Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Data protection

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog  /  Data protection
19Dec

Is the future of the internet in Africa fractured?

Author admin Posted on

By Daniel Mwesigwa |
At its founding, in the late 80s, the internet promised to democratize information, level uneven grounds, and the destroy barriers associated with distance, space, and time. Through promoting communication, coordination, integration at a pace and scale beyond the ability of any government to halt, the connectivity set a foundation for dichotomies so often aligned with colonialism, imperialism, and globalization.
Today the internet is not just about inscrutable abstracts on the potential merits of its ubiquity but rather its impact and probable effects on a global scale. If anything, the weaponization of algorithms, speech, objectivity, and people has been pronounced in the recent past. For example, Facebook and Cambridge Analytica have accepted responsibility for abetting electoral malfeasance in America and other states by enabling the manipulation of electorates through an à la carte of sensational news and unsubstantiated political advertising only meant to swing and tilt public opinion.
That is why it might be hard to assess whether governments will continue to sit back and watch powerful technology companies from the west continue to prowl over strategic industries in their backyards, or whether they will take to the ‘commanding heights’ to steer the internet’s governance, at the expense of an open and decentralized internet, within their jurisdictions.
But how did we get there? An Xiao Mina’s instructive take on the potential effects of censorship on the future of the global internet and the attendant effects on the public sphere predicts not only deeper digital divides but also bolder and even more daring abuses to democracy by nation-states. She’s not alone, Google’s former chairman, Eric Schmidt, and internet theorist and scholar Evgeny Morozov have made similar pronouncements: the internet is splintering due to policy dilemmas in the realms of sovereignty and globalization.
In spite of all; bad laws, technical upheavals, spam, and disruptions, the popular narrative is that we could not kill the “global” internet even if we tried. However, through technical disruptions (covert and overt) and an array of legal and regulatory guises, governments in Africa have institutionalized attacks on the internet at a level not experienced before.
Censorship is arguably one of the leading factors threatening the future of the internet. And China is the pariah. It has been particular to institutionalize censorship through remodelling its own internet reality in what the Communist party president, Xi Jinping, calls ‘internet sovereignty’. The Republic augmented her stringent controls on free speech and tightened media regulations in the real world onto the internet through even tighter controls on content, privacy and security. Through ambitious projects like the infamous “Great Firewall” and the more recent proposal to create a dystopian future where citizens are assessed for the good and bad through a “national social rating system”, China has asserted her position on her internet governance despite the internet’s original ideals on openness and decentralization. Indeed, China’s ethos on “internet sovereignty” are being evangelized and promoted in fragile, and weak nation-states. Zimbabwe is reported to be in the process of adopting a Chinese sanctioned facial recognition system to surveil high traffic areas such as airports and malls. For its renowned poor human rights record, such surveillance capabilities pose a danger to a free society.
Further, African governments have been renown for clandestinely shutting down the internet for all sorts of reasons—twice in Uganda during the 2016 presidential elections and over three months in the English-speaking region of Cameroon—usually in defence “national security”. Such censorships have been arbitrarily executed despite the punitive economic costs associated. Some governments have even flirted with the idea of developing local alternatives to popular social networking sites such as Facebook and Twitter so as to have full control over the knobs of social media must the need arise.
But also the censorship has been effected through particularly prohibitive laws meant to derail social media use and charge social critics and other dissenting voices. For example, the cybercrime laws of countries such as Tanzania give the police the mandate to arrest anybody they deem in breach of cyber laws without the necessary legal oversight. Tanzania has introduced a $900 tax for bloggers, Uganda has slapped a “gossip tax” on social media use and other OTT services, Zambia has levied a cost on internet voice calls. If the feel of the contours is anything to go by, censorship has taken unique and complex forms. It seems like many African governments are operating from the same template.
Meanwhile, if we might on what the future of the internet might look like, despite the attacks, we know it will largely be multimedia and highly, rather unsurprisingly, localized. The internet in the past faced severe infrastructural deficits. For example, before the first landfall of transatlantic fibre optic cables at the coast of East Africa in 2009, the internet was not only accessed through more expensive options such as satellite links, generally suffered lower speeds and was inaccessible with the greater part of the region.
The global interconnection through the fibre and terrestrial optic cables enabled further access and connectivity within the region. Most remarkably, local peering and Content Delivery Networks (CDN) increased internet capacity. Loosely defined, local peering means that instead of a webpage directly loading from some server located in an obscure location in North Carolina, a local copy of the same data would be stored on servers hosted locally, in Africa. This bolsters the user experience and also enables the reduction of costs associated with extending the internet to the last mile.
Of course, such developments are welcome but technology companies and giants predominantly from Silicon Valley have taken over these alternative connectivity methods to further affordable internet access to the “last mile”. However, they also have deep financial and corporate interests at heart. In fact, content companies such as Facebook are laying more fibre optic cables than traditionally renowned telecommunications carrier/infrastructure companies. Facebook has laid its first fibre in sub-Saharan Africa, in Uganda at a cost estimated at $100 million. Google had previously done the same in Uganda and Ghana. Overall, major countries seem to have some sort of connectivity experiment going on involving the use of low frequency, wifi hotspots, rockets and other novel technologies—again, spearheaded by Western tech giants. Such moves have raised concerns on issues regarding net neutrality, data protection and privacy, local content, among others. Technology companies seen through the lenses of benevolence might appear as benign catalysers of internet access. Yet by mere ownership of the plumbing that powers the internet effectively makes their services synonymous with the open internet itself. Indeed, it would not be surprising to find people who think Facebook is the internet. Technology companies could not only influence the internet’s direction but also act as a chokepoint, especially when deciding what geographical areas or income groups to serve or not.
While globalization was mostly lauded for is the discovery of previously unchartered territories and the opening of new frontiers, a lot of how it happened was characterized with pillage and violence—often at the expense of conquered states’ sovereignties. The globalization of the world through the internet promised trade and commerce, education and research, government and service delivery through instantaneous communication, on levelled grounds. But many of the paradigm shifts have enabled good use of the internet insofar as they have enabled abusive, problematic use. Now governments seem to have taken centre stage in steering what directions their internet takes, powerful corporations, on the other hand, have grown so powerful since they can algorithmically control and mediate the internet’s content, and emotions, that they threaten democracy and other virtues of good governance, especially in fragile states. As for the users, disparate realities of the internet look not so far away, some Facebook (through Free Basics) is touted to better than no Facebook (or internet) at all. Balkanization of the internet is at rather happening at an unprecedented pace. Is the future of the internet in Africa fractured?
This article was first published on December 19, 2018, African School on Internet Governance

17Sep

CIPE to Preview New Policy Guide on Digital Economy at the Forum on Internet Freedom in Africa

Author admin Posted on

Announcement |
The Center for International Private Enterprise (CIPE) will preview a new resource titled Digital Economy Enabling Environment Guide, at the Forum on Internet Freedom in Africa (FIFAfrica) 2018, set to take place 26–28 September, 2018, in Accra, Ghana. This preview comes ahead of a formal launch at the upcoming conference of the Aspen Network of Development Entrepreneurs (ANDE), on 2–4 October, 2018 in Tarrytown, New York.
The guide was developed in collaboration with the New Markets Lab (NML) and focuses on four priority topics that serve as the building blocks of digital economy: Consumer Protection, Data Protection, Cybersecurity, and Electronic Transactions (e-payments and e-signatures). The guide explains key regulatory considerations and helps policymakers, the private sector, and other stakeholders reach a shared understanding of these often complex topics in order to engage in constructive policy dialogue.
Further, the guide includes Legal Deep Dives with detailed information on the applicable international and regional frameworks; examples of different regulatory approaches used around the world; considerations for implementation and enforcement of laws and regulations; and relevant institutional frameworks that influence the digital economy.
Anna Kompanek, CIPE Director for Global Programs, will highlight the section of the guide at a FIFAfrica session on Consumer Rights Protection in the Digital Age, scheduled for 28 September. “Previewing the Digital Economy Enabling Environment Guide at FIFAfrica provides a valuable opportunity to support public-private dialogue efforts throughout the continent on issues key to shaping democratic discourse on digital economy,” she said.
Going forward, CIPE and NML will leverage this new resource in their respective work to facilitate crucial multi-stakeholder policy conversations and regulatory reforms in countries around the world.
CIPE strengthens democracy around the globe through private enterprise and market-oriented reform in order to expand access to opportunity for all citizens and help build democracies that deliver. By working with private sector organizations, CIPE is helping businesses find their voice in policymaking on a range of digital economy issues.
NML is a non-profit center for law, development, and entrepreneurship that houses comparative expertise and an international team of lawyers focused on socially accountable economic, legal and regulatory reform. NML sees law as a driving force that can generate entrepreneurship and economic development.
 

06Aug

Challenges and Prospects of the General Data Protection Regulation (GDPR) in Africa

Author admin Posted on

Policy Brief |
Privacy is a fundamental human right guaranteed by international human rights instruments including the Universal Declaration of Human Rights in its article 12 and the International Covenant on Civil and Political Rights, in its article 17. Further, these provisions have been embedded in different jurisdictions in national constitutions and in acts of Parliament.
In Africa, regional bodies have invested efforts in ensuring that data protection and privacy are prioritised by Member States. For instance, in 2014 the African Union (AU) adopted the Convention on Cybersecurity and Personal Data Protection. In 2010, the Southern African Development Community (SADC) developed a model law on data protection which it adopted in 2013. Also in 2010, the Economic Community of West African States (ECOWAS) adopted the Supplementary Act A/SA.1/01/10 on Personal Data Protection Within ECOWAS. The East African Community, in 2008, developed a Framework for Cyberlaws. Notwithstanding these efforts, many countries on the continent are still grappling with enacting specific legislation to regulate the collection, control and processing of individuals’ data.
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect. The GDPR is likely to force African countries, especially those with strong trade ties to the EU, to prioritise data privacy and to more decisively meet their duties and obligations to ensure compliance.
See this brief on the Challenges and Prospects of the General Data Protection Regulation (GDPR) in Africa, where we explore the consequences of GDPR for African states and business entities.

30Apr

Privacy & Protection: Do Ugandans Care What Happens to Their Data?

Author admin Posted on

By Neema Iyer |

Let’s be honest.

When was the last time you read the “Terms and Conditions” before you signed up for a new service online?

We don’t blame you. It’s easy to get lost in the legal jargon.

But do you know what happens to your personal data every time you click on “I have agreed to terms and conditions”? Did you know at the mere click to accept, you could have given a way a portion of your vital information and put your data privacy in absolute jeopardy?

Today, it’s hard to raise the issue of data privacy without putting a thought on the recent Facebook-Cambridge Analytica scandal that made many people realize the power of data. Even with as much information spewed out explaining what the scandal was about, very few took a note to learn from.

A recent allegation from the Cambridge Analytica scandal pins the Uhuru Kenyatta presidential campaign to have employed social media surveillance results to target campaign messages to different profiles of voters. This was possible because Facebook monitors your social media activity and can predict your behavior from that, hence such information is used to target messages that speak to your interests and emotions to sway major decisions such as election outcomes. This isn’t just happening on our doorsteps, allegations claim similar outcomes in the United States and the UK.

The EU revised as much on data privacy and protection in Europe and promised to give users more power over their data. While Europe seems to take quick action, down in Uganda and Africa at large, we continue to grapple with weak data privacy and protection laws, a citizenry that is not well-informed on data privacy, a delay in passing necessary bills and weak implementation processes. Unfortunately, a majority of African countries lack the necessary mechanisms for the inclusive participation of citizens and other stakeholders in the processes of formulating the very laws on internet and digital rights that directly affect them.

Do we care about Data Privacy and Protection?

In December 2017, Unwanted Witness, an activists group petitioned the Uganda Human Rights Commission (UHRC) to compel Parliament to speed up the enactment of privacy and data protection law.

They argued that without a governing law, citizens’ personal data is exposed to abuse without collection and protection safeguards. They further asked UHRC to prioritize privacy and recognize it as a fundamental right under attack in the country. However, to date, we are yet to see significant action taken to build an informed citizenry on their digital rights and to provide appropriate protections.

When talk about data arises, many are not really willing to delve further into the ethics surrounding the topic. This can and will still be attributed to the high illiteracy levels in the country and because many don’t know what data is or how valuable it might be on the long run, they will give it away easily. Funny as it may sound, a majority internet users think ‘data’ is the a term tied to the internet bundles that the ISPs provide and it’s that school of thought that has stuck with them. Whether their data gets in the hands of the wrong or the right people, it’s the least of their concerns.

Data Protection basically means to ensure the right to privacy, respect to confidentiality principles in various relations such as doctor patient, employer-employee and service providers with their clients generally.

Did you know that privacy is your human right?

The right to privacy refers to the concept that one’s personal information is protected from public scrutiny. It is essentially, your right to be left alone. Privacy is a core aspect of human dignity and values such as freedom of association and freedom of speech.

One would wonder, even with the data privacy breaches, are there really laws in place to curb and punish those that are misusing people’s data and evading on their privacy or we are simply looking while our data gets tampered with and is easily handed to the wrong hands.

Are there Laws in Place?

Yes! There is a Ugandan Data Protection and Privacy Bill that was tabled before parliament in 2015 and although the Bill needs to be revised and aligned better with human rights provisions, comments have been raised on the need to balance civil liberties, national security and data protection and privacy.

According to a paper published a couple of years ago by Dr Ronald Kakungulu Mayambala a Senior Lecturer of Human Rights and Peace Centre at Makerere University, Article 27 of the Constitution guarantees the right to privacy of person, home and other property. In particular, article 27(2) of the Constitution provides that a person shall not be subjected to interference with the privacy of that person’s home, correspondence, communication or other property.

Unfortunately there is no comprehensive law giving effect to article 27, yet a lot of data concerning individuals are collected, stored or processed regularly by various institutions in the private and public sector, including banks, hospitals, insurance companies, the Uganda Citizenship and Immigration Control Board, the Uganda Revenue Authority, Uganda Registration Services Bureau, the Electoral Commission, utility service providers and telecommunications companies under the SIM card registration exercise

The Bill seeks to protect the privacy of the individual and personal data by regulating the collection and processing of personal information. It provides for the rights of persons whose data is collected and the obligations of data collectors and data processors; and regulates the use or disclosure of personal information.

However even with these laws and bills in place, further questions continue to be raised on whether they even hold any solid ground in implementation, especially, if there has not been enough sensitization of the bills and data literacy.

 

What do some people think about data privacy in Uganda?

A chat with a few random Ugandans around town shows you just how long of a way we have to go with the data privacy and protection talk.

“I honestly have nothing to hide with my data and anyone who wants to access it can go ahead and access it. Your data can only be private if you choose to keep it private but if you choose to put it out there and later claim for privacy, then you are playing yourself” — Lisa

“Whatever you put out there is public. I don’t really care who gets my data because once Ipost anything on social media, it’s no longer in any way private. I get a need for data privacy if it comes to my business data like emails. That is when i need some real privacy” — Hans

“Data privacy is not even a topic of debating here in Uganda because people don’t really care what happens with their data. Because we have a huge Internet penetration gap, very many people don’t even know what data is in most parts of africa.” — Emmanuel


 

18Apr

The Stampede for SIM Card Registration: A Major Question for Africa

Author admin Posted on

By Edrine Wanyama |
It is anticipated that by 2025, there will be at least 5.9 billion mobile subscribers accounting for 71% of the world’s population. As of 2017,  Sub-Saharan Africa (SSA) had  a mobile subscription rate of 44% which is projected to reach  52% by 2025. Further, SSA’s mobile internet penetration by 2017 stood at 21% and is anticipated to increase to 40% by 2025.  However, the region has registered the largest number of cases of mandatory SIM card registration yet it suffers some of biggest challenges in personal data protection and privacy.
The benefits of SIM card registration include facilitation of citizens’ access to e-Government services, easy identification of an individual’s mobile number and number portability when switching networks. In addition, it aids combating cybercrime including terrorism by limiting covert communication and promotes good relations between consumers and service providers by simplifying identification of consumers and their use of SIM services. Accordingly, many governments argue that mandatory SIM card registration is for purposes of safeguarding digital and physical security. However, critics argue that when SIM card registration is effected without due safeguards, it poses a threat to privacy and freedom of expression.
Indeed, in 2013 Mexico repealed its policies on SIM card registration “after a policy assessment showed that it had not helped with the prevention, investigation and/or prosecution of associated crimes.” Finland has not enforced compulsory SIM card registration and nonetheless, through voluntary mobile signatures, service providers has succeeded in facilitating user’s access to relevant retail, banking and e-Government services.
Globally, over 90 countries conduct compulsory SIM card registration yet some remain without clear policy on its implementation. Amidst criticisms that mandatory registration does not necessary combat cybercrime, as criminals take the necessary precautions to avoid being detected and circumvent mandatory SIM card registration, African countries continue to proactively enforce SIM card registration. Among the prevailing challenges on the continent is the difficulty in validating identity documents in an environment with a wide range of service providers who create room for potential circumvention.
Mandatory registration has negatively affected access and usage of mobile telecommunication services due to the tedious process which entails the production of documentation such as passports and national identity cards prior to registration, which sometimes results in failure to attain a SIM card, disconnection, or  deactivation of SIM cards.
Additionally, there have been repetitive calls for registration of SIM cards in countries such as Uganda and Nigeria with personal data being collected  more than once. In Uganda, despite government explanation that SIM card verification is aimed at ensuring secure and safer communications, citizens have unanswered questions on the exercise. Suspicion arises due to a fresh validation of SIM card registration using national identity cards subsequent to registration which was initially done using valid documents such as students’ identity cards, driving permits and passports.
Double collection of personal data may partly imply collection of data beyond what is necessary for the purpose contrary to the internationally established data protection principles such as those set out in the Organisation for Economic Co-Operation and Development (OECD) Data Protection Principles. Further, there is no guarantee of individual privacy as most of the African countries do not have data protection laws. Moreover, most of the existing data protection laws do not meet internationally recognised standards considered sufficient to guarantee personal data protection and are therefore regarded as offering moderate or limited protection.
Meanwhile, efforts to buttress data protection in Africa have not yielded much. Out of 54 countries on the continent, only 14 have data protection laws (Angola, Benin, Burkina FasoMali, Gabon, GhanaIvory Coast, Lesotho, Madagascar, MoroccoSenegalSouth AfricaTunisia and Zimbabwe). A few others such as Uganda, Kenya, Nigeria, Tanzania and Niger have Bills. Regional efforts have also not yielded much. The Convention on Cyber Security and Personal Data Protection which was adopted by the African Union in 2014 has registered only 10 signatories (Benin, Chad, Congo, Ghana, Guinea-Bissau, Mauritania, Sierra Leone, Sao Tome & Principe, Zambia and Comoros) and one ratification by Senegal.
Ultimately, there is need to reconcile state interests with citizens’ personal data and privacy rights. Mandatory registration, especially in the absence of clear registration guidelines and the lack of data protection laws, puts personal data at risk. African governments need to learn from other jurisdictions such as Europe with regards to processing of personal data as part of SIM card registration. In enforcing SIM card registration, there should be a clear set registration timelines, clear and unambiguous registration requirements.

1 2 3 4