Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Data privacy

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Data privacy
04Aug

Lesotho Charts a Progressive Path on Data Governance

Author CIPESA Posted on

Patricia Ainembabazi |

From July 28-31, Lesotho’s highland capital of Maseru buzzed with the energy of a data governance sprint. Government officials, academics, civil society, and the private sector assembled for an intensive workshop convened by the African Union Development Agency-NEPAD and AU-GIZ with support from the Lesotho Ministry of Information, Communications, Science, Technology and Innovation (MICSTI), the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the Kenya ICT Action Network (KICTANet). 

The gathering drew over 60 participants with a shared proposition: get everyone on the same page about what good data governance should look like in Lesotho and how to achieve it. The workshop charted a pathway for Lesotho to domesticate the African Union Data Policy Framework (AUDPF), which was adopted by the African Union in 2022. The framework provides guidance to Member States on building harmonised, rights-respecting data governance policies that support digital transformation, innovation, and secure cross-border data flows. 

Lesotho’s efforts to domesticate this framework come at a crucial time, as the country seeks to modernise its digital policy environment and position itself within the continent’s increasingly data-driven economy. These efforts, including the workshop, demonstrate Lesotho’s political will to align with continental digitalisation and data governance blueprints such as the AUDPF and to build an inclusive digital future.

Lesotho’s Minister for Information, Communications, Science, Technology and Innovation,  Nthati Moorosi, stated that the various workshop sessions aimed to “instill more understanding on data governance for clear domestication of the [AUDPF] policy framework.” Sessions saw participants introduced to key concepts such as data as a public good, the importance of ethics and accountability, and the need for harmonised cross-border data policies. Case studies from across Africa helped illustrate how sound data governance could unlock value in sectors such as agriculture, health, and education.  

CIPESA led practical sessions during which participants examined Lesotho’s Data Protection Act and the draft Data Management Policy (2025) in relation to key African instruments, including the AUDPF, the Malabo Convention, the African Continental Free Trade Area (AfCFTA), and the Digital Transformation Strategy for Africa. Participants noted areas of alignment between the national and continental frameworks but also identified gaps in the national data governance framework

As such, effort went into mapping out where Lesotho is already aligned with the AUDPF and which specific areas need to be prioritised in revising the country’s legal and policy framework. Recommendations from this mapping exercise included establishing an independent Data Protection Commission, clarifying categories of personal and sensitive data, improving inter-agency coordination, and investing in digital literacy and data privacy skills across the public and private sectors. 

The workshop was complemented by a strategic stakeholder survey to assess perceptions on Lesotho’s data governance framework. The survey revealed a minimal understanding of the country’s data governance frameworks. Over half of the respondents stated that existing policies were outdated and unable to address current challenges such as cross-border data flows, cloud computing, and evolving digital privacy threats. Respondents identified digital trade, innovation, health research, and public trust as key benefits of robust data governance. Responses further emphasised the importance of inclusive policymaking, public awareness on data governance campaigns in both English and Sesotho, alongside targeted support for rural and marginalised communities. 

By the conclusion of the meeting, participants had agreed on a national data governance strengthening roadmap. With contributions coming from the broad spectrum of participants, who included Princess Senate Mohato Seeiso, through to Principal Secretary Kanono Leronti Ramashamole of the MICSTI, who noted that “data is no longer a by-product of administration but a strategic national asset”, the meeting reinforced the value multistakeholderism holds in digital governance. 

Undeniably, no single institution can carry the policymaking load by itself. The real story from Maseru is the multistakeholder collaboration, with the MICSTI anchoring at home, the AUDA-NEPAD and AU-GIZ bringing continental scaffolding, civic and technical communities translating frameworks into practice, and a steady emphasis that data governance has to work for everyone. Ultimately, this process could enable Lesotho to not just catch up with the AUDPF, but to help show what a people-centred, innovation-friendly data ecosystem looks like in the region. 

As regional leaders in digital rights and digital governance, CIPESA is committed to providing continued support to Lesotho as it works to reform its policies and institutionalise stronger data governance mechanisms. Our involvement helps to ensure that national efforts are grounded in best practices and aligned with continental and global standards, such as those set by the African Union.

23Jul

CIPESA Welcomes Namibia Ministry of ICT and the Namibia IGF as Co-Hosts of FIFAFrica25

Author CIPESA Posted on

By FIFAfrica |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is pleased to announce that the 2025 edition of the Forum on Internet Freedom in Africa (FIFAfrica25) will be co-hosted in partnership with the Namibian Ministry of Information and Communication Technology (MICT) and the Namibia Internet Governance Forum (NamIGF).

Set to take place in Windhoek, Namibia, from September 25–27, 2025, this year’s Forum will serve as yet another notch in FIFAfrica’s 12-year history of assembling digital rights defenders, policymakers, technologists, academics, regulators, journalists, and the donor community, who all have the shared vision of advancing internet freedom in Africa.

With its strong commitments to democratic governance, press freedom, and inclusive digital development, Namibia offers fertile ground for rich dialogues on the future of internet freedom in Africa. The country holds a powerful legacy in the global media and information landscape, being the birthplace of the 1991 Windhoek Declaration on promoting independent and pluralistic media. In a digital age where new challenges are emerging – from information integrity and Artificial Intelligence (AI) governance to connectivity gaps and platform accountability – hosting FIFAfrica in Namibia marks a key moment for the movement toward trusted information as a public good, including in the digital age.

“Through the Ministry of Information and Communication Technology, Namibia is proud to co-host FIFAfrica25 as a demonstration of our commitment to advancing technology for inclusive social and economic development. This Forum comes at a critical moment for Africa’s digital future, and we welcome the opportunity to engage with diverse voices from across the continent and beyond in shaping a rights-respecting, secure, and innovative digital landscape,” Minister of Information and Communication Technology (ICT), Emma Inamutila Theofelus

This sentiment is shared by the NamIGF Chairperson, Albertine Shipena. “We are honoured to co-host the FIFAfrica25 here in Namibia. This partnership with MICT and CIPESA marks a significant step in advancing digital rights, open governance, and meaningful multistakeholder engagement across the continent. As the NamIGF, we are proud to contribute to shaping a more inclusive and secure internet ecosystem, while spotlighting Namibia’s growing role in regional and global digital conversations.”

The NamIGF was established in September 2017, through a Cabinet decision, as a multistakeholder platform that facilitates public policy discussion on issues pertaining to the internet in Namibia.

Dr. Wairagala Wakabi, the CIPESA Executive Director, noted that FIFAfrica25 presents a timely opportunity to advance progressive digital policy agendas that uphold fundamental rights and promote digital democracy in Africa. “As global debates on internet governance, data sovereignty, and platform accountability intensify, it is essential that Africans inform and shape the frameworks that govern our digital spaces. We are honoured to partner with the Namibian government and NamIGF to convene this critical conversation on the continent,” he said.

Since its inception in 2014, FIFAfrica has grown to become the continent’s leading assembly of actors instrumental in shaping conversations and actions at the intersection of technology with democracy, society and the economy. It has become the stage for concerted efforts to advance digital rights and digital inclusion. These issues, and new emerging themes such as mental health, climate and the environment, and the content economy, will take centre stage at FIFAfrica25, which will feature a mix of plenaries, workshops, exhibitions, and a series of pre-events.

Meanwhile, FIFAfrica will also recognise the International Day for Universal Access to Information (IDUAI), celebrated annually on September 28. The commemoration serves to underscore the fundamental role of access to information in empowering individuals, supporting informed decision-making, fostering innovation, and advancing inclusive and sustainable development – tenets which resonate with the Forum. This year’s celebration is themed, “Ensuring Access to Environmental Information in the Digital Age”.

At the heart of the Forum is a Community of Allies that have, over the years, stood alongside CIPESA in its pursuit of effective and inclusive digital governance in Africa.

Feedback on Session Proposals and Travel Support Applications

All successful session proposals and travel support applicants have been contacted directly. See the list of successful sessions here. Thank you for your patience and for contributing to what promises to be an exciting FIFAfrica25.  

Prepare for FIFAfrica25: Travel and Logistics

Everything you need to plan your attendance at the Forum can be found here – visit this page for key logistical details and tips to help you make the most of your experience!

Advancing Respect for Human Rights by Businesses in Uganda
16Jul

Advancing Respect for Human Rights by Businesses in Uganda

Author CIPESA Posted on

CIPESA |

In partnership with Enabel, the European Union, and the Uganda Ministry of Gender, Labour, and Social Development, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is implementing “The Advancing Respect for Human Rights by Businesses in Uganda (ARBHR) project”. Launched in November 2024, the project seeks to among others reduce human rights abuses connected to business activities in Uganda, particularly those impacting women and children.

With a focus on Uganda, the project is being implemented in the regions of Busoga (Iganga, Mayuge, Bugiri, and Bugweri), Albertine (Hoima, Kikuube, Masindi, Buliisa, and Kiryandongo) and Kampala Metropolitan (Kampala, Mukono, and Wakiso). While working in these regions, CIPESA is enhancing awareness on business and human rights concerns through evidence based advocacy, sensitisation campaigns, reporting and redress mechanisms, as well as through  public and private sector policy dialogues.

More details about the project can be found here.

Connecting Business to Digital Rights

Many Ugandan businesses, particularly small and medium enterprises (SMEs), lack a comprehensive understanding of digital rights principles and their obligations in upholding them. A significant portion of Uganda’s population lacks access to the internet and modern digital technologies, limiting the reach and impact of digital rights initiatives. 

According to the telecommunications regulator, as of June 2023, Uganda had a total of 34.9 million telephone subscriptions which translates to a 77% penetration rate. At 27.7 million internet subscriptions, internet penetration is at 61%. According to a 2018 nation-wide survey by the National Information Technology Authority of Uganda (NITA-U), 76.6% of respondents named high cost as the main limitation to their use of the internet. The same reason was reported in the 2022 survey, which also cited the rural-urban divide (84.9% vs 92.1% vs) and a gender gap (84.6% female and 89.6% male) in mobile phone ownership. 

Businesses often prioritise short-term economic gains over long-term investments in responsible digital practices such as data privacy and user security. The existence of insufficient digital infrastructure, especially in rural areas, hampers the effective implementation and enforcement of digital rights protections. Businesses face increasing cybersecurity threats that compromise data privacy and other digital rights, necessitating robust security measures.

Related reading: See this commentary on the Future of work in Uganda: Challenges and Prospects in the Context of the Digital Economy

#BeeraSharp Campaign

The #BeeraSharp (“be smart” in Luganda) campaign is our response in addressing the gaps that Ugandan businesses face when navigating digital rights, online spaces and digital data. It aims to fill key knowledge gaps on the understanding of business legal obligations through adopting secure and ethical digital practices to build a smarter, safer, and more resilient business ecosystem in Uganda.

04Jun

Joint Statement by the ICT Sector on the Unlawful Arrest and Prosecution of Rose Njeri

Author CIPESA Posted on

Joint Statement |

We, the undersigned stakeholders in Kenya’s Information and Communications Technology (ICT) sector, stand together in firm condemnation of the unlawful arrest, detention, and prosecution of software developer and civic activist Rose Njeri (@rtunguru)

Rose Njeri, a software developer and mother of two, was detained on Friday, May 30, 2025, following a police raid on her home in Nairobi, where authorities seized her electronic devices, including her phone, laptop, and hard drives. As of this morning, she remained detained, her whereabouts were unknown, and she had not been presented to any court, despite multiple attempts by her legal counsel to establish the charges against her or secure her release. Reports indicate that Ms. Njeri suffers from anaemia and was denied proper access to healthcare during her detention. In addition, her arrest and detention over a long public holiday weekend appear to have been deliberately calculated to extend her detention without judicial oversight.

It is alleged that Ms. Njeri’s arrest stems from her development of an online civic platform (civic-email.vercel.app) which seeks to provide a coordinated solution for Kenyan citizens to formally present views to the National Assembly in response to the ongoing public participation discussions on the Finance Bill, 2025. In particular, the platform enables them to simply register their objections to clause 52 of the Bill which proposes the deletion of Section 59A (1B) of the Tax Procedures Act, which currently prohibits the Commissioner of the Kenya Revenue Authority from requiring a person to integrate or share data relating to “(a) trade secrets; and (b) private or personal data held on behalf of customers or collected in the course of business.”

On Tuesday afternoon, Ms. Njeri was presented before the court, more than 88 hours after her arrest, despite the legal requirement under Article 49 of the Constitution that she be brought to court within 24 hours.  Worse, she has been charged under Section 16 of the Computer Misuse and Cybercrimes Act, 2018 with “unauthorised interference with a computer system,” an offence which carries a maximum penalty of a fine of up to ten million shillings, imprisonment of up to five years, or both. These could double if aggravating circumstances are cited. Ms. Njeri has since been released on personal bond of KES 100,000 and will be expected back in court on 20 June 2025 for a ruling on the validity of the charges.

We view this charge as baseless, trumped-up, and irrelevant to the alleged offence, as it misrepresents a legitimate act of civic engagement as a cybercrime. In our considered view, embracing digital technologies and the creation of a platform to facilitate public participation on the Finance Bill 2025 is a protected exercise of the rights to freedom of expression, access to information, and public participation under Articles 10, 33, 35, and 118 of the Constitution of Kenya, 2010. Section 16 is intended to address serious cybercrimes such as hacking, sabotage, or malicious disruption of computer systems by individuals who act without authorisation or consent from the system owner. Therefore, to charge Ms. Njeri under Section 16 is a gross misapplication of the law, an abuse of court process, and a disproportionate act which fails to demonstrate any credible offence, interference, or threat to public safety or national security as claimed.

Ms. Njeri’s prosecution comes in the wake of a recent public apology by the President to the public. It is also not an isolated incident but one that is emblematic of a dangerous pattern in Kenya, where authorities have repeatedly weaponised various ICT laws to intimidate and silence government critics, activists, bloggers, journalists, technologists and citizens. They are measures designed to stifle digital rights, activism, and the civic space, rather than to curb real-world cybercrimes. As of December 2024, the Communications Authority of Kenya (CA) detected at least 840,921,998 cyber threats, an increase of 27.2% reported in the previous quarter, yet these are barely investigated or the responsible cyber criminals prosecuted.

Kenya has long been recognised as a beacon of digital growth and innovation in Africa, a reputation built on its vibrant technology landscape and a constitutional framework that safeguards fundamental human rights. A thriving, innovative, and competitive ICT sector is inextricably linked to a free, open, and secure digital space. A climate of fear, pervasive surveillance, and arbitrary arrests and detentions severely undermines Kenya’s hard-earned reputation as a regional technology hub. The sector cannot flourish where fundamental rights are routinely undermined or where the rule of law is selectively applied. The predictability and stability afforded by robust digital rights protections are crucial for attracting local and foreign investment, fostering innovation, and ensuring Kenya’s continued leadership in the digital economy.

As ICT sector stakeholders, we reaffirm our commitment to an open, inclusive, and secure digital ecosystem in Kenya. We stand in solidarity with Rose Njeri and all individuals unjustly targeted for exercising their digital rights. The misuse of the CMCA to criminalise a public interest technology platform for civic participation is a direct attack on democratic values and innovation. We pledge to advocate for policies that protect human rights while promoting digital civic engagement.

We also urge the Kenyan public, international community, and fellow ICT stakeholders to join us in condemning these violations and to demand greater accountability.

Also, we call on the Kenyan government, law enforcement, and relevant authorities to:

Immediately drop the charges against Rose Njeri unconditionally, and return all her confiscated electronic devices without delay. Ensure that ICT laws are not misused or weaponised to suppress legitimate exercise of rights and cease practices such as arbitrary arrests, detentions without charge, and the confiscation of devices. Officers engaging in such unlawful practices should be held accountable for their actions. Reform the Computer Misuse and Cybercrimes Act and the Kenya Information and Communications Act (KICA), and abandon proposed Bills that violate digital rights or stifle legitimate online activities. Engage with stakeholders in the ICT sector, including academia, media, civil society, and the tech community, to develop laws that promote cybersecurity while safeguarding fundamental human rights. Demonstrate a clear and unwavering commitment to fostering an open, secure, and rights-respecting digital ecosystem, including refraining from arbitrary internet shutdowns, content blocking, and unlawful surveillance.

Lastly, we reaffirm our commitment to defending digital rights and civic space in Kenya. The use of public digital tools to facilitate citizen engagement with Parliament is not a crime; it is a cornerstone of our democracy.

Signatories

Access Now

Africa Centre for People Institutions and Society (ACEPIS)

ARTICLE 19 Eastern Africa

Baraza Media Lab

Bloggers Association of Kenya (BAKE)

CIPESA

CyberYetu

Data Privacy and Governance Society of Kenya (DPGSK)

Founders Connect Kenya

IAWRT Kenya

Icon Data and Learning Labs

Interactive Entertainment Association

Internet Society, Kenya Chapter

Internews – KenSafeSpace

Kenya Coalition on Youth Peace and Security

KICTANet

Kijiji Yeetu

Media Lawyers Association of Kenya (MLAK)

Mzalendo Trust

Paradigm Initiative

Pollicy Data Institute

Tatua Digital Resilience Centre

Women in STEM Leaders Network

Women in Tech Policy and Governance

zKe Voices

03Jun

Will the ECOWAS Judgment on Senegal Redefine Digital Rights in Francophone Africa?

Author CIPESA Posted on

By Simone Toussi |

On May 14, 2025, the Economic Community of West African States (ECOWAS) Court of Justice issued a landmark  judgment in the case ‘Association of Information and Communication Technology Users (ASUTIC) and Ndiaga Gueye against Republic of Senegal’, declaring that Senegal’s internet and social media shutdowns in June and July 2023 were clear violations of  fundamental human rights, including freedom of expression, right to access information, right to assembly and the right to work.

The court’s unequivocal stance reaffirms that digital access is integral to the exercise of basic freedoms. Building on the landmark 2020 ECOWAS ruling – which condemned internet shutdowns during anti-government protests and ordered Togo to pay a fine – this new decision could have far-reaching implications for Francophone Africa, where digital repression has been steadily increasing.

Internet shutdowns, often invoked as a security measure during times of public protest and unrest, do not occur in isolation. In the case of Senegal, the network disruptions of 2023 were repeated in early February 2024, when mobile data was blocked nationwide following the postponement of the presidential election.  This marked the country’s third disruption in less than 12 months, underscoring a pattern of digital repression.

Since 2017, when Cameroon imposed one of the longest internet shutdowns on record during political unrest, Francophone African countries have often  resorted to digital blackouts to manage electoral tensions and suppress dissent. This pattern has shown no signs of abating. In 2023 alone, Mauritania cut mobile internet for nearly a week during protests in May and June; Guinea blocked access to Facebook, WhatsApp, Instagram, and TikTok in May ahead of nationwide demonstrations; and Gabon enforced an 87-hour internet shutdown during its August presidential elections, crippling communication at the height of an electoral crisis.

The trend persisted into 2024 which  on January 17 saw Comoros disrupting internet access following violent protests after President Azali Assoumani’s re-election. Mauritania once again restricted mobile internet for 22 days starting July 2 after the June 29 presidential elections and subsequent protests disputing the results. Mozambique followed suit with mobile internet disruptions on October 25, with intermittent blackouts and renewed social media restrictions thereafter.

These successive shutdowns, particularly in electoral contexts, reflect a deepening erosion of digital rights, a weakening of democratic institutions, and underscore the urgent need for stronger regional and legal safeguards to prevent state overreach and protect democratic expression online. With key elections approaching in countries such as Côte d’Ivoire (October 2025), Cameroon (October 2025), and Guinea (December 2025), the risk of politically motivated internet shutdowns remains acute. The weaponisation of connectivity restrictions could show up again as a normalised tool of authoritarian control, undermining transparency and civic participation across the region. The Court’s directive that Senegal should “refrain from imposing unlawful or arbitrary internet restrictions in the future” sets a binding legal standard for the ECOWAS countries, arming digital rights defenders with legal background and legitimacy to ask for government’s accountability in a context where regional enforcement mechanisms are often weak.

Internet shutdowns have been shown to cost countries millions in lost productivity, investor confidence, and digital service disruption. The ECOWAS Court’s acknowledgment of this economic dimension strengthens the case for proactive policy reforms at both national and regional levels. By explicitly linking internet access to freedom of expression and “the right to work”, the ECOWAS Court positions digital rights within the broader framework of socio-economic and civic rights, thus offering legitimacy to civil society and legal advocates’ appeals on future shutdowns not only on civil liberties grounds, but also for their economic impact.

As internet access becomes more central to democratic participation, economic livelihoods, and civil discourse, this decision marks a watershed moment that could significantly shift the digital governance landscape across the region.

However, the impact of this decision will depend on its effective implementation. Governments, civil society, digital rights defenders, legal actors and regional institutions shall ensure that the Court’s recommendations translate into enforceable policy changes, including national legislation that explicitly prohibits arbitrary internet restrictions. They shall be ready to leverage this ruling to ensure that Francophone countries in the region and beyond adopt or draw inspiration from it to better safeguard human rights.

1 3 4 5 6 7 21