Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Data privacy

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Data privacy
19May

Zambia’s Cybersecurity and Cybercrimes Laws Raise Alarms for Digital Rights

Author CIPESA Posted on

By Edrine Wanyma |

In April 2025, the Zambian Parliament enacted two laws – the Cyber Security Act, 2025, and the Cyber Crimes Act, 2025 – which pose significant threats to digital rights and civil liberties in the country.

Despite significant concerns raised by civil society and digital rights advocates, including the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and Bloggers of Zambia, the two laws were passed with minimal revisions, leaving intact several provisions that undermine fundamental freedoms, including the right to privacy, freedom of expression, access to information, assembly and association.

Last December, CIPESA and Bloggers of Zambia submitted to the parliament a detailed analysis highlighting critical human rights concerns with the two proposed laws. The concerns include the overly broad surveillance powers and the weak oversight mechanisms that provide latitude for wantonly interfering with individuals’ rights.

Broadly Worded and Vague Definitions

The laws are riddled with broadly worded and vague definitions. Terms such as “law enforcement officer,” “critical information,” “critical information infrastructure,” “internet connection record,” and “call-related information” are so vague that they risk being interpreted to serve the interests of those in power. There is also a high risk they could be weaponised to target government opponents, critics, journalists and online activists.

For instance, the expansive definition of “critical information” refers to computer data that relates to a broad range of areas, including public safety, public health, economic stability, national security, international stability and the sustainability and restoration of critical cyberspace, providing authorities with a carte blanche to monitor and control information flow.

Similarly, the definition of “law enforcement officer” extends beyond traditional roles to include officers from the Anti-Corruption Commission, Drug Enforcement Commission and even individuals designated by the President. This expansion raises concerns about accountability, particularly as these officers can apply for communication interception orders ex parte (without notifying the target), thereby denying affected parties the right to contest such actions. This dangerously expands the scope of surveillance without meaningful judicial oversight or accountability.

Oversight and Accountability Concerns

Section 4 of the Cyber Security Act establishes the Zambia Cyber Security Agency under the general direction of the President. This arrangement can undermine the agency’s independence and increase the risk of political interference in its operations. The agency’s mandate, which includes regulating service providers, coordinating cybersecurity responses, and auditing information systems, requires robust oversight mechanisms, which are glaringly absent in the law. 

Similarly, the establishment of the Central Monitoring and Coordination Centre under section 21 (Part V) of the Cyber Security Act, with powers to lawfully intercept communications, raises red flags. Section 21 grants this body sweeping authority without creating adequate checks and balances. The lack of robust judicial oversight and transparency mechanisms raises alarms about privacy violations, which would contravene Zambia’s constitution and international human rights instruments.

Risk of Abuse and Shrinking Civic Space

The two new laws are an addition to a catalogue of restrictive laws, regulations and policies that control the enjoyment of civil liberties in online spaces. For instance, in 2021, the government ordered restrictions on social media platforms such as WhatsApp, Facebook, Twitter, and Instagram during the general elections. With general elections due in August 2026, the passage of these laws fuels fears of heightened controls, intensified censorship, surveillance, and clampdowns on civic actors.

Section 39 of the Cyber Security Act requires electronic communications service providers to install systems that can facilitate real-time interception of communications. These provisions can enable real-time surveillance of individuals’ private communication. Such provisions can be misused by the government, unscrupulous individuals and other unauthorised persons to snoop on individuals’  private communications, particularly since the laws do not provide for adequate oversight over surveillance.

Section 22 of the Cyber Crimes Act criminalises vague offences such as the use of digital platforms for harassment or humiliation, terms that are open to subjective interpretation and could be used to suppress legitimate speech, including criticism of public officials. It also reintroduces aspects of defamation which have attracted wide calls for decriminalisation, including by the African Commission on Human and Peoples’ Rights. In 2022, Zambia had shown progress when plans to decriminalise defamation were revealed. Defamation has been widely employed to arrest and prosecute government critics  and opponents in the country.

The enactment of these laws highlights a disturbing trend across Africa, where cyber laws are increasingly being used to curtail democratic participation rather than protect citizens from cyber threats. The overreach seen in Zambia’s laws mirrors similar patterns in other countries, where digital regulation is co-opted for political control.

The history of elections in Africa has further shown the elevation of controls over the civic space, including online spaces, to curtail speech, engagements and participation for civil society organisations (CSOs), human rights defenders (HRDs), journalists, bloggers and other online activists including through enhanced surveillance. The developments in Zambia raise fears of similar occurrences of high-handed control.

Zambia’s parliament should get back on the drafting table and ensure that the two new laws are aligned with regional and international human rights standards, including the African Charter on Human and Peoples’ Rights, the African Union Convention on Cybercrime and Personal Data Protection, and the Declaration of Principles on Freedom of Expression and Access to Information in Africa.

  • Overbroad criminal provisions should be expunged from the laws or narrowed.
  • Oversight mechanisms should be strengthened to ensure independence and accountability in surveillance activities.
  • All responsible parties, including enforcement and judicial officials, should be trained and their capacities built to ensure application of the laws within the acceptable human rights standards including legality and proportionality.
  • Zambia should ensure compliance with data protection and privacy standards in implementation of the laws to avoid overlaps and wanton infringements.

As Zambia prepares for its 2026 general elections, it is vital that cybersecurity and cybercrime measures do not become tools for political repression. Instead, they should serve to protect users, enhance trust in digital systems, and uphold the rights and freedoms guaranteed to all.

25Apr

CIPESA at DRIF25: Here is where you can find us!

Author CIPESA Posted on

By CIPESA Writer |

From April 29 to May 1, 2025, Paradigm Initiative will host the Digital Rights and Inclusion Forum (DRIF25) in Lusaka, Zambia, where it will bring together a diverse community to explore key questions around access, power, and participation in the digital age. As a regular contributor and participant of DRIF, this year, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) looks forward to participating in multiple workshops and sessions across the three-day event, engaging on themes that reflect our continued commitment to promoting inclusive and effective use of ICT in Africa for improved governance and livelihoods.

We look forward to hosting a session on tech accountability while also joining sessions hosted by various partners including the Office of the United Nations High Commissioner for Human Rights (UN OHCHR), Atlantic Council, Meta, African Digital Rights Network (ADRN), Fundación Karisma, SocialTIC, TEDIC, Tech & Media Convergency (TMC) and Rudi International.

Additionally, CIPESA will manage a digital resilience walk-in clinic/helpdesk where participants can get their digital devices assessed. Alongside CIPESA will be Digital Defenders Partnership,  Digital Society of Africa, Defenders Protection Initiative, Derechos Digitales and Thraets. This compliments CIPESA digital resilience efforts  including through a continuous needs assessment running for organisations across Africa.

To Moderate or Not to Moderate: Enhancing Tech-Accountability on the Internet

Room 6 | April 30 | 10:20 AM – 11:20 AM
Host: CIPESA
This session will delve into the urgent need for effective online content moderation to ensure a healthy, safe, and inclusive digital arena. Discussions will explore the growing calls for greater tech accountability, particularly in addressing the harms caused by misinformation and disinformation increasingly amplified by Artificial Intelligence (AI). Panelists will examine the balance between protecting users from harmful content and upholding community standards, enhancing user experience, safeguarding brand reputation, and ensuring compliance with national and international legal frameworks.

Strengthening Rights-Respecting Content Governance through South-South Collaboration: Trends and Opportunities in Africa and Latin America

Room 1 | April 29 | 12:10 PM – 1:10 PM
Host: UN OHCHR
This session will explore the potential for shared strategies and cooperation between Africa and Latin America in shaping content governance frameworks that respect rights and reflect regional realities. The session will examine opportunities for a South-South cooperation on rights-respecting content governance with focus on Africa and Latin America (LATAM). It will explore key trends, lessons, and tactics on rights-respecting content governance in both regions, collaboration and resource disparities in content governance between Global North and South-South systems.

Tech, Power, and Governance: The Policy Landscape in South Africa, Kenya, Nigeria, Ghana, and Zambia

Room 5 | April 30 | 11:30 AM – 12:30 PM
Host: Atlantic Council
This panel takes a closer look at the fast-changing AI and digital policy environments in leading African countries, unpacking governance models, legislative shifts, and national strategies shaping the continent’s tech future. The session is based upon a report by the Digital Forensic Research (DFR) Lab, which explores how five African countries—South Africa, Kenya, Nigeria, Ghana, and Zambia—are strategically navigating the governance of new technologies to enrich their citizens’ lives while mitigating potential risks. It focuses on three key technology domains, namely: connectivity, digital public infrastructure, and artificial intelligence (AI). The session aims to help identify advocacy opportunities that unite activists and experts from different countries across the African continent.

Open or Closed? Exploring the Implications of Open Source vs. Proprietary AI Systems in Africa

Room 1 | April 30 | 4:10 PM – 5:10 PM
Host: Meta
The use of AI technology is increasingly prevalent in Africa, with both open-source and proprietary systems being employed to address various social, economic, and environmental challenges. However, the choice between these two approaches has significant implications for human rights and ethics, particularly in the context of data ownership, surveillance, and digital divide. The aim of this panel is to facilitate a discussion on the human rights and ethical implications of open source and proprietary systems in Africa, with a focus on exploring the benefits and challenges of each approach.

Defining and Theorising Digital Rights: As Entitlements, as a Framework, and as a Movement

Room 4 | May 1, | 9:50 AM – 10:50 AM
Host: African Digital Rights Network (ADRN)
A deep dive into what “digital rights” means across different contexts, this session aims to develop a shared language and theoretical grounding to strengthen advocacy across the continent. This is important as the term is used to mean a range of different things by different people. Digital rights can be understood as a set of legal entitlements but also as a framework for evaluating technologies, projects and policies or as a form of collective action to address technology-related injustices. This sessions asks what different meanings of digital rights exist, whether it matters, and whether digital rights should be an end in themselves or a means to an end.

Leveraging Civil Society’s Capacities in Adopting Open-Source Monitoring Technologies for Early Digital Threat Detection

Room 4 | May 1, | 2:00 – 3:00 PM
Host: Fundación Karisma, SocialTIC, TEDIC, and CIPESA
In this session, the Blue Team tools project will be presented. It is an initiative aimed at  leveraging civil societies’ capacities in adopting open-source monitoring technologies for early digital threat detections, such as equipment surveillance and network monitoring, among others. By presenting the implementation case studies in Latin America, the session will shed light on the difficulties of adopting surveillance monitoring technologies by already under-resourced grass-root organisations and draw parallels between the opportunities and challenges of both Latin American and African organisations in adopting said technologies.

Digital Ubuntu: Empowering African CSOs with Practical and Inclusive Skills to Build Strong Digital Rights Organisations

Room 3 | May 1, | 8:40 – 9:40 AM
Host:  Tech & Media Convergency (TMC) & Rudi International
The workshop aims to support emerging civil society organisations with practical skills in order to help them build strong institutions as they work to build sustainable and inclusive digital rights advocacy in the Global South. This full-day workshop will bring together both seasoned and emerging digital rights advocates to explore solutions for promoting digital justice.

Central to the workshop is Digital Ubuntu, a philosophy rooted in interconnectedness, shared responsibility, and community-oriented solutions, fostering collective responsibility among governmental, non-governmental, and civil society actors.

All sessions will take place at the Mulungushi International Conference Centre.

15Apr

Why It’s Not Yet Uhuru for Artificial Intelligence in Africa and What To Do About It

Author CIPESA Posted on

By CIPESA Writer |

At the first Global Summit on Artificial Intelligence (AI) in Africa in Kigali, Rwanda earlier this month, it was evident that African countries are hugely lagging behind the rest of the world in developing and utilising AI. Also clear was that if the continent makes the right investments today, it stands to reap considerable benefits.

The challenges Africa faces were well-articulated at the summit that brought together 2,000 participants from 97 countries, as were the solutions. Some important steps were taken, such as issuance of the Africa Declaration on Artificial Intelligence that aims to mobilise USD 60 billion for the prospective Africa AI Fund, the unveiling of the Gates Foundation investment in AI Scaling Labs in four African countries, announcement of the Cassava AI Factory that is said to be Africa’s first AI-enabled data centre, and endorsement of the Africa Artificial Intelligence Council.

Just Where Does Africa Lie?

Crystal Rugege, Managing Director of the Rwanda Centre for the Fourth Industrial Revolution, which hosted the summit, noted that AI could unlock USD 2.9 trillion for Africa’s economy by 2030, thereby lifting 11 million Africans out of poverty and creating 500,000 jobs annually. However, Rugege added, “this will not happen by chance. It requires bold, decisive leadership and collective action.”

Some independent researchers and scholars feel most African countries are not doing enough to stimulate AI innovation and uptake. Indeed, speakers at an independent webinar held on the eve of the Kigali summit criticised the “ambitious prediction” of the USD 2.9 trillion AI dividend for Africa, citing the lack of inclusive AI policy-making, and African countries’ failure to invest in a workforce that is fit for the AI age.

A handful of countries (including Ethiopia, Ghana, Nigeria, Senegal, Kenya, Mauritius, Egypt, Tunisia, Algeria, Rwanda and Zambia) have developed AI Strategies and at least eight others are in the process of doing so, but there is minimal government-funded AI innovation and deployment. Africa receives only a pittance of the global AI funding.

Key Hindrances

The summit was not blind to the key hindrances to AI development and deployment. Africa’s limited computational power (or compute) including a shortage of locally-based data centres was severally cited. Africa holds less than 1% of global data centre capacity, which is insufficient to train and run AI models. Also, while the continent has the world’s youngest population, it is lowly skilled. Moreover, only 5% of the region’s AI talent has access to the computational power and resources needed to carry out complex tasks. Many countries also lack the requisite energy supplies to power sustained AI development. Also, Africa’s 60% mobile internet usage gap is slowing AI adoption and economic growth.

Accordingly, the summit – and the declaration it issued – focussed on how to address these bottlenecks. Recommendations include to focus education systems on Fourth Industrial Revolution skills including to build for and adapt to AI; developing AI infrastructure (innovation labs, data centres, sustainable energy); scaling African AI businesses (including enabling them to access affordable funding); and enhancing AI research.

Mahmoud Ali Youssouf, Chairperson of the African Union (AU) Commission, stressed the need to create a harmonised regulatory environment to enable cross-border AI trade and investment; and to leverage Africa’s rich and diverse datasets to fuel AI innovation and power global AI models.

Important Steps in Kigali
  • The Africa Declaration on Artificial Intelligence builds on the foundational strategies, policies and commitments of the AU (such as its AI Strategy and the Data Policy Framework) and the United Nations. It seeks to develop a comprehensive talent pipeline through AI education and research; establishes frameworks for open, secure and inclusive data governance; provides for deployments of affordable and sustainable computing infrastructure accessible to researchers, innovators and entrepreneurs across Africa; and aims to create supportive ecosystems with regional AI incubation hubs driving innovation and scaling African AI enterprises domestically and globally.

    The Declaration envisages the establishment of a USD 60 billion Africa AI Fund, leveraging public, private, and philanthropic capital. The Fund would invest in developing and expanding AI infrastructure, scaling African AI enterprises, building a robust pipeline of AI practitioners, and strengthening domestic AI research capabilities, while upholding principles of equity and inclusion.
  • The AI Scaling Labs: The Gates Foundation and Rwanda’s Ministry of ICT and Innovation signed a Memorandum of Understanding (MoU) to establish the Rwanda AI Scaling Hub, in which the foundation will invest USD 7.5 million. It will initially focus on healthcare, agriculture, and education. Over the next 12 months, the foundation plans to establish similar centres in Kenya, Nigeria, and Senegal “to break down barriers to scale and help move promising AI innovations to impact.”
  • The Cassava AI Factory: Cassava Technologies announced the Cassava AI Factory, reportedly Africa’s first AI-enabled data centre, powered by NVIDIA accelerated computing. “Building digital infrastructure for the AI economy is a priority if Africa is to take full advantage of the fourth industrial revolution,” said Cassava Founder and Chairman, Strive Masiyiwa. “Our AI Factory provides the infrastructure for this innovation to scale, empowering African businesses, startups and researchers with access to cutting-edge AI infrastructure to turn their bold ideas into real-world breakthroughs – and now, they don’t have to look beyond Africa to get it.”

    By keeping AI infrastructure and data within Africa, Cassava Technologies says it is strengthening the continent’s digital independence, driving local innovation and supporting African AI talent and businesses. Its first deployment in South Africa (in June 2025) will be followed by expansion to Egypt, Kenya, Morocco, and Nigeria.
  • The Africa Artificial Intelligence Council: The Smart Africa Alliance Steering Committee Meeting co-chaired by the International Telecommunications Union (ITU) Secretary and the AU Commissioner for Infrastructure and Energy, endorsed the creation of the Council to drive continental coordination on critical AI pillars, including AI computing infrastructure, data sets and data infrastructure development, skills development, market use cases, and governance/policy.
  • Use Cases and Sandboxes: Documentation of tangible use cases and sandboxes that support innovation and regulation is vital in AI development on the continent. On the sidelines of the summit, CIPESA contributed to two co-creation initiatives. The Datasphere Initiative held a Co-creation Lab on the role of AI sandboxes in supporting regulatory innovation and ethical AI governance in Africa. Meanwhile, Qhala hosted a Digital Trade and Regulatory Sandbox session focused on digital health, smartphones, and cross-border trade. Separately, the Rwanda Health Intelligence Centre was unveiled, which enables AI-driven emergency medical services delivery and real-time collection of data on healthcare outcomes in hospitals, thus strengthening evidence-based decision-making.

Ultimately, the AI promise remains high but for it to be realised, the ideas from the Kigali summit must be translated into actions. Countries must stump up funds for research and scaling innovations, support their citizens in acquiring AI-relevant skills, expand internet access and affordability, provide supportive infrastructure, and incentivise foreign investment and technology transfer. Moreover, they should ensure that national laws and regulations promote fair, safe, secure, inclusive and responsible AI, and conform to continental aspirations such as the African Union AI Strategy.

07Apr

Human Rights Implications of Health Care Digitalisation in Kenya

Author CIPESA Posted on

Policy brief |

This policy brief draws on the key findings of a human rights impact assessment of Digital Health Services to make concrete recommendations for a human rights-based digitalisation of health care services in Kenya.

Drawing on a human rights impact assessment conducted in October-November 2024, the brief shows how the transition from the National Health Insurance Fund (NHIF) to the Social Health Insurance Fund (SHIF) has faced significant challenges that impact the right to health, particularly for vulnerable and marginalised groups and addresses broader concerns as to the role of digitalisation in health care management and its implications for service delivery. 

Notably, Kenya’s journey towards a rights-based digital health system requires a coordinated approach that addresses infrastructure, regulatory enforcement, gender equality, and resource allocation and management. By adopting the recommendations found in this brief, Kenya can create a digital health environment that not only advances healthcare service delivery but also protects, promotes and respects the rights of all its citizens, particularly those most at risk of exclusion.

Recommendations on the NHIF-SHIF Transition

1. Enhance digital infrastructure: Fully operationalize the SHA platform and integrate it with existing systems like Kenya Health Information System and Kenya Electronic Medical Records.

2. Conduct public awareness campaigns: Educate citizens on SHA benefits and processes to dispel misinformation and encourage enrolment.

3. Expedite empanelment of facilities: Increase the accreditation of healthcare providers to ensure uninterrupted access to services.

4. Strengthen National-County coordination: Align roles, resources, and responsibilities to streamline service delivery under the devolved healthcare framework as stipulated under the Fourth Schedule of the Constitution.

5. Review contribution models: Adjust means-testing mechanisms to ensure affordability, especially for vulnerable and marginalized populations.

6. Prioritize capacity building: Train healthcare workers and Community Health Promoters to effectively navigate the transition and support beneficiaries.

7. Incorporate stakeholder feedback: Deliberately establish clear communication channels and include healthcare workers, vulnerable and marginalized groups in the design and implementation of SHA systems to promote inclusivity.

8. Clarify referral pathways: Define roles for various healthcare levels under the Primary Health Care Act to simplify patient navigation.

9. Ensure accountability and transparency: Regularly audit the transition to address and mitigate inefficiencies and restore public trust.

Read the full policy brief here.

Research Partners

The research into the human rights impacts of digital health services in Kenya was conducted in partnership between the Kenya National Commission on Human Rights – Kenya’s National Human Rights Institution, CIPESA – The Collaboration on International ICT Policy for East and Southern Africa which works to promote effective and inclusive ICT policy, and the Danish Institute for Human Rights – Denmark’s national human rights institution which works internationally to address the human rights implications of technology use.

DPI Fellowship
01Apr

Call for Applications: DPI Journalism Fellowship for Eastern Africa

Author CIPESA Posted on

Call for Applications |

Date of Publication: 1 April 2025.

Application Deadline: 21 April 2025 – 18.00 East African Time.

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA), in partnership with Co-Develop, invites applications for the Digital Public Infrastructure (DPI) Journalism Fellowship for Eastern Africa.

This regional fellowship aims to build a new generation of journalists with the knowledge and skills to investigate and report on Digital Public Infrastructure and Digital Public Goods (DPGs). The fellowship is inspired by a similar Co-Develop-funded initiative implemented by the Media Foundation for West Africa (MFWA), which supported fellows to produce over 100 impactful stories that spurred public debate and influenced policy.

Through rigorous training, mentorship, and financial support, selected journalists will explore the promises, challenges, and lived experiences related to DPI across Eastern Africa.

What is Digital Public Infrastructure?

DPI refers to foundational digital systems and services that enable secure, inclusive, and efficient delivery of both public and private services. These include, among others:

  • Digital ID systems.
  • Instant and interoperable payment platforms.
  • Open data platforms.
  • Data exchange frameworks.
  • e-Government systems.

Well-designed DPI holds transformative potential—but without public understanding and critical engagement, it can also deepen exclusion, surveillance, and limit adoption/uptake.

Fellowship Details

Duration: 6 months (June–December 2025).

Structure:

  • June 2025: Virtual training workshops and editorial guidance.
  • July 2025: Story development and mentoring.
  • August 2025: In-person workshop in Nairobi, Kenya, peer learning, and advanced training.

Outputs: Each Fellow is expected to produce at least three high-quality, published stories on DPI or DPGs during the fellowship.

Benefits

  • A grant of up to USD 1,500 to support story production.
  • Access to reporting grants post-fellowship.
  • Mentorship from senior journalists and digital policy experts.
  • Certificate of Completion.
  • Travel, accommodation, and incidental expenses for the in-person workshop.

Eligibility Criteria

The fellowship is open to journalists based in the following Eastern Africa countries:

Burundi, Democratic Republic of the Congo, Ethiopia, Kenya, Rwanda, Somalia, South Sudan, Tanzania, and Uganda.

Applicants must:

  • Be a practicing journalist with at least three years of professional experience.
  • Demonstrate strong interest or experience in reporting on digital technologies, governance, human rights, or development.
  • Be proficient in English or French. 
  • Be available to fully participate in the three-month fellowship and in post-fellowship activities.
  • Be affiliated with a credible media outlet willing to support their reporting.

Selection Process

The selection will be based on merit and demonstrated interest in DPI-related reporting. The process includes:

  • Initial application screening.
  • Interviews with shortlisted candidates.
  • Final selection by a panel of media and policy experts.
  • Women and early-career journalists are strongly encouraged to apply.

How to Apply

Applicants should complete this form by 21 April 2025.

For more information, please visit: https://cipesa.org or contact [email protected]

1 11 12 13 14 15 28