Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: CIPESA

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  CIPESA
14Apr

CIPESA at the Digital Rights and Inclusion Forum 2026

Author CIPESA Posted on

By CIPESA Writer |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is participating in this year’s Digital Rights and Inclusion Forum (DRIF), taking place in Abidjan, Côte d’Ivoire on April 14-16, 2026. Hosted by Paradigm Initiative under the theme, “Building Inclusive and Resilient Digital Futures”, the Forum focuses on strengthening technology to withstand crises and promoting digital rights across the Global South.

At DRIF, CIPESA is contributing to critical conversations that move beyond dialogue to impact. The organisation will host a session titled Beyond the Microphone – Turning IGF Participation into Policy Influence in West Africa,” exploring how engagement in global internet governance spaces can translate into meaningful policy change at national and regional levels.

CIPESA will also feature in the exhibition space, presenting the African Digital Reality Walk, “Paths, Traps, and Safe Passage.” This immersive experience invites participants to navigate the complexities of Africa’s digital landscape as it highlights the opportunities and the risks that define digital rights and freedoms today while encouraging digital resilience.

Where to Find CIPESA at DRIF

April 14

· Image-based TFBGV in the Age of Artificial Intelligence
 10:10 AM – 11:10 AM |  Room 5
 Hosted by Digital Rights Alliance Africa (DRAA)

· Beyond the Microphone – Turning IGF Participation into Policy Influence in West Africa
  2:20 PM – 3:20 PM |  Room 6
 Hosted by CIPESA

· Reviewing the ACHPR Resolution 631 Draft Guidelines for Universal Access to Public Service Content in Africa
 2:20 PM – 3:20 PM | Room 4
 Hosted by SOS Coalition / UNESCO

April 15

· Shrinking Civic Space and Funding Cuts: How Can We Ensure Digital Resilience? 10:10 AM – 11:10 AM | Room 4
 Hosted by Oxfam

· Democracy Disconnected: Fighting Against Election Shutdowns in Africa
 10:10 AM – 11:10 AM | Room 5
 Hosted by Access Now

· Fighting Non-Consensual Intimate Image (NCII) Abuse in Africa & Beyond
 1:50 PM – 2:50 PM | Auditorium
 Hosted by Google

April 16

· From Data to Action: Responding to Digital Authoritarianism’s Threat to Civil Society
 11:10 AM – 12:10 PM | Room 3
 Hosted by EU-SEE

· Digital Sovereignty and Inclusive DPI in Africa: A Stakeholder Roundtable
 11:10 AM – 12:10 PM | Room 4
 Hosted by Digital Action

12Apr

Stakeholders in Kenya Commit to Safeguarding the Country’s 2027 General Elections

Author CIPESA Posted on

By Lyndcey Oriko |

As Kenya looks ahead to the 2027 general elections, the rapid digitisation of the civic space presents both opportunities and risks. A February 2026 multi-stakeholder engagement organised by the National Cohesion and Integration Commission (NCIC), in partnership with the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), reflected on preparedness for the 2027 elections, with a strong emphasis on moving from reactive responses to proactive, coordinated action.

The Nairobi convening brought together electoral bodies, oversight institutions, law enforcement, regulators, and media actors to deliberate on the need to safeguard rights, strengthen coordination, and build trust in an increasingly digital electoral environment.

Across Africa, digital platforms are reshaping how elections unfold. They have opened up participation, especially for young people, but also introduced new challenges. Increased online regulation, network disruptions, hate speech and disinformation are commonplace, while women, particularly those actively involved in politics, face rising levels of technology-facilitated gender-based violence.

This shifting environment highlights a key reality: the same digital tools that enable participation can also erode trust and weaken social cohesion. And what begins online does not stay online. It often carries real consequences offline, and vice versa. Kenya is no exception. The country’s upcoming 2027 elections are high-stakes, closely contested and in an environment fraught with disinformation.

More recently, there has been a heightened crackdown on activism, including through the abduction and intimidation of activists and journalists, politically motivated internet censorship, rising disinformation, cyber threats, data breaches, and a decline in freedom.

CIPESA’s Kenya’s Digital Crossroads brief, published in February 2025, offers a detailed account of the scale of this challenge. In June 2024, Kenya experienced its first nationwide internet shutdown, imposed during the #RejectFinanceBill2024 protests that disrupted mobile payments, health services, and education systems alongside social media.

The Kenya National Commission on Human Rights (KNCHR) documented 50 deaths, 413 injuries, 59 abductions, and 682 arbitrary arrests as of July 2024, with over 82 people subsequently abducted by armed plainclothes officers. The Communications Authority recorded 657.8 million cyber threats in just three months between July and September 2024, while government and media institutions — including KBC, K24 TV, and the DCI’s account on X — faced successful cyberattacks. The Computer Misuse and Cybercrimes Act was deployed to target critics, bloggers, and political activists. And in January 2025, the incoming Cabinet Secretary for ICT publicly pledged readiness to shut down the internet again if national security is threatened. These patterns have direct implications for 2027.

Opening the discussion, Ashnah Kalemera, Programmes Manager at CIPESA, emphasised the importance of balancing electoral integrity and national security with the protection of civic space. She noted that core freedoms such as free speech, access to information, and participation should continue to be prioritised, even as institutions address digital risks. She also highlighted the need for stronger collaboration, responsible content sharing, and inclusive approaches that bring citizens, especially young people, into the conversation.

Commissioner Ken Williams Nyakomitah of the Independent Policing Oversight Authority (IPOA) stressed that the scale and complexity of digital harms require collective action. He noted that institutions must adapt to evolving technological realities and work in complementarity, emphasising that no single actor can effectively address digital threats in isolation. Strengthening coordination, avoiding duplication, and ensuring timely information sharing were highlighted as critical to improving institutional effectiveness.

The NCIC Chief Executive Officer, Dr. Daniel Mutegi Giti, underscored the importance of early and sustained interventions to promote cohesion. He cautioned that elections could amplify existing tensions if not carefully managed, particularly in digital spaces where narratives spread rapidly and shape public perception. He called for vigilance, responsible engagement, and a shared commitment to upholding constitutional values, including inclusivity and respect for human rights.

Bringing in a technological perspective, Daniel Odongo, Technology Lead at Ushahidi, highlighted the speed, coordination, and sophistication with which harmful content spreads online. He pointed out that misinformation often follows predictable patterns across platforms, making early detection, real-time monitoring, and coordinated response critical to preventing escalation. This further underscores the importance of institutions focusing not just on individual incidents but on identifying patterns, trends, and coordinated behaviour over time.

Director Kilian Nyambu of NCIC emphasised the human dimension of digital harms, noting that information shapes perception, and perception shapes action. This is especially significant for vulnerable groups, including women, youth, and persons with disabilities, who are often disproportionately affected by harmful online narratives. Ensuring inclusivity and protection of these groups remains central to building a peaceful digital environment.

The role of the media was also central to the discussion. Leo Mutisya of the Media Council of Kenya (MCK) highlighted both the resilience and challenges within Kenya’s media landscape. While media remains a key pillar in promoting accountability and public awareness, rising disinformation, political pressure, and declining trust continue to shape how citizens consume information, often leading them to turn to less regulated digital spaces.

At the same time, the engagement highlighted the growing challenge of declining public trust in public institutions and information sources. As more citizens turn to digital platforms for news, the line between credible information and manipulation continues to blur, reinforcing the need for strong media literacy and fact-checking ecosystems. Addressing this trust deficit will require transparency, consistency, and sustained public engagement from institutions.

Concerns were also raised about the emerging risks of Artificial Intelligence (AI), such as AI-generated content and deepfakes, which are increasingly difficult to detect and could significantly distort public perception during elections. Stakeholders emphasised the need to proactively address these risks, including advocating for greater transparency and accountability from digital platforms.

Importantly, participants also highlighted that misinformation is no longer random or organic. It is often coordinated, moving rapidly across platforms within minutes, from X to WhatsApp and into community networks, making early detection and response critical. This calls for investment in real-time monitoring systems and stronger partnerships between institutions and technology platforms. It also reinforces the need for institutions to shift from isolated responses to a more connected, system-wide approach that reflects the complexity of the digital ecosystem.

Discussions further underscored the importance of data protection, responsible platform governance, and context-specific solutions. Participants emphasised that Kenya must develop localised frameworks that reflect its unique realities, rather than relying solely on external models. Building effective responses will require grounding solutions in local contexts, strengthening regional collaboration, and investing in homegrown research and knowledge systems.

Key priorities emerging from the engagement included strengthening inter-agency coordination, investing in early warning and response systems, improving strategic communication, safeguarding data and privacy, and ensuring inclusive approaches that protect all groups. There was also a strong call to establish clear inter-institutional protocols for responding to digital threats, ensuring timely, coordinated, and rights-respecting action across agencies. Strengthening collaboration across institutions and aligning mandates will be essential in closing existing gaps. Ultimately, participants agreed that preparedness must begin now. Building resilient systems, strengthening collaboration, and equipping citizens with the tools to navigate digital spaces responsibly will be critical to shaping peaceful, credible elections.

As Kenya prepares for the 2027 general elections, digital platforms will play a decisive role in shaping public discourse and electoral outcomes. The challenge, and opportunity, lies in ensuring these spaces promote trust, inclusion, and informed participation.

01Apr

Assessing the Impact of the 2026 Internet Shutdown on Uganda’s Digital Economy

Author CIPESA Posted on

By Nadhifah Muhammad |

On January 13, 2026, two days prior to Uganda’s general election, the Uganda Communications Commission (UCC) ordered an internet shutdown purportedly to mitigate misinformation, electoral fraud and incitement of violence. This mirrored the two previous elections in the country, each of which had economic consequences due to the disruption of digital communications and services.

In the latest disruption, some essential services were exempted, such as healthcare systems, core banking platforms, immigration and aviation systems. However, key sectors of Uganda’s digital economy, íncluding ride-hailing and delivery systems, fintech services, e-Commerce, and digital health providers, were inaccessible. Data from the Cost of Internet Shutdown Tool (COST) estimates that Uganda lost Uganda Shillings (UGX) 59.7 billion (USD 16 million) during the almost five day internet shutdown. More was lost when social media and mobile money services remained constrained beyond the five days.

Notably, the severe direct economic losses and indirect impacts are likely to persist beyond the duration of the shutdown. During the shutdown, businesses dependent on digital platforms were unable to process transactions, communicate with customers, or coordinate logistics. Beyond the immediate financial losses suffered over the days the internet was off, the disruption unsettled supply chains, interrupted livelihoods, and raised concerns among investors about the reliability of Uganda’s digital infrastructure.

This brief examines the direct and indirect financial losses of the shutdown and highlights measures to various stakeholders need to safeguard a reliable digital economy as a key driver of Uganda’s digital transformation, these include;

  • Development and roll out comprehensive business continuity plans for the digital economy during elections and emergency situations.
  • Adoption of digital safety and security practices for detecting and mitigating risks and optimising systems to support business continuity amidst such disruptions. 
  • Advocacy for an enabling legal and policy environment for the digital economy.
  • Undertaking continuous capacity building for businesses in digital resilience.
  • Collaboration among stakeholders – business associations, civil society, academia and the legal fraternity in challenging shutdowns through strategic litigation.

Access the full brief here.

17Feb

Cybersecurity, Data Protection and Privacy Conference

Author CIPESA Posted on

Event |

Date and Time: 18 February, 2026, starting at 8:30 AM.

Location: Kampala, Uganda

The Cybersecurity, Data Protection and Privacy Conference, also known as the #BeeraKuGuard Awareness Conference, is being hosted by the National Information Technology Authority (NITA-U) under the Uganda Digital Acceleration Project (UDAP-GovNet). The event addresses the critical need to promote cybersecurity, data protection, and privacy awareness due to the growing scale and sophistication of cyber threats, which have escalated with the nationwide increase in affordable broadband and e-services. The conference aims to promote cyber hygiene, personal data protection, and privacy best practices across the country.

29Jan

Data Protection Officers Convene to Strengthen Privacy Leadership on International Data Privacy Day

Author CIPESA Posted on

By Anitah Ahebwa |

Data Protection Officers (DPOs) from across the country gathered at Four Points by Sheraton, Kampala, on Wednesday, 28 January 2026, for a masterclass aimed at strengthening strategic data protection leadership. Organised by the Personal Data Protection Office (PDPO) in partnership with the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), the event marked the annual International Data Privacy Day and focused on helping DPOs balance compliance, risk, and business needs within their organisations.

While giving opening remarks at the masterclass, Baker Birikujja, the National Personal Data Protection Director, highlighted the everyday realities of personal data protection.

“Some of the most damaging privacy incidents do not begin with hackers,” he said. “They begin with a printed report left on a desk, a patient file discussed in an open corridor, an unlocked cabinet, or a phone call handled without discretion. Personal data exists not only online, but on paper, in recordings, photographs, CCTV footage, and everyday conversations and it deserves the same discipline and respect wherever it sits.”

He added that modern privacy management is not merely a file of policies. “It is a system of decisions, behaviors, controls, and accountability,” he said, noting that effective data protection requires attention to both digital environments such as databases, apps, and cloud services, and physical or offline environments, including paper records, filing systems, CCTV, and call recordings.

Edrine Wanyama, Programme Manager Legal at CIPESA, noted that the partnership with the PDPO was driven by a shared commitment to building strong and effective collaborations in data governance and protection. “We believe in building good partnerships, and we have actively leveraged and worked through these processes to buttress efforts,” he said. He added that data protection is central to CIPESA’s work.

He further noted that marking International Data Privacy Day through the workshop was intentional, explaining that the masterclass was designed to enhance knowledge of Data Protection Officers and build their capacity to effectively respond to emerging data protection risks and take appropriate actions

Edrine Wanyama, Programme Manager, Legal at CIPESA, explained why CIPESA partnered with PDPO; “We believe in building strong partnerships and have leveraged these collaborations over time. Data protection is central to what we do, and data is critical because it relates directly to individuals.”

He also highlighted that the timing of the masterclass on International Data Privacy Day was intentional. He noted that the workshop was designed to bring Data Protection Officers together to not only acquire knowledge but also build their capacity to effectively do their work.

The masterclass featured three key sessions. The first explored the evolving role of the DPO as a strategic advisor, covering legal mandates, independence, and repositioning from a compliance officer to a trusted advisor. The second session focused on applying a risk-based approach to data protection, helping DPOs identify high-risk processing activities, prioritise compliance actions, and use risk assessments to guide management decisions. The final session addressed balancing compliance, risk, and business needs, equipping DPOs with strategies to advise leadership in clear business language, support innovation, and document recommendations effectively.

The sessions come against a backdrop of broader challenges for DPOs in Uganda. A recent PDPO training needs assessment conducted by the PDPO in November 2022, revealed that around 90.6% of DPOs lack formal certification in data protection and privacy, and only a small proportion have technical or legal backgrounds. Many officers are also less involved in core compliance tasks such as audits, breach reporting, and managing data protection complaints. These findings highlight the continued importance of professional development and knowledge-sharing forums like this masterclass.

By convening DPOs on International Data Privacy Day, PDPO and CIPESA emphasised the need for proactive privacy leadership in safeguarding personal data and maintaining public trust. Participants were equipped with practical tools to advise management, manage data protection risks, and integrate privacy considerations into organisational practices.

The masterclass is part of PDPO’s ongoing efforts to foster a culture of responsible data governance in Uganda, ensuring that personal data protection extends beyond regulatory compliance to build public confidence in the country’s growing digital economy.

Following the sessions, participants agreed on collective actions to:

  • Prioritise privacy-by-design and continually engage in robust cybersecurity practices aimed at protecting and securing individuals’ personal data.
  • Develop internal data protection policies to guide the implementation of data practices and ensure personal data protection.
  • Keep abreast of technological developments, including AI, and ensure minimisation of risks associated with it for progressive data protection.
  • Conduct staff and customer tailored trainings and raise awareness amongst them on data protection and the need to safeguard their data.
  • Ensure that as DPOs, they take on pivotal leadership over data protection to ensure compliance with the data protection principles and protection of data protection rights.
  • Hold all perpetrators of data breaches accountable for their actions in order to deter any further similar breaches by errant data controllers and processors.
  • Conduct regular data mapping and maintain up-to-date records of processing activities to understand what data is in their possession and how to rightly handle it in the changing technological and business spaces.
  • Foster collaboration across teams and recognise that privacy cannot be managed in isolation but through joint responsibility and efforts.
  • Recognise their central role in the compliance and reporting function to ensure the establishment of safeguards that protect their organisations from reputational, legal, and financial harms.

Please see an emerging press release here.

1 2 3 12