Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Data privacy

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Data privacy
13Dec

Comprehensive Approach Needed to Tackle Online Disinformation in Africa and Europe, say Experts

Author CIPESA Posted on

News Update |

“There is no silver bullet to tackle online disinformation” was the conclusion of the Town Hall debate Jointly tackling disinformation while protecting human rights, organised by the African Union — European Union (AU-EU) Digital for Development (D4D) Hub at the Internet Governance Forum 2022.

The session, which took place on 2 December 2022 in a hybrid format, brought together over 60 organisations for an open exchange of ideas, experiences, and lessons on how to address disinformation through a multi-stakeholder and human-centric approach. In particular, the debate focused on how Africa-Europe partnerships can help tackle the issue, in light of the AU-EU D4D Hub’s mandate to foster digital cooperation between both continents.

The panellists explained how fact-checking has grown dramatically in recent years, becoming one of the most common measures to tackle disinformation. Nevertheless, more than effective fact-checking is needed, they warned. Africa-Europe cooperation should adopt a comprehensive approach integrating multiple complementary measures, such as building digital literacy for all (including the most vulnerable), holding those who profit from disinformation accountable, and the involvement of all stakeholders in devising solutions.

Bringing all actors to the table

Simone Toussi, Project Officer for Francophone Africa at the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) highlighted how “disinformation is a multi-faceted phenomenon that directly threatens democracy and human rights and affects all stakeholders in society”.

“Disinformation manifests in many ways, and can be perpetrated by a diversity of actors,” she added.

As such, she argued that countering fake narratives needs both online and offline efforts undertaken in a coordinated manner by governments, intergovernmental organisations, civil society, media, academia, and private sector. “Multi-stakeholder collaboration is crucial to bring together different views and understanding of the roles that each actor plays,” she said.

Toussi presented research findings proving that measures to tackle disinformation can be ineffective or inadequate when they only consider the point of view of a single stakeholder. For example, fact-checking is sometimes challenged by lack of access to information. Media and civil society participation can help ensure that governments treat information as a public good.

Engaging with the private sector… how?

The debate also touched on the essential role that technology companies play in keeping disinformation from spreading. Ongoing efforts by private sector include partnering with civil society and fact-checkers — including through multi-stakeholder collaborations as proposed by Toussi.

Nevertheless, for Odanga Madung, journalist and Mozilla Foundation fellow, such measures are not enough. He argued that one of the major contributing factors to disinformation is that fake or misleading information is algorithmically amplified by big companies.

“Big companies and social media platforms profit from the spread of disinformation. It is part of their business model, which is a very serious problem,” he said.

For Madung, tackling disinformation requires strong regulations to protect users and their rights, addressing big technology companies’ dominance, encouraging competition, fostering new ideas on different business models, and decentralising the Internet.

Planting the seeds of change

Charlotte Carnehl, Operations Director at Lie Detectors, proposed further investments in training teachers and fostering exchanges between journalists and school-age kids: “Countering the corrosive effect of disinformation and polarisation on democracy requires empowering school kids and their teachers to tell facts from fake online.”

She argued that enabling journalists to visit schools to explain how professional journalism works is a win-win situation. It can help journalists to learn about how the younger generation accesses and consumes information, while teachers and children can gain practical skills in identifying fake or misleading information online.

“Everybody needs the skills to assess and critically think about information,” Carnehl said. “Kids are actually a high-risk group for disinformation because they are targeted on channels that can’t be monitored, and they are largely navigating them by themselves without their teachers or even their parents present.”

When questioned on the short-term impact of such measures by a member of the audience, Carnehl acknowledged that it’s a long-term investment, “like planting the seeds of a tree”. However, she argued that there are also some immediate positive effects for children.

Finally, Carnehl called for special attention to be paid to marginalised groups, such as rural populations. Civil society organisations could help ensure that everyone can access reliable information, she said.

This article was first published by the Digital for Development Hub on Dec 13, 2022

23Nov

Training webinar on Internet Universality Indicators convened for African Countries

Author CIPESA Posted on

By Juliet Nanfuka |

On 26 October, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) convened a regional training webinar to raise awareness of the Internet Universality ROAM-X indicators and their potential to promote Internet development to advance media freedom and digital rights in Africa. ), The UNESCO Information for All Programme (IFAP) and International Programme for the Development of Communication (IPDC) jointly supported the training.

Present at the meeting were PROTEGE QV (Cameroon), Youth Net and Counselling, YONECO (Malawi), namTshuwe (Namibia), Digital Shelter (Somalia), and CIPESA (Uganda). Each partner presented the state of digital rights in their respective country as a foundation for discussing the ROAM-X indicators with Malawi and Somalia hosting physical convenings. 

In her opening remarks, Dorothy Gordon, Chair of UNESCO’s Internet For All Programme (IFAP) stated: “There is a need to take control of the digitally mediated future and understand the impact of policies on our digital environments: the ROAM-X indicators give stakeholders factual tools to discuss and advocate for the future we want to see in Africa.”  

Xianhong Hu, UNESCO’s Programme Specialist  representing IFAP Secretariat, unpacked the 303 the Internet Universality ROAM-X indicators and elaborated on the eight-step multi-stakeholder methodology of conducting national assessments. She highlighted that the unique value of applying ROAM-X indicators is to improve national digital ecosystems and foster cross-border and cross-jurisdictional digital collaboration. 

UNESCO encouraged more African countries to pursue a ROAM-X assessment as a tool to evaluate the ever-changing developments in technology, reverse the digital divide, and to harness digital transformation. Given the launch of the Namibian national assessment and the follow-up ROAM-X assessment in Kenya, as well as the monitoring of new developments following the Covid-19 pandemic and the 2022 national elections, incorporating ROAM-X assessment is critical.

UNESCO and CIPESA jointly reaffirmed the need for increased mobilisation using the multistakeholder approach to ensure an open and inclusive implementation process, and to scale up Internet development in African countries over the next two years. 

Participants urged UNESCO to continue its support in organising more capacity-building activities to meet the growing demand to assess ROAM-X indicators in African countries.  

All participants were invited to continue their engagement with UNESCO and attend its events at the December 2022 Internet Governance Forum (IGF), in  Addis Ababa, Ethiopia which include sessions on the ROAM-X indicators, a Day-0 pre-event and a Dynamic Coalition session.

16Nov

International Day of Persons With Disabilities (IDPWD) 2022

The theme this year is “Transformative solutions for inclusive development: the role of innovation in fuelling an accessible and equitable world“.

The annual observance of the International Day of Persons with Disabilities (IDPD) on 3 December was proclaimed in 1992 by the United Nations General Assembly resolution 47/3. The observance of the Day aims to promote an understanding of disability issues and mobilize support for the dignity, rights and well-being of persons with disabilities.

The 2022 global observance to commemorate the International Day of Persons with Disabilities will be around the overarching theme of innovation and transformative solutions for inclusive development, covering in three different interactive dialogues the following thematic topics:

Click here for more information on the event.

29Sep

State of Internet Freedom in Africa 2022: The Rise of Biometric Surveillance

Author Evelyn Lirri Posted on

FIFAfrica22 |

Digital biometric data collection programmes are becoming increasingly popular across the African continent. Governments are investing in diverse digital programmes to enable the capture of biometric information of their citizens for various purposes.

A new report by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) documents the emerging and current trends in biometric data collection and processing in Africa. It focuses on the deployment of national biometric technology-based programmes in 16 African countries, namely Angola, Cameroon, Central African Republic, Democratic Republic of Congo, Kenya, Lesotho, Liberia, Mozambique, Nigeria, Senegal, Sierra Leone, Tanzania, Togo, Tunisia, Uganda, and Zambia.

The report published today is the ninth consecutive one issued by CIPESA since 2014 under the State of Internet Freedom in Africa series. It was released at the Forum on Internet Freedom in Africa (FIFAfrica), which is taking place in Lusaka, Zambia.

The biometric data collection programmes reviewed by the report include those related to civil registrations, such as the issuance of National Identity cards, biometric voter registration and identification programmes, government-led CCTV programmes with facial recognition capabilities, national ePassport initiatives, refugees’ registration, and mandatory biometric SIM card registration.

The report highlights the key trends, potential risks, challenges and gaps relating to biometric data collection projects in the continent. These include limited public engagement and awareness campaigns; inadequate legal frameworks that heighten risks to privacy; exclusion from accessing essential services; enhanced surveillance, profiling and targeting; conflicting interests and the wide powers of third parties; and limited capacity and training. 

Consequently, the study notes that these biometric programmes are being implemented in countries with poor digital rights records, declining democracy and rising digital authoritarianism, which casts doubt on the integrity of biometric data collection programmes and the resultant databases. Thus, viewed collectively, the developments, trends and risks outlined in the report heighten concern over the growing threats to the right to privacy of personal data and potential violations of digital rights on the continent. 

Finally, the report presents recommendations to various stakeholders including the government, civil society, the media, the private sector and academia, which, if implemented, will go a long way in addressing data protection and privacy gaps, risks and challenges in the study countries. 

The key recommendations include a call to:

  • Governments to implement the laws and policy frameworks on identity systems and data protection and privacy while paying keen attention to compliance with regionally and internationally recognised principles and minimum standards on data protection and privacy for biometric data collection and require the adoption of human rights-based approaches. 
  • Countries without data protection and privacy laws such as Liberia, Mozambique, Sierra Leone and Tanzania should expedite the process of enacting appropriate data protection laws so as to guarantee the data protection and privacy rights of their citizens. 
  • Governments to ratify the AU Convention on Cyber Security and Personal Data Protection (Malabo Convention) to ensure government commitment to regional data protection and privacy as a means to hold them accountable.
  • Governments to establish independent and robust oversight data protection bodies to regulate data and privacy protection including biometric data.
  • Civil society to engage in advocacy and lobby governments to develop, implement and enforce privacy and data protection policies, laws and institutional frameworks that are in compliance with regional and international minimum human rights standards.
  • Civil society to monitor, document and report on the risks, threats, abuses and violations of privacy and human rights associated with biometric data collection programmes, and propose effective solutions to safeguard rights in line with international human rights standards.
  • The media to progressively document and report on initiatives such as advocacy by civil society and other stakeholders to keep track of developments. 
  • The media to conduct investigative journalism to identify and expose privacy violations arising from the implementation of biometric data collection programmes.
  • The private sector to take deliberate efforts to ensure that all their respective biometric data collection programmes and systems are developed implemented and managed in compliance with best practices prescribed by the national, regional and international human rights standards and practices on privacy and data protection, including the UN Guiding Principles on Business and Human Rights.
  • The private sector to ensure that they progressively adopt and develop comprehensive internal privacy policies to guide the collection, storing and processing of personal data. 
  • The private sector to take deliberate efforts aimed at involving data subjects in the control and management of their personal data by providing timely information on external requests for information. 
  • Academia to conduct evidence-based research on data protection and privacy including biometrics, highlighting the challenges, risks, benefits and trends in biometric data collection programmes. 

The full State of Internet Freedom in Africa 2022 Report can be accessed here.

19Jul

How Surveillance, Collection of Biometric Data and Limitation of Encryption are Undermining Privacy Rights in Africa

Author CIPESA Writer Posted on

By Paul Kimumwe |

The right to privacy online has become a critical human rights issue, given its intricate connection with, and its being a foundation for the realisation of other rights including the rights to freedoms of expression, information, assembly, and association and preservation of human dignity. However, many African countries have steadily taken measures to undermine this right, including enacting retrogressive laws and policies that facilitate surveillance and the collection of biometric data, and others that limit the use of encryption

The advent of the Covid-19 pandemic has exacerbated the privacy concerns yet in several countries, digital rights were already under steady attack, including via internet shutdowns, criminalisation of “false news”, misinformation and disinformation campaigns by state and non-state actors, harassment and prosecution of social media users, and growing state surveillance.

In responding to the pandemic, many countries adopted regulations and practices, including deploying surveillance technologies and untested applications, to enable them collect and process personal data for purposes of tracing, contacting, and isolating those suspected to be carrying the virus and those confirmed to carry it. These measures were quickly adopted, often without adequate regulation or oversight.

In this research report, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has analysed laws and policies that impact on privacy, notably those that regulate surveillance, data localisation, biometric databases, and encryption.

The research covered 19 countries – Cameroon, Chad, Egypt, Ethiopia, Kenya, Ghana, Malawi, Mali, Mozambique, Namibia, Nigeria, Rwanda, Senegal, Tanzania, Tunisia, Uganda, Zambia, Zimbabwe, and South Africa.

Summary findings

Growing Surveillance: The research findings show that overall, there has been notable progress in the enactment of specific laws and policies safeguarding the right to privacy, including requiring judicial authority to authorise surveillance in countries such as Kenya, Nigeria, Tanzania, Tunisia and Uganda.

However, there are a few cases, such as in Zimbabwe, where authorisation for monitoring and intercepting communications is offered by non-independent and partial actors such as ministers. In addition, many of the countries’ laws do not measure up to international human rights standards and fail to establish clear and appropriate oversight, redress, and remedy mechanisms.

Indeed, “national security” considerations have been employed in laws in various countries broadly to justify and authorise the interception of communication, restrict privacy rights, grant wide search and seizure powers to law enforcement agencies, mandate intermediaries such as telecommunication service providers to facilitate interception, and to require data localisation.

In addition, while various countries have criminalised illegal surveillance and placed various safeguards on the conduct of state surveillance, many of them still contain retrogressive provisions that leave scope for intrusion, including enabling state surveillance with limited safeguards.

Limitation of Encryption Anonymity and the use of encryption in digital communications are critical in advancing both the right to freedom of expression and right to privacy. In the absence of these rights,  the capacity of individuals to communicate anonymously and without fear of their communications being intercepted cannot be guaranteed.

There are few positive provisions in some countries that require the protection of personal data through technical security measures which include encryption. On the other hand, many countries in the study have passed legislation that limit anonymity and the use of encryption through criminalisation of possession and use of cryptographic software or hardware, providing for fines and prison sentences.

The findings show that in countries like Chad, Malawi, Senegal, Tanzania, Tunisia and Zambia, there are penalties for offering cryptographic services without licensing, registration or authorisation. Interception of communications provisions often require service providers to decrypt any encrypted information that they may intercept in the course of offering assistance to lawful interception. In countries such as Mali and Tanzania, the laws require the encryption service providers, upon registration with the authorities, to disclose the technologies they plan to use for encryption.

Data Localisation The findings show that a growing number of African countries have been legislating on data localisation, which has mostly taken the form of a requirement to store data locally and forbidding unauthorised cross-border data transfers. Various countries have specified the conditions for authorising transfer, mostly where the data subject has offered consent and where an adequate level of protection is assured in the recipient country or international organisation.

Several African countries have adopted different approaches towards data localisation. Several countries use laws on financial services (Nigeria, Ethiopia and Rwanda), cybersecurity and cybercrimes (Rwanda, Zambia and Zimbabwe), telecommunications (Cameroon, Rwanda and Nigeria) and data protection (Kenya, South Africa, Tunisia and Uganda) to place restrictions on cross-border transfer of data.

Some countries have specified the data that cannot be exported without authorisation. Kenya specifies all public data; Nigeria mentions all government data and all subscriber and consumer data; while Zimbabwe, Malawi and Tunisia cite personal information.

Establishment of Biometric Databases  In several countries, government agencies are collecting and processing personal data without adequate data protection laws, amidst limited oversight mechanisms and inadequate remedies. While many have recently passed data protection laws and policies, implementation is not effective, and the safeguards are not water-tight as required under international human rights law.

Some laws in countries such as Chad, Kenya, Tunisia, Uganda, South Africa, and Zimbabwe, prohibit the collection of certain categories of data, including specific types of biometric data generally, or where certain conditions are not complied with. In the other countries studied, the laws require the mandatory collection of biometric information for the registration of telecommunications subscribers, for digital identity programmes and during voters’ registration. Several laws and policies on biometric data collection contain provisions on sanctions and penalties for breach.

Weak Oversight, Transparency and Accountability Mechanisms The study found that countries have adopted different approaches to oversight, including specifying courts, data protection authorities, sector regulators and administrative bodies as key oversight bodies. Some of these bodies are located within the executive, and therefore may lack the proper legal, financial, and institutional independence to stem violations within government, and especially by state security agencies. The laws in most countries require judicial authorities to issue a warrant for interception or monitoring of communications. However, in some countries interception orders can be issued by non-judicial officials, such as ministers.

The deficiency of accountability and transparency is among the weakest links in the various countries’ surveillance laws. While some countries, such as Nigeria, Rwanda, Tunisia, Zimbabwe, have commendable oversight and accountability provisions, it is not known whether they are applied. No entity in any of the countries studied permits public access to records on interception which the laws require state authorities to compile periodically, or publishes any data related to interception warrants issued and if at all they do record such data, they are categorised as classified information under state secrets laws. Thus, the public and oversight institutions such as judiciaries and parliaments remain in the dark about the extent and legality of the conduct of surveillance in the respective countries.

Recommendations

  • Governments should review existing laws, policies and practices on surveillance, including Covid-19 surveillance, biometric data collection, encryption and data localisation to ensure they comply with the principles in the African Commission on Human and Peoples’ Rights (ACHPR) Declaration on Principles of Freedom of Expression and Access to Information in Africa and international human rights standards.
  • Governments should also adopt multi-stakeholder approaches to ensure meaningful participation of all stakeholders in the development of policies and laws that affect the right to privacy and data protection.
  • Civil society actors should use strategic public interest litigation as an avenue to challenge laws that violate privacy rights and push for policies and practices reforms that uphold privacy.
  • Civil society actors should also monitor and document privacy rights violations through evidence-based research, and report on state compliance with their obligations to human rights monitoring bodies.

See the full research report here.

1 6 7 8 9 10 13