women.

Past and present supporters of the ADRF include the Centre for International Private Enterprise (CIPE), the Ford Foundation, the Swedish International Development Cooperation Agency (Sida), the German Society for International Cooperation Agency (GIZ), the Omidyar Network, the Hewlett Foundation, the Open Society Foundations, the Skoll Foundation and New Venture Fund (NVF).

Does Kenya’s Digital Health Act Mark A New Era for Data Governance and Regulation?

By Edrine Wanyama |

In October 2023, Kenya enacted the Digital Health Act which seeks to promote the safe, efficient and effective use of technology for healthcare and to enhance privacy, confidentiality and security of health data. It also provides for the safe transfer of personal, identifiable health data and medical records to and from health facilities within and outside Kenya, and the development of standards for provision of m-Health, telemedicine, and e-learning.

While Kenya enacted the Data Protection Act earlier in 2019, the dedicated digital health law is a positive step towards addressing the potential data privacy challenges related to health data. The law could deliver dividends for the e-health sector by leveraging data and technology to devise interventions and solutions that improve health services delivery.

In a recent brief, CIPESA analyses the Digital Health Act and what it portends for health data governance in Kenya. As the brief notes, if rightly implemented, the law will offer lessons in proper health data governance, while ensuring the rights of data subjects and the principles of data protection are respected and promoted.

The new law is the latest addition to Kenya’s policy and legal initiatives that aim to buttress the health care system including through technology and improved data governance. Others include the National eHealth Policy 2016-2030 and the Guidance Note on the Processing of Health Data developed by the data protection authority.

The Digital Health Act presents an opportunity for strengthening patient data protection while making strides in addressing privacy challenges by emphasising the need to comply with the Data Protection Act, 2019. The law has set the pace for health data governance in Africa as it deals with data related to medical insurance, physician notes and diagnosis, medical records on current and past health history, and health data governance. Appropriate data governance will provide safeguards against breaches and misuse such as in disease surveillance, research and innovation.

Section 4 of the Act emphasises the data principles to be applied to health data: treating health data as a strategic national asset; safeguarding privacy, confidentiality and security of health data for information sharing and use; facilitating data sharing and use for informed decision-making at all levels; and using the digital health eco-system to serve the health sector and to facilitate, in a progressive and equitable manner, the highest attainable standard of health.

Data, including health data, requires specialised agencies to guarantee its protection. The Digital Health Act establishes a Digital Health Agency which is charged with establishing and managing an integrated health information system. The system will ensure quality assurance in the health sector, since it will be guided by data protection principles, scalability and interoperability, efficiency and effectiveness, simplicity and accessibility, and consistency. The Digital Health Agency will potentially promote accountability and transparency in the health sector.

While integrated data and information management systems offer numerous benefits, they also pose risks of abuse and privacy violations, especially during pandemics such as Covid-19, when there was surveillance on individuals based on health data. During the surge of Covid-19, several countries such as Kenya and Uganda adopted measures to contain the virus but with adverse impacts on data protection and privacy. It is imperative therefore that the Digital Health Agency takes all necessary measures to ensure that the Integrated Health Information System robustly guards against unauthorised access, processing, use and transfer of individuals’ private health information within the country as well as across its borders. 

Section 45 on e-Waste Management offers indications in the right direction for the management of e-waste in the health sector. It also provides pointers to promoting the use of sustainable models for e-waste management through public-private partnerships. Nevertheless, in promoting reuse and lifetime extension of e-waste in health data, the law potentially creates opportunities where e-health data may be used unfairly by unscrupulous individuals.

The Digital Health Act is a progressive move towards appropriate regulation of digital health services in Kenya. It points to the relevance of technology in enhancing health care amidst the growing significance of personal data, its protection, management and governance. Other countries in the region could borrow from Kenya’s example to enact similar legislation on digital health and health data governance.

Read the full brief here.

Advancing Sustainable Cross-border Data Transfer Policies and Practices in Africa

By Paul Kimumwe |

Over the years, several African governments have enacted laws and policies that limit cross-border data flows, citing the need to protect national security, promote the local digital economy, and safeguard users’ privacy. The limitations range from complete bans on cross-border transfers of all data to conditional cross-border transfer of specific data, with authorization sought from relevant government bodies.

The legal provisions prohibiting cross-border data transfers are scattered in different legal frameworks in countries such as Ethiopia, Nigeria, Rwanda, and Uganda, whose limitations are contained in their financial services and cybersecurity laws. In Rwanda, for example, Article 3 of Regulation No. 02/2018 of 24/01/2018 on cyber security provides that any bank licensed by the Central Bank must maintain its primary data within the territory of Rwanda. In Uganda, Article 68 of Uganda’s National Payment Systems Act 2020 requires all electronic money issuers to establish and maintain their primary data centre in relation to payment system services in Uganda.

For other countries such as Kenya, Nigeria, South Africa, Tunisia, and Uganda, the limitations are contained within their data protection laws. For example, sections 48 and 49 of Kenya’s Data Protection Act 2019 prohibit cross-border transfer of personal data to a country

lacking appropriate data security safeguards. South Africa’s 2013 Protection of Personal Information Act prohibits cross-border data transfers without the data subject’s consent or unless the foreign country is believed to have adequate safeguards. In Nigeria, sections 41-43 of the 2023 Data Protection Act sets conditions under which cross-border data transfers may occur, such as the requirement for the destination country to have data protection safeguards and consent from the data subject, among other conditions.

Critics of these data localization provisions and practices have often argued that the current data localisation policies and practices are not pro-people as they do not mitigate any genuine cybersecurity or online targeting but instead serve to undermine personal data privacy by facilitating government agencies’ unrestricted access to citizens’ personal data, including for purposes of conducting state surveillance.

These practices do not also conform to the key provisions of the 2019 African Commission on Human and Peoples’ Rights (ACHPR) Declaration of Principles on Freedom of Expression and Access to Information in Africa, which prohibits countries from adopting laws and other measures that criminalize and encryption practices, including backdoors, key escrows, and data localisation requirements unless such measures are justifiable and compatible with international human rights law.

The legal data localization requirements have been identified as the most restrictive and disruptive barriers to international trade, pushing foreign registered businesses to incur extra and unnecessary costs of establishing multiple infrastructures such as local data centres and in each of their countries of operation as opposed to having one center in their country of choice. In addition, the “limited policy and regulatory reforms to facilitate the interconnection of networks across borders, including national and commercial backbones, or supervisory frameworks for data protection, data storage/processing/handling” were identified as additional weaknesses in achieving Africa’s economic potential.

The success of several initiatives, such as the African Continental Free Trade Area (ACFTA) whose mandate is to create “a single continental market with a population of about 1.3 billion people and a combined GDP of approximately US$ 3.4 trillion,” hinges on eliminating trade barriers and the harmonization of cross-border transfers through the amendment of restrictive data localisation policies and practices.

In addition, under the African Union’s Digital Transformation Strategy for Africa (2020-2030), countries are called upon to “promote open data policies that can ensure the mandate and sustainability of data exchange platforms or initiatives to enable new local business models, while ensuring data protection and cyber resilience to protect citizens from misuse of data and businesses from cybercrime.”

On the other hand, the AU Data Policy Framework requires countries to create an enabling legal environment that would achieve and maximize the benefits of a data-driven economy by encouraging private and public investments necessary to support data-driven value creation and innovation. The framework offers guidance on policy interventions to optimise cross-border data flows and harmonise data governance frameworks. In terms of cross-border data governance and transfers, Principle 14(6)(a) of the African Union Convention on Cyber Security and Personal Data Protection prohibits data controllers from transferring “personal data to a non-Member State of the AU unless such a State ensures an adequate level of protection of the privacy, freedoms, and fundamental rights of persons whose data are being or are likely to be processed.”

A critical challenge for the continent is how to translate and localise these initiatives into workable solutions. Most autocratic governments are reluctant to amend their laws to be more open to cross-border data transfers. The reluctance is based on unfounded fears that sending their citizens’ data abroad could increase citizens’ vulnerability to serious security and privacy threats from foreign actors. On the other hand, civil society actors lack the requisite skills and knowledge to proactively engage in strategic advocacy both at national and regional levels. In addition, there is a paucity of evidence-based research on the key issues around data localization, particularly how various countries are implementing their data localisation policies as guided by the AU Data Policy Framework and Digital Transformation Strategy.

Lessons from previous policy advocacy engagements show that national governments are open to progressive policy reforms, as evidenced by the rapid adoption of data protection laws, particularly if they trust that such measures will not injure their national interests.

Key Interventions

Even with this promise and the abundance of international and regional frameworks to guide the adoption and implementation of progressive national data governance frameworks, interventions would require the adoption and implementation of multiple and mutually reinforcing strategies such as (a) building research and advocacy capacity of digital rights and data rights actors; (b) undertaking research and policy analysis; and (c) engaging in national and regional policy processes on data governance regulation, particularly that related to cross-border data flows and harmonisation of data governance frameworks.

Building on the success of her previous work on data governance and engagement with the AU Union Data Policy Framework, under the current project, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is continuing with regional engagements as well as working in our countries – Cameroon, Ghana, South Africa, and Uganda, to build the capacity of country-based research partners as well as generate evidence that addresses fears that informs states’ restrictive regulatory stances, shows benefits of free data flows and policy harmonisation.

1. Capacity Building in Research and Advocacy

Central to CIPESA’s interventions is the need to generate a critical mass of engaged actors that understand the cross-play of national and regional policy frameworks on data regulation and their implication for data policy harmonisation and national policy and practice. Further, these actors will need the skills to research and produce evidence to inform engagements with actors such as policymakers and to conduct effective, collaborative advocacy to inform policymaking.

2. Research and Policy Analysis

CIPESA also supports country-based research partners to produce and communicate research-based commentaries, briefs, policy analyses, and think pieces on data localisation regulation and cross-border data policies and advocate for flexible cross-border data flows and respect for data privacy. These outputs will inform engagements with policymakers at national and regional levels and with multilateral treaty bodies that mandate data protection and monitor privacy and data rights.

3. National and Regional Advocacy and Engagement

The third strand involves strategic deployment of the published commentaries, analyses, and think pieces to attract the attention of state and non-state actors and form the basis of deliberations on how to improve the policy and practice around data governance in the region, notably on cross-border data flows, data harmonisation, and the need to embrace the AU Data Policy Framework. The advocacy will target national actors, such as data regulators, telecom regulators, and policymakers, as well as regional entities, such as the African Union, the African Commission on Human and People’s Rights, and regional regulators’ and telecom operators’ associations such as Compassionate Rural Association for Social Action (CRASA) and East African Communication Organisations (EACO).

By building on pivotal and live continental initiatives such as the AU Data Policy Framework, the Digital Transformation Strategy for Africa, and the African Continental Free Trade Area (ACFTA), and working at regional and four-country levels through a multi-sector network of actors, CIPESA hopes to generate evidence that demystifies the unfounded fears used by states to engage in restrictive cross-border data regulatory policies and practices while demonstrating the benefits of free data flows and proposing harmonisation measures.

The article was first published by CIPESA’s partner NIYEL on April 22, 2024.