Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Data privacy

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Data privacy
25Apr

Advancing Sustainable Cross-border Data Transfer Policies and Practices in Africa

Author CIPESA Posted on

By Paul Kimumwe |

Over the years, several African governments have enacted laws and policies that limit cross-border data flows, citing the need to protect national security, promote the local digital economy, and safeguard users’ privacy. The limitations range from complete bans on cross-border transfers of all data to conditional cross-border transfer of specific data, with authorization sought from relevant government bodies.

The legal provisions prohibiting cross-border data transfers are scattered in different legal frameworks in countries such as Ethiopia, Nigeria, Rwanda, and Uganda, whose limitations are contained in their financial services and cybersecurity laws. In Rwanda, for example, Article 3 of Regulation No. 02/2018 of 24/01/2018 on cyber security provides that any bank licensed by the Central Bank must maintain its primary data within the territory of Rwanda. In Uganda, Article 68 of Uganda’s National Payment Systems Act 2020 requires all electronic money issuers to establish and maintain their primary data centre in relation to payment system services in Uganda.

For other countries such as Kenya, Nigeria, South Africa, Tunisia, and Uganda, the limitations are contained within their data protection laws. For example, sections 48 and 49 of Kenya’s Data Protection Act 2019 prohibit cross-border transfer of personal data to a country

lacking appropriate data security safeguards. South Africa’s 2013 Protection of Personal Information Act prohibits cross-border data transfers without the data subject’s consent or unless the foreign country is believed to have adequate safeguards. In Nigeria, sections 41-43 of the 2023 Data Protection Act sets conditions under which cross-border data transfers may occur, such as the requirement for the destination country to have data protection safeguards and consent from the data subject, among other conditions.

Critics of these data localization provisions and practices have often argued that the current data localisation policies and practices are not pro-people as they do not mitigate any genuine cybersecurity or online targeting but instead serve to undermine personal data privacy by facilitating government agencies’ unrestricted access to citizens’ personal data, including for purposes of conducting state surveillance.

These practices do not also conform to the key provisions of the 2019 African Commission on Human and Peoples’ Rights (ACHPR) Declaration of Principles on Freedom of Expression and Access to Information in Africa, which prohibits countries from adopting laws and other measures that criminalize and encryption practices, including backdoors, key escrows, and data localisation requirements unless such measures are justifiable and compatible with international human rights law.

The legal data localization requirements have been identified as the most restrictive and disruptive barriers to international trade, pushing foreign registered businesses to incur extra and unnecessary costs of establishing multiple infrastructures such as local data centres and in each of their countries of operation as opposed to having one center in their country of choice. In addition, the “limited policy and regulatory reforms to facilitate the interconnection of networks across borders, including national and commercial backbones, or supervisory frameworks for data protection, data storage/processing/handling” were identified as additional weaknesses in achieving Africa’s economic potential.

The success of several initiatives, such as the African Continental Free Trade Area (ACFTA) whose mandate is to create “a single continental market with a population of about 1.3 billion people and a combined GDP of approximately US$ 3.4 trillion,” hinges on eliminating trade barriers and the harmonization of cross-border transfers through the amendment of restrictive data localisation policies and practices.

In addition, under the African Union’s Digital Transformation Strategy for Africa (2020-2030), countries are called upon to “promote open data policies that can ensure the mandate and sustainability of data exchange platforms or initiatives to enable new local business models, while ensuring data protection and cyber resilience to protect citizens from misuse of data and businesses from cybercrime.”

On the other hand, the AU Data Policy Framework requires countries to create an enabling legal environment that would achieve and maximize the benefits of a data-driven economy by encouraging private and public investments necessary to support data-driven value creation and innovation. The framework offers guidance on policy interventions to optimise cross-border data flows and harmonise data governance frameworks. In terms of cross-border data governance and transfers, Principle 14(6)(a) of the African Union Convention on Cyber Security and Personal Data Protection prohibits data controllers from transferring “personal data to a non-Member State of the AU unless such a State ensures an adequate level of protection of the privacy, freedoms, and fundamental rights of persons whose data are being or are likely to be processed.”

A critical challenge for the continent is how to translate and localise these initiatives into workable solutions. Most autocratic governments are reluctant to amend their laws to be more open to cross-border data transfers. The reluctance is based on unfounded fears that sending their citizens’ data abroad could increase citizens’ vulnerability to serious security and privacy threats from foreign actors. On the other hand, civil society actors lack the requisite skills and knowledge to proactively engage in strategic advocacy both at national and regional levels. In addition, there is a paucity of evidence-based research on the key issues around data localization, particularly how various countries are implementing their data localisation policies as guided by the AU Data Policy Framework and Digital Transformation Strategy.

Lessons from previous policy advocacy engagements show that national governments are open to progressive policy reforms, as evidenced by the rapid adoption of data protection laws, particularly if they trust that such measures will not injure their national interests.

Key Interventions

Even with this promise and the abundance of international and regional frameworks to guide the adoption and implementation of progressive national data governance frameworks, interventions would require the adoption and implementation of multiple and mutually reinforcing strategies such as (a) building research and advocacy capacity of digital rights and data rights actors; (b) undertaking research and policy analysis; and (c) engaging in national and regional policy processes on data governance regulation, particularly that related to cross-border data flows and harmonisation of data governance frameworks.

Building on the success of her previous work on data governance and engagement with the AU Union Data Policy Framework, under the current project, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is continuing with regional engagements as well as working in our countries – Cameroon, Ghana, South Africa, and Uganda, to build the capacity of country-based research partners as well as generate evidence that addresses fears that informs states’ restrictive regulatory stances, shows benefits of free data flows and policy harmonisation.

1. Capacity Building in Research and Advocacy

Central to CIPESA’s interventions is the need to generate a critical mass of engaged actors that understand the cross-play of national and regional policy frameworks on data regulation and their implication for data policy harmonisation and national policy and practice. Further, these actors will need the skills to research and produce evidence to inform engagements with actors such as policymakers and to conduct effective, collaborative advocacy to inform policymaking.

2. Research and Policy Analysis

CIPESA also supports country-based research partners to produce and communicate research-based commentaries, briefs, policy analyses, and think pieces on data localisation regulation and cross-border data policies and advocate for flexible cross-border data flows and respect for data privacy. These outputs will inform engagements with policymakers at national and regional levels and with multilateral treaty bodies that mandate data protection and monitor privacy and data rights.

3. National and Regional Advocacy and Engagement

The third strand involves strategic deployment of the published commentaries, analyses, and think pieces to attract the attention of state and non-state actors and form the basis of deliberations on how to improve the policy and practice around data governance in the region, notably on cross-border data flows, data harmonisation, and the need to embrace the AU Data Policy Framework. The advocacy will target national actors, such as data regulators, telecom regulators, and policymakers, as well as regional entities, such as the African Union, the African Commission on Human and People’s Rights, and regional regulators’ and telecom operators’ associations such as Compassionate Rural Association for Social Action (CRASA) and East African Communication Organisations (EACO).

By building on pivotal and live continental initiatives such as the AU Data Policy Framework, the Digital Transformation Strategy for Africa, and the African Continental Free Trade Area (ACFTA), and working at regional and four-country levels through a multi-sector network of actors, CIPESA hopes to generate evidence that demystifies the unfounded fears used by states to engage in restrictive cross-border data regulatory policies and practices while demonstrating the benefits of free data flows and proposing harmonisation measures.

The article was first published by CIPESA’s partner NIYEL on April 22, 2024.

02Apr

The Pursuit for Digital Security among Women Journalists in Uganda

Author CIPESA Posted on

By Juliet Nanfuka |

The media sector in Uganda has grown exponentially since its liberalisation in the 1990s, which saw a shift away from state-owned media to the pluralism of print media, radio and television stations and the eventual entry of digital media at the turn of the century. Yet despite this, women journalists appear to have remained on the periphery of the media industry and, in more recent times, are bearing the brunt of a society that continues to make attempts at muting them, particularly through online spaces.  

The Human Rights Network for Journalists (HRNJ) in Uganda has documented a concerning rise in violations and abuses against female journalists between 2017 and 2022. Although there was a slight decrease in incidents in 2020 and 2021, there was a resurgence thereafter, with reported cases increasing to 17% in 2022 compared to 12% in 2017. These abuses have included  instances of sexual and gender-based harassment of female journalists while at work and in the field, as well as  attacks in online spaces.

Indeed, research shows that the attacks experienced by women journalists in online spaces include sexist comments, age, and body shaming, as well as character assassination. Further, stories related to politics triggered more attacks than other beats as perpetrators accuse journalists of being politically biased. More recent developments have seen these attacks further exacerbated by the increasing use of artificial intelligence and the ease of access to bots.

Yet, women journalists who experience abuse online rarely seek justice and often struggle to have their complaints taken seriously and properly investigated. Thus, according to a study by UNESCO and the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), the full extent of online violence against female journalists remains unknown However, there are numerous illustrative cases that indicate that Technology Facilitated Gender Based Violence (TFGBV) against women journalists is a growing problem not only in Uganda, but across the continent.

At a workshop hosted in March 2024, by UNESCO and CIPESA to further insights and awareness on the  State of Media Freedom and Safety of Journalists in Africa participants narrated their online experiences on trolling, attacks, threats and concerns about surveillance and limited practical skills or legal recourse in how to navigate incidents. Some participants noted that they had withdrawn from social media spaces, and limited their interactions only to closed platforms such as Whatsapp, while others indicated high levels of self-censorship in the nature of the content they posted.

Additionally, there was a common concern regarding the uncertainties surrounding various aspects of the Internet. This included discussions about the protective measures implemented by platforms, such as the prompt takedown of malicious or harmful content once reported.

Present at the workshop were 40 participants representing a mix of radio and television stations, print media and online content creators based in Kampala. Speakers at the workshop included Jan Ajwang, Projects Manager at Media Focus on Africa, Isabella Akitung, a Human Rights Policy Consultant, Jimmy Haguma, the Head of Electronic Counter Measures at Uganda Police, and Rehema Baguma, an Associate Professor of Information Systems, Makerere University and Sylvia Musalagani, Head of Safety Policy  Africa, Middle East and Turkey at Meta.

Each speaker made distinct contributions to the workshop, including a call for the plight of rural-based journalists in Uganda to be recognised when it comes to TFGBV, the recognition of the impact that online attacks have not only on victims but on the broader community of existing and aspiring women journalists, and the continuing efforts of the Uganda Police in addressing technology-related affronts to women and girls in the country.

Similarly, it was noted that Meta is working on its proactive detection and removal of harmful content in a bid to improve the experiences of more women across its different platforms. However, the growing pervasive use and presence of AI amongst more users remains a concern that more users should be aware of and pursue more proactive measures to better detect its presence in misinformation and disinformation narratives.

Meanwhile, running concurrently with the discussion was a Digital Security Cafe which entailed tailored practical responses to the digital security concerns that the participants had about their phones and laptops.

This practical support served as an extension of CIPESA’s digital resilience work in Africa, which includes the provision of the Digital Security Hub at the annual Forum on Internet Freedom in Africa (FIFAfrica),  the Road to FIFAfrica annual digital security campaign and an ongoing digital security assessment for human rights defenders in Uganda.

The workshop was hosted in partnership with the Media Challenge Initiative and the Uganda Radio Network. Similar workshops and Digital Security Cafe’s are planned for women journalists, media practitioners, and content producers in Ethiopia and Tanzania as part of efforts aimed at bridging this work between Women’s Day and World Press Freedom Day.

30Mar

Governments Urged to Adopt Specific Policies Addressing Tech-Facilitated Violence Against Women in Politics

Author CIPESA Posted on

By Asimwe John Ishabairu |

As part of events to commemorate this year’s International Women’s Day, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) hosted a webinar under the theme ‘InspireInclusion: African Women in Politics are Pushing Back Against Tech Facilitated Online Violence’. The webinar highlighted the importance of increased political inclusion of women, which  is undermined by rising affronts to women’s presence and participation in political narratives both online and offline.

“As women, we indeed face a lot of online abuse, and it’s really unfortunate that whatever is happening now may hinder those who would want to be politicians, especially women. Because of online abuse, most women who want to join politics will be afraid of putting their life in the public eye,” said Susan Dossi, Member of Parliament (MP) representing Chikwawa West Constituency in Malawi. She added that Malawi is working on strategies to ensure that the country has more women in parliament.

Tanzania’s MP representing Non-Governmental Organizations (NGOs), Neema Lugangira, acknowledged that she had on several occasions been a victim of online abuse.

“When we are talking about online abuse, it’s not just on the social media platforms where you don’t know the people who are doing these abuses. It is from Facebook, Twitter, Instagram, all the way to WhatsApp groups where you actually know the people’s [contact numbers]. It is not an easy situation to be in,” said Lugangira.

She added that abusers often  hide under the guise of exercising their freedom of expression to critique female politicians, but in reality  “they are using their freedom of expression to limit us from using our own freedom of expression.,”

Lugangira said that as a result of the abuse they are subjected to, many women parliamentarians choose not to be online and instead opt to self-censor.

She added that online abuse of women in politics is diminishing democracy and hampering African countries’ efforts  to increase the number of women and girls who want to join politics.

The webinar also cast a spotlight on how women in active politics in African countries are working to protect the rights of women online, including through legal frameworks and engaging technology platforms to address Technology-Facilitated Gender-Based Violence (TFGBV) associated with political spaces and discourse.

As a possible solution to this, Modestus Amutse, the Deputy Minister of Information and Communication Technology in Namibia, said more African countries need to develop policies with specific provisions to protect women against gender-based violence, especially online, so as to give women confidence to use the internet without fear.

He added that while countries have laws that regulate the use of the internet in terms of data protection or cyber security, in many cases such legislation is not gender-specific.

“They are just there to protect, perhaps the security of everyone on an equal basis,” said Amutse. “I would have loved to see policies that have provisions targeting the protection of women so that they are free when they use the internet.”

Meanwhile, Adedolapo Adegoro, a Technology Policy Analyst with Tech Hive Advisory, noted that Nigeria has one of the lowest levels of women’s representations in parliament or holding political positions, in Africa.i She said the country had failed  to implement laws that seek to protect women from online bullying.

“The Nigerian Cyber Crimes Act has the highest provisions that sort of protect women from online bullying. These provisions have been there for quite a while, however, the first time it really received definition of interpretation from the courts was about four or five years ago,” Adedolapo noted.

She cited a need to adopt a multi-stakeholder approach where all actors are involved in putting together policies and procedures geared towards protection of women online.

Sylvia Musalagani, Head of Safety Policy for Africa, Middle East and Turkey at Meta, said that their organization believes that women have a right to participate in the online environment and a right to find economic opportunities.

“We do recognise the place that our platforms play in women’s participation online and we are committed to continue having direct conversations with parliamentary initiatives and share ideas on how to improve,” she said.

The panelists appealed to social media platform operators to improve their content moderation practices regarding TFGBV. They observed a need for Meta to engage legislators through the African Parliamentary Network on Internet Governance (APNIG) so as to strengthen the safety of online space and enable more women  to join  politics.

“For more women to retain political seats, we need to be visible… If we are not online, it limits our visibility,” said Lugangira, who also heads APNIG.

According to Sustainable Development Goal (SDG) 5 on Gender Equality, digital technologies have the potential to increase women’s inclusion, participation, and engagement in politics, providing them with a platform to have their voices heard.

Over the years, women in politics have increasingly relied on various digital tools, especially social media platforms, to connect with their constituencies. However, they have also become the targets of online threats and abuse. It was observed that TFGBV not only impedes women’s equitable and meaningful participation in public offices but also their long-term willingness to engage in public life.

13Mar

Webinar: How African Women in Politics Are Pushing Back Against Tech-Facilitated Gender-Based Violence

Author CIPESA Posted on

Event |

Gender diversity in political leadership is critical for promoting equity, inclusion, and economic benefits. However, gender disparities in political participation still exist globally, particularly in Africa. Digital technologies can assist in solving this disparity given their ability to give voice and civic agency to different political actors, especially women, and space for political engagement. As enshrined in Sustainable Development Goal 5 on Gender Equality, digital technologies have the potential to increase women’s inclusion, participation, and engagement in politics, providing them with a platform to have their voices heard. Indeed, women in politics are increasingly leveraging the power of various digital tools, and in particular social media platforms, to connect with their constituencies. 

Despite this reliance on online social platforms, women in politics have also become the targets of online threats and abuse. These attacks are heightened during election periods and when women voice dissenting opinions. This technology-facilitated gender-based violence (TFGBV) not only impedes women’s equitable and meaningful participation in public offices but also their long-term willingness to engage in public life. Further, it negatively influences the broader spectrum of women consuming or engaging with their content and consequently undermines the realization of the Sustainable Development Goals. 

Addressing these challenges is essential to ensure that digital technologies become true enablers for the enhancement of women’s participation in democracy and good governance, including in politics, rather than exacerbating existing disparities in Africa. 

This month, we join the global community in celebrating women under the themes of #InspireInclusion, which encourages the realisation of a gender-equal world free of bias, stereotypes and discrimination. However, amidst the global celebration, it is crucial to spotlight the  persistent TFGBV faced by African women in politics and the need to increase investment into addressing these concerns as highlighted by the United Nations campaign themed #InvestInWomen.

In an upcoming webinar, the Collaboration in International ICT Policy for East and Southern Africa (CIPESA) will focus on the importance of increased political inclusion of women in politics. The role of active online engagement will be highlighted as a key driver in enabling the needs of women in politics in various African countries and as a tool to meaningfully participate in the information society.  More importantly, the webinar will cast a spotlight on how women in active politics in various African countries are pushing back against the violence and negative narratives online and the role that legal frameworks and platforms have to play in addressing TFGBV associated with political spaces and discourse.  

Webinar details

Date:  March 15, 2024

Time: 14:00-15:00 (Nairobi Time).

Register to participate in the webinar here

11Mar

Towards Ethical AI Regulation in Africa

Author CIPESA Posted on

By Tusi Fokane |

The ubiquity of generative artificial intelligence (AI)-based applications across various sectors has led to debates on the most effective regulatory approach to encourage innovation whilst minimising risks. The benefits and potential of AI are evident in various industries ranging from financial and customer services to education, agriculture and healthcare. AI holds particular promise for developing countries to transform their societies and economies. 

However, there are concerns that, without adequate regulatory safeguards, AI technologies could further exacerbate existing governance concerns around ethical deployment, privacy, algorithmic bias, workforce disruptions, transparency, and disinformation. Stakeholders have called for increased engagement and collaboration between policymakers, academia, and industry to develop legal and regulatory frameworks and standards for ethical AI adoption. 

The Global North has taken a leading position in exploring various regulatory modalities. These range from risk-based or proportionate regulation as proposed by the European Commission’s AI Act. Countries such as Finland and Estonia have opted for a greater focus on maintaining trust and collaboration at national level by adopting a human-centric approach to AI. The United Kingdom (UK) has taken a “context-specific” approach, embedding AI regulation within existing regulatory institutions. Canada has prioritised bias and discrimination, whereas other jurisdictions such as France, Germany and Italy have opted for greater emphasis on transparency and accountability in developing AI regulation. 

On the other hand, China has taken a more firm approach to AI regulation, distributing policy responsibility amongst existing standards bodies. The United States of America (USA) has adopted an incremental approach, introducing additional guidance to existing legislation and emphasising rights and safety. 

Whilst there are divergent approaches to AI regulation, there is at least some agreement, at a muti-lateral level, on the need for a human-rights based approach to ensure ethical AI deployment which respects basic freedoms, fosters transparency and accountability, and promotes diversity and inclusivity through actionable policies and specific strategies. 

Developments in AI regulation in Africa

Regulatory responses in Africa have been disparate, although the publication of the African Union Development Agency (AUDA-NEPAD) White Paper: Regulation and Responsible Adoption of AI for Africa Towards Achievement of AU Agenda 2063 is anticipated to introduce greater policy coherence. The White Paper follows the 2021 AI blueprint and the African Commission on Human and Peoples’ Rights Resolution 473, which calls for a human-rights-centred approach to AI governance. 

The White Paper calls for a harmonised approach to AI adoption and underscores the importance of developing an enabling governance framework to “provide guidelines for implementation and also keep AI development in check for negative impacts.” Furthermore, the White Paper calls on member states to adopt national AI strategies that emphasise data safety, security and protection in an effort to promote the ethical use of AI. 

The White Paper proposes a mixed regulatory and governance framework, depending on the AI use-case. First, the proposals encompass self-regulation, which would be enforced through sectoral codes of conduct, and which offer a degree of flexibility to match an evolving AI landscape. Second, the White Paper suggests the adoption of standards and certification to establish industry benchmarks. The third proposal is for a distinction between hard and soft regulation, depending on the identified potential for harm. Finally, the White Paper calls for AI regulatory sandboxes to allow for testing under regulatory supervision. 

Figure 1: Ethical AI framework

However, there are still concerns that African countries are lagging behind in fostering AI innovation and putting in place the necessary regulatory framework. According to the 2023 Government AI Readiness Index, Benin, Mauritius, Rwanda, Senegal, and South Africa are ahead in government efforts around AI out of the 24 African countries assessed. The index measures a country’s progress against four pillars: government/strategy, data & infrastructure, technology sector, and global governance/international collaboration.  

The national AI strategies of Mauritius, Rwanda, Egypt, Kenya, Senegal and Benin have a strong focus on infrastructure and economic development whilst also laying the foundation for AI regulation within their jurisdictions. For its part, Nigeria has adopted a more collaborative approach in co-creating its National Artificial Intelligence Strategy, with calls for input from AI researchers. 

Thinking beyond technical AI regulation 

Despite increasingly positive signs of AI adoption in Africa, there are concerns that the pace of AI regulation on the continent is too slow, and that it may not be fit for purpose for local and national conditions. Some analysts have warned against wholesale adoption of policies and strategies imported from the Global North, and which may fail to consider country-specific contexts.

Some Global South academics and civil society organisations have raised questions regarding the importation of regulatory standards from the Global North, some even referring to the practice as ‘data colonialism’. The apprehension of copy-pasting Global North standards is premised on the continent’s over-reliance on Big Tech digital ecosystems and infrastructure. Researchers indicate that “These context-sensitive issues raised on various continents can best be understood as a combination of social and technical systems. As AI systems make decisions about the present and future through classifying information and developing models from historical data, one of the main critiques of AI has been that these technologies reproduce or heighten existing inequalities involving gender, race, coloniality, class and citizenship.” 

Other stakeholders caution against ‘AI neocolonialism’, which replicates Western conventions, often resulting in poor labour outcomes and stifling the potential for the development of local AI approaches.  

Proposals for African solutions for AI deployment 

There is undoubtedly a need for ethical and effective AI regulation in Africa. This calls for the development of strategies and a context-specific regulatory and legal foundation, and this has been occurring in various stages. African policy-makers should ensure a multi-stakeholder and collaborative approach to designing AI governance solutions in order to ensure ethical AI, which respects human rights, is transparent and inclusive. This becomes even more significant given the potential risks to AI during election season on the continent. 
Beyond framing local regulatory solutions, stakeholders have called for African governments to play a greater role in global AI discussions to guard against regulatory blindspots that may emerge from importing purely Western approaches. Perhaps the strongest call is for African leaders to leverage expertise on the continent, and promote greater collaboration amongst African policymakers. 

1 2 3 4 5 13