Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Data protection

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Data protection
20Nov

New Law Holds Promise for Improved Data Governance in Kenya

Author admin Posted on

By CIPESA Writer |

Following a seven-year, windy journey, on November 8, 2019, Kenya got a data protection law. The Data Protection Act, 2019 has various positive elements and can go a long way in addressing the live issues in protecting the privacy of data in Kenya.

The law came at a time of widespread concern about privacy in the country, including the fragmented oversight over privacy and data protection; increased mass data collection programmes by the government; enhanced state surveillance capacity; rampant privacy breaches including by business entities; limited dispute resolution mechanisms and the deficiency of remedies in case of breach of privacy.

The new law provides a comprehensive framework to regulate the processing of personal data and the protection of individuals’ privacy. It consolidates the law on privacy in the country and articulates several principles of personal data protection, as the minimum standard which all data controllers or processors must abide by.

Further, the Act provides for autonomy of the data subject over their data. It defines what constitutes consent, and makes the requirement of consent mandatory. This potentially addresses situations where personal data is collected arbitrarily and without the explicit consent of users. The law also prohibits the use of personal data for commercial purposes without the consent of the data subject. It places the burden of proof for establishing a data subject’s consent on the data controller or processor, while allowing the subject to withdraw consent at any time.

Also key is that the Data Protection Act, 2019 amends other legislation that have an impact on privacy, meaning that institutions responsible for handling the registration of individuals at birth and death, issuance of national identity cards and passports, Huduma Namba registration, registration of students at all levels, and the registration of telecommunication services consumers, will need to review their current policies, practices and procedures to ensure compliance with the principles in the Act.

The law establishes an independent office of the Data Protection Commissioner. Hitherto, the lack of an oversight body and the fragmented oversight over privacy in the country meant that every institution collecting personal data “owned” and used such data as they wished.

However, whereas the Act hold much promise for improved personal data governance in Kenya, state agencies, including the communications regulator, as well private actors and civil society all have a role to play in its implementation.

This brief recounts Kenya’s journey and efforts to develop a data protection law. It also provides an overview of the implication of the new law to the protection of privacy and data rights in the East African country.

12Sep

Overview of Cameroon’s Digital Landscape

Author admin Posted on

By Simone Toussi |

The Information and Communications Technology (ICT) sector in Cameroon has evolved considerably since 2010, despite the persistence of the digital divide and affronts to freedom of expression online. The country’s digital landscape was  boosted by the launch in May 2016 of the National ICT Strategic Plan 2020, which recognised the digital economy as a driver for development. The country has registered increased investments in  telecommunication and ICT infrastructure, including extension of the national optical fibre backbone to about 12,000 km, connecting 209 of the country’s 360 sub-divisions, and neighbouring countries such as Chad, Gabon, Equatorial Guinea, the Central African Republic and Nigeria. 

By 2018, the Ministry of Posts and Telecommunications reported that mobile phone  subscribers stood at 18.8 million representing a penetration rate of 83%, while internet penetration was 35%. There are four big telecommunications service providers in Cameroon – MTN, Orange, Viettel and the state-owned CAMTEL. With 48% of the mobile market share or 8.7 million subscribers, MTN is the leading service provider, according to its report for the first quarter of 2019. 

Over the years, Cameroon has scored some improvements in ICT development and affordability. For instance, on the ICT Development Index (IDI) of  the International Telecommunications Union (ITU), its value improved from 1.54 in 2010 to 2.38 in 2017 – against the highest global value of 8.98 for Iceland, and between the highest African value of 5.88 for Mauritius and the lowest 0.96 for Eritrea. Cameroon thus ranked at 149  out of the 176 countries assessed, with more than twenty African countries ranked above it. On affordability of the internet, Cameroon’s ranking has also slightly improved – currently ranked 50, up from 53 in 2015, out of 60 countries. This still makes internet access in Cameroon among the most expensive of the countries surveyed.

Meanwhile, internet shutdowns, arrests and intimidation of online critics, and censorship of online content  raise concerns about the government’s commitment to nurturing a sustainable and inclusive digital society.

ICT Legal and Regulatory Frameworks

The Cameroonian Constitution provides for freedom of expression, freedom of the press and of communication. It states: “the freedom of communication, of expression, of the press, of assembly, of association, and of trade unionism, as well as the right to strike shall be guaranteed under the conditions fixed by law”. 

Relevant agencies governing the sector include the Telecommunication Regulatory Agency (ART), and the National Telecommunications Agency (ANTIC) – both under the mandate of the Ministry of Posts and Telecommunications (MINPOSTEL). Other entities such as the Ministry of Communication and the National Council of Communication also has regulatory and advisory roles with regards to media. 

These agencies are guided by key laws that govern ICT including  Law n° 98/014 of July 14, 1998 governing telecommunications and its amendment of December 29, 2005;  Law n° 2010/013 of  December 21, 2010 on e-Communications, and its amendment of April 2015;  Law n° 2010/012 of  December 21, 2010 on Cyber Security and Cybercrime; and Law n° 2010/021 of December 21 2010 governing e-Commerce. Other legalisation related to ICT are the Framework Law n° 2011/012 of May 6, 2011 on Consumer Protection,  Law n° 2001 / 0130 of July 23, 2001 establishing the minimum service in telecommunications, and Law n° 98/013 of July 14, 1998 on competition which governs all sectors of the national economy.

The 2014 Law on the Suppression of Terrorist Acts, which was enacted to support the fight against terrorism and growing threats from the jihadist group Boko Haram, has been used as a tool to suppress journalism and opinion critical of the government under the guise of preventing the spread of fake news and threatening national security. In January 2018, the Minister of Justice issued a directive to magistrates to “commit, after clear identification by the security services, to legally prosecute any person residing in Cameroon who uses social media to spread fake news”. 

A new law is the  2019 Finance Act, which under Section 8, introduces taxation on software and application downloads produced outside of Cameroon, at a flat rate of 200 Central African Francs (CFA), equivalent to USD 0.34, per download. Whereas the government is yet to issue implementation guidelines for the taxes, once in effect, they  will result in additional costs for digital platform users.

Access and Affordability 

Article 4 of the 2010 eCommunications law states that every citizen “has the right to benefit from electronic communications services”. The same law establishes a Universal Service Access Fund, aimed at ensuring equal, quality and affordable access to services (Articles 27-29). Whereas internet and mobile telephony have registered growth, access and affordability remain a challenge, especially among rural and poor communities. Currently, the average cost of 1GB of data is 2,000 CFA (USD 3.4) per month, and with the proposed levy of 200 CFAs (USD 0.34) on software and application downloads, costs are expected to further increase. With an estimated per capita income of USD 1,500 in 2018, the prevailing rates are over and above the Alliance for Affordable Internet’s recommendation of 1GB of data costing 2% or less of average monthly income.  

Gender Digital Divide

A 2015 report by the Web Foundation found that in Cameroon only 36% of women compared to 45% of men were internet users. The key factors inhibiting women’s access to the internet and digital devices in Cameroon included literacy levels, cost relative to income, access to devices, perceived relevance and usefulness, lack of time and poor infrastructure. Towards addressing the digital gender divide, the National ICT Strategic Plan 2020 states among its objectives the need to “support the development of female skills in the field of digital engineering“, and to “support technological and scientific vocations for women“. However, these objectives are not linked to any specific projects within the plan’s priority action areas. 

Meanwhile, without much in the way of provisions for gender, cultural and linguistic diversity, the country’s ICT laws remain largely silent on diversity and inclusion within the ICT sector. Further, seven years since its passing, the Framework Law on Consumer Protection, which includes provisions on consumer rights and quality of services within the technology sector, remains largely unenforced due to the absence of  implementation guidelines.

Privacy and Data Protection

Cameroon has no data protection or privacy law. However, the national Constitution amended by the Law N°. 96-06 of 18 January 1996, guarantees privacy of communications in its preamble, stating that “the privacy of all correspondence is inviolate. No interference may be allowed except by virtue of decisions emanating from the Judicial Power”. The 2010 Cybersecurity and Cybercrime law also provides for the privacy of communications under Article 41 and outlaws the interception of communications under Article 44. The obligation for service providers to guarantee users’ privacy and the confidentiality of information is covered under Articles 42 and 26.  

According to Article 26(1); “Information system operators shall take all technical and administrative measures to ensure the security of the services offered. To this end, they should be equipped with standardised systems that enable them to identify, evaluate, process and continuously manage the risks related to the security of information systems in the context of services offered directly or indirectly”. However, the law does not specify the guiding principles for the collection and processing of personal data, nor users’ right to access and update such data. 

Network Disruptions

The government of Cameroon has in the past initiated two internet shutdowns in the Anglophone region of the country, which together lasted 240 days and drew international condemnation. The shutdowns were imposed in the wake of ongoing strikes, fatal violence and protest action against the alleged “francophonisation” and marginalisation of English speakers who claim that “the central government privileges the majority French-speaking population and eight other regions.” It is estimated that the regional internet shutdown cost USD 38.8 million in addition to affecting access to public services, education, and daily livelihoods. 

Guaranteeing an Inclusive Digital Space in Cameroon

Cameroon’s government has professed its intention to leverage the digital economy for sustainable development and to establish  an enabling legal and regulatory framework. However, developments such as taxation of application downloads, internet disruptions, and limited efforts to bridge the digital gender divide, indicate a shrinking digital space and are likely obstacles to the uptake of ICT. Efforts are thus necessary to ensure a digital environment that is both open and accessible to all, upholds users’ safety and security, and guarantees constitutional rights. These efforts should include a strengthened legal framework with implementation guidelines to ensure enforcement, compliance monitoring, and accountability. 

Moreover, the adoption of a specific law on privacy and data protection is recommended, so as to guarantee the principles of anonymity and consent, and in line with international best practice. For civil society organisations, it is recommended to intensify advocacy against regressive policy and practice including internet disruptions,  and the enforcement of consumer protection and universal services. Crucially, civil society should play an active role in policy consultative processes and citizen sensitisation on digital rights and literacy.

19Dec

Is the future of the internet in Africa fractured?

Author admin Posted on

By Daniel Mwesigwa |
At its founding, in the late 80s, the internet promised to democratize information, level uneven grounds, and the destroy barriers associated with distance, space, and time. Through promoting communication, coordination, integration at a pace and scale beyond the ability of any government to halt, the connectivity set a foundation for dichotomies so often aligned with colonialism, imperialism, and globalization.
Today the internet is not just about inscrutable abstracts on the potential merits of its ubiquity but rather its impact and probable effects on a global scale. If anything, the weaponization of algorithms, speech, objectivity, and people has been pronounced in the recent past. For example, Facebook and Cambridge Analytica have accepted responsibility for abetting electoral malfeasance in America and other states by enabling the manipulation of electorates through an à la carte of sensational news and unsubstantiated political advertising only meant to swing and tilt public opinion.
That is why it might be hard to assess whether governments will continue to sit back and watch powerful technology companies from the west continue to prowl over strategic industries in their backyards, or whether they will take to the ‘commanding heights’ to steer the internet’s governance, at the expense of an open and decentralized internet, within their jurisdictions.
But how did we get there? An Xiao Mina’s instructive take on the potential effects of censorship on the future of the global internet and the attendant effects on the public sphere predicts not only deeper digital divides but also bolder and even more daring abuses to democracy by nation-states. She’s not alone, Google’s former chairman, Eric Schmidt, and internet theorist and scholar Evgeny Morozov have made similar pronouncements: the internet is splintering due to policy dilemmas in the realms of sovereignty and globalization.
In spite of all; bad laws, technical upheavals, spam, and disruptions, the popular narrative is that we could not kill the “global” internet even if we tried. However, through technical disruptions (covert and overt) and an array of legal and regulatory guises, governments in Africa have institutionalized attacks on the internet at a level not experienced before.
Censorship is arguably one of the leading factors threatening the future of the internet. And China is the pariah. It has been particular to institutionalize censorship through remodelling its own internet reality in what the Communist party president, Xi Jinping, calls ‘internet sovereignty’. The Republic augmented her stringent controls on free speech and tightened media regulations in the real world onto the internet through even tighter controls on content, privacy and security. Through ambitious projects like the infamous “Great Firewall” and the more recent proposal to create a dystopian future where citizens are assessed for the good and bad through a “national social rating system”, China has asserted her position on her internet governance despite the internet’s original ideals on openness and decentralization. Indeed, China’s ethos on “internet sovereignty” are being evangelized and promoted in fragile, and weak nation-states. Zimbabwe is reported to be in the process of adopting a Chinese sanctioned facial recognition system to surveil high traffic areas such as airports and malls. For its renowned poor human rights record, such surveillance capabilities pose a danger to a free society.
Further, African governments have been renown for clandestinely shutting down the internet for all sorts of reasons—twice in Uganda during the 2016 presidential elections and over three months in the English-speaking region of Cameroon—usually in defence “national security”. Such censorships have been arbitrarily executed despite the punitive economic costs associated. Some governments have even flirted with the idea of developing local alternatives to popular social networking sites such as Facebook and Twitter so as to have full control over the knobs of social media must the need arise.
But also the censorship has been effected through particularly prohibitive laws meant to derail social media use and charge social critics and other dissenting voices. For example, the cybercrime laws of countries such as Tanzania give the police the mandate to arrest anybody they deem in breach of cyber laws without the necessary legal oversight. Tanzania has introduced a $900 tax for bloggers, Uganda has slapped a “gossip tax” on social media use and other OTT services, Zambia has levied a cost on internet voice calls. If the feel of the contours is anything to go by, censorship has taken unique and complex forms. It seems like many African governments are operating from the same template.
Meanwhile, if we might on what the future of the internet might look like, despite the attacks, we know it will largely be multimedia and highly, rather unsurprisingly, localized. The internet in the past faced severe infrastructural deficits. For example, before the first landfall of transatlantic fibre optic cables at the coast of East Africa in 2009, the internet was not only accessed through more expensive options such as satellite links, generally suffered lower speeds and was inaccessible with the greater part of the region.
The global interconnection through the fibre and terrestrial optic cables enabled further access and connectivity within the region. Most remarkably, local peering and Content Delivery Networks (CDN) increased internet capacity. Loosely defined, local peering means that instead of a webpage directly loading from some server located in an obscure location in North Carolina, a local copy of the same data would be stored on servers hosted locally, in Africa. This bolsters the user experience and also enables the reduction of costs associated with extending the internet to the last mile.
Of course, such developments are welcome but technology companies and giants predominantly from Silicon Valley have taken over these alternative connectivity methods to further affordable internet access to the “last mile”. However, they also have deep financial and corporate interests at heart. In fact, content companies such as Facebook are laying more fibre optic cables than traditionally renowned telecommunications carrier/infrastructure companies. Facebook has laid its first fibre in sub-Saharan Africa, in Uganda at a cost estimated at $100 million. Google had previously done the same in Uganda and Ghana. Overall, major countries seem to have some sort of connectivity experiment going on involving the use of low frequency, wifi hotspots, rockets and other novel technologies—again, spearheaded by Western tech giants. Such moves have raised concerns on issues regarding net neutrality, data protection and privacy, local content, among others. Technology companies seen through the lenses of benevolence might appear as benign catalysers of internet access. Yet by mere ownership of the plumbing that powers the internet effectively makes their services synonymous with the open internet itself. Indeed, it would not be surprising to find people who think Facebook is the internet. Technology companies could not only influence the internet’s direction but also act as a chokepoint, especially when deciding what geographical areas or income groups to serve or not.
While globalization was mostly lauded for is the discovery of previously unchartered territories and the opening of new frontiers, a lot of how it happened was characterized with pillage and violence—often at the expense of conquered states’ sovereignties. The globalization of the world through the internet promised trade and commerce, education and research, government and service delivery through instantaneous communication, on levelled grounds. But many of the paradigm shifts have enabled good use of the internet insofar as they have enabled abusive, problematic use. Now governments seem to have taken centre stage in steering what directions their internet takes, powerful corporations, on the other hand, have grown so powerful since they can algorithmically control and mediate the internet’s content, and emotions, that they threaten democracy and other virtues of good governance, especially in fragile states. As for the users, disparate realities of the internet look not so far away, some Facebook (through Free Basics) is touted to better than no Facebook (or internet) at all. Balkanization of the internet is at rather happening at an unprecedented pace. Is the future of the internet in Africa fractured?
This article was first published on December 19, 2018, African School on Internet Governance

17Sep

CIPE to Preview New Policy Guide on Digital Economy at the Forum on Internet Freedom in Africa

Author admin Posted on

Announcement |
The Center for International Private Enterprise (CIPE) will preview a new resource titled Digital Economy Enabling Environment Guide, at the Forum on Internet Freedom in Africa (FIFAfrica) 2018, set to take place 26–28 September, 2018, in Accra, Ghana. This preview comes ahead of a formal launch at the upcoming conference of the Aspen Network of Development Entrepreneurs (ANDE), on 2–4 October, 2018 in Tarrytown, New York.
The guide was developed in collaboration with the New Markets Lab (NML) and focuses on four priority topics that serve as the building blocks of digital economy: Consumer Protection, Data Protection, Cybersecurity, and Electronic Transactions (e-payments and e-signatures). The guide explains key regulatory considerations and helps policymakers, the private sector, and other stakeholders reach a shared understanding of these often complex topics in order to engage in constructive policy dialogue.
Further, the guide includes Legal Deep Dives with detailed information on the applicable international and regional frameworks; examples of different regulatory approaches used around the world; considerations for implementation and enforcement of laws and regulations; and relevant institutional frameworks that influence the digital economy.
Anna Kompanek, CIPE Director for Global Programs, will highlight the section of the guide at a FIFAfrica session on Consumer Rights Protection in the Digital Age, scheduled for 28 September. “Previewing the Digital Economy Enabling Environment Guide at FIFAfrica provides a valuable opportunity to support public-private dialogue efforts throughout the continent on issues key to shaping democratic discourse on digital economy,” she said.
Going forward, CIPE and NML will leverage this new resource in their respective work to facilitate crucial multi-stakeholder policy conversations and regulatory reforms in countries around the world.
CIPE strengthens democracy around the globe through private enterprise and market-oriented reform in order to expand access to opportunity for all citizens and help build democracies that deliver. By working with private sector organizations, CIPE is helping businesses find their voice in policymaking on a range of digital economy issues.
NML is a non-profit center for law, development, and entrepreneurship that houses comparative expertise and an international team of lawyers focused on socially accountable economic, legal and regulatory reform. NML sees law as a driving force that can generate entrepreneurship and economic development.
 

06Aug

Challenges and Prospects of the General Data Protection Regulation (GDPR) in Africa

Author admin Posted on

Policy Brief |
Privacy is a fundamental human right guaranteed by international human rights instruments including the Universal Declaration of Human Rights in its article 12 and the International Covenant on Civil and Political Rights, in its article 17. Further, these provisions have been embedded in different jurisdictions in national constitutions and in acts of Parliament.
In Africa, regional bodies have invested efforts in ensuring that data protection and privacy are prioritised by Member States. For instance, in 2014 the African Union (AU) adopted the Convention on Cybersecurity and Personal Data Protection. In 2010, the Southern African Development Community (SADC) developed a model law on data protection which it adopted in 2013. Also in 2010, the Economic Community of West African States (ECOWAS) adopted the Supplementary Act A/SA.1/01/10 on Personal Data Protection Within ECOWAS. The East African Community, in 2008, developed a Framework for Cyberlaws. Notwithstanding these efforts, many countries on the continent are still grappling with enacting specific legislation to regulate the collection, control and processing of individuals’ data.
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect. The GDPR is likely to force African countries, especially those with strong trade ties to the EU, to prioritise data privacy and to more decisively meet their duties and obligations to ensure compliance.
See this brief on the Challenges and Prospects of the General Data Protection Regulation (GDPR) in Africa, where we explore the consequences of GDPR for African states and business entities.

1 2 3 4 5