Overview of Intermediary Liability in Senegal

By Astou Diouf |

Among its west African counterparts, Senegal is among the leaders in digitalisation efforts. Its press freedom rankings are high and the country has also recorded positive strides in data protection. Telecommunications sector players include 2018 entrants ARC Telecom, WAW Telecom and Africa Access, alongside the state-owned Sonatel, Free (initially licensed as SENTEL, later rebranded as Tigo), and Expresso Senegal

Moreover, internet affordability remains a challenge, with the country ranked 25th out of 72 countries assessed under the Affordability Index. As at December 2020, internet penetration in Senegal was estimated at 88.7% and mobile penetration at 114.2%. However,  there are concerns about repressive controls purportedly aimed at countering cybercrime, misinformation and hate speech. 

This article highlights the state of intermediary liability in Senegal, including the legal and regulatory environment relevant to intermediaries’ obligations including information/ data disclosure to law enforcement authorities, filtering or blocking content, and service restrictions. 

Legislative and Regulatory Overview

The electronic transactions law and eCommunications decree are the primary legislations that establish an intermediary liability framework in Senegal. Article 3(1) of law n° 2008-08 of January 25, 2008 on Electronic Transactions refers to intermediaries as “persons whose activity is  to provide  the public access to services through information and communication technologies”.

Borrowing from France’s law n° 2004-575 of June 21, 2004 on Confidence in the Digital Economy, the 2008 law places limited obligations on intermediaries to monitor content, but requires them to put in place mechanisms to remove or prevent access to unlawful content, inform users of service restrictions and complaints.

Article 3(2) states that a natural or legal persons who provides  to the public a service of storage of signals, writings, images,  sound or messages “cannot be held liable for the activities or information stored at the request of a recipient of these services if they did not have actual knowledge of their illicit nature or of facts and circumstances showing this nature or if, from the moment they had such knowledge, they acted promptly to remove this data or to make access [to it] impossible“.

However, without a clear definition of what constitutes illicit content, the electronic transactions law leaves room for restriction of access to content arbitrarily deemed illegal yet there are no clear provisions on ways to challenge content takedown decisions. 

On the upside, confidentiality of personal information is required under Article 5. Failure to comply with the provisions of the electronic transactions law is an offence under Articles 431-46 to 431-49 of the Penal Code, 2016, punishable with a fine of between 250,000 and 1,000,000 Francs (USD 461-1,845), imprisonment of between six months and one year, or both. 

The 2008 decree on eCommunications considers intermediaries to be neutral parties with no control over content, assuming that they merely provide transmission or storage of information, sometimes temporarily. Accordingly, Article 6 limits the liability of intermediaries when “1) they do not select the recipient of the transmission; 2) they do not initiate the transmission; 3) the activities of transfer and provision of access are aimed exclusively at carrying out the transmission or provision of access; 4) they do not modify the information that is subject to transmission; 5) they execute a decision of a judicial or administrative authority to remove the information or prohibit access to it.” 

While the electronic transactions law and the eCommunications decree limit the liability of intermediaries, other laws place obligations that have implications on users’ rights as detailed below. These include the law on intelligence services, the law amending the Code of Criminal Procedure, the eCommunications Code and the law amending the Penal Code.

Interception of Communications and Information Disclosure

The law n°2016-33 of December 14, 2016 relating to Intelligence Services under Article 10 states that in the interest of national security, intelligence authorities can “use technical, intrusive, surveillance or location procedures to collect information useful for neutralising the threat’’. Article 11 requires service providers to cooperate with and assist unspecified “relevant private bodies” with intelligence activities. 

Act No. 2016-30 amending Act No. 65-61 of 1965 on the Code of Criminal Procedure also mentions  intermediary liability in relation to criminal investigations. Article 90-11 requires the cooperation of intermediaries with investigative authorities in collecting or recording “in real time” relevant electronic data and communications. Article 90-14 provides that a public prosecutor must issue  to telecommunications operators and service providers a formal request for cooperation. Recording and interception of communications under the criminal code are subject to written authorisation by a judge. 

Further, article 90-17 empowers judges to order intermediaries to decrypt data or provide information on the operation of encrypted systems. Orders are not subject to appeal and their validity is restricted  to between two and four months renewable on a case-by-case basis. The lack of provisions for individuals subject to surveillance to challenge court orders is against the provisions of the Budapest Convention (which Senegal is Party to), aimed at ensuring an appropriate balance between the interests of law enforcement and respect for fundamental human rights.

Article 20 of the eCommunications Code re-emphasises the requirement for service providers to cooperate with government authorities in accordance with the provisions of Article 90-11 of the Code of Criminal Procedure, including through disclosing relevant information and offering technical assistance when asked. 

Service Restrictions

The 2018 eCommunications Code requires service providers to “prevent impending network congestion and mitigate the effects of exceptional or temporary congestion, provided that equivalent categories of traffic are subject to equal treatment” (Article 27)”. It adds that “the regulatory authority may authorise or impose any traffic management measure it deems useful to preserve competition in the electronic telecommunications sector and ensure fair treatment of similar services.” In application of these provisions, intermediaries can reduce the speed or interrupt the internet at times and locations, under the pretext of reducing network congestion. The provisions also give the Telecommunications and Postal Regulatory Authority (ARTP) unchecked powers to authorise or impose restrictions  on the availability of digital communication networks. 

Strict confidentiality and continuity of service requirements are also placed on intermediaries and their staff under the Penal Code Article 167 which states that “deletion or opening of correspondence addressed to third parties in bad faith” is an offense punishable by imprisonment for between six days and one year, a fine of 20,000-100,000 francs (USD 36-185), or both.  

Content Restrictions

There are no specific obligations for intermediaries to actively monitor networks and platforms for infringing content. Article 3(5) of the 2008 electronic transactions law states that service providers “are not subject to a general obligation to monitor the information they transmit or store, nor to a general obligation to search for facts or circumstances revealing illicit activities.” However, the provision is subject to targeted surveillance activity and requests by judicial authorities. In relation to crimes against humanity, incitement to racial hatred and child ponography, Article 3(5) states that intermediaries should set up systems that are “easily accessible and visible” to allow for such content to be brought to their attention. Furthermore, to promptly inform authorities of infringing content and inform users of the policies and practice in place to fight against illegal content. 

Whereas the Constitution of Senegal guarantees free speech, the Penal Code under Article 255 provides that: “The publication, dissemination, disclosure or reproduction, by any means whatsoever, of false news, fabricated, falsified or falsely attributed to third parties” that results in civil disobedience, endangers the public, or discredits public institutions is an offense punishable by imprisonment of one to three years and a fine of 100,000 to 1,500,000 Francs (USD 185 to 2,770). Without a clear definition of what constitutes false news, and considering requirements to cooperate with law enforcement authorities, failure of intermediaries to report any infringements may lead to sanctions. 

Under Article 431-61 of the Penal Code, conviction for an offense under the law that is committed via electronic communications attracts additional penalties. They include prohibition from sending electronic communications, temporary or permanent prohibition of access to the site used to commit the offense or its host. The article also requires service providers to implement measures necessary to ensure compliance with the penalties, violation of which is an offense punishable by six months to three years imprisonment and a fine of 500,000 to 2,000,000 Francs (USD 923 to 3,693). 

Cases of intermediary liability 

  1. Several private and public entities collect personal data in Senegal. For instance, there is Mandatory SIM card registration linked to the national identity database. However, there have been numerous reports of non-compliance with the data protection law and Commission of Personal Data (CDP) regulations. See, for instance, quarterly CDP notice
  2. During riots in early 2021, the government suspended private television channels Sen TV and Walf TV for repeatedly broadcasting images of the unrest following the arrest of the Senegalese opposition leader Ousmane Sonko. Furthermore, access to social media platforms including Youtube and Whatsapp was restricted.
  3. On June 20, 2019, the online newspaper “Pressafrik” was allegedly inaccessible for hours after it collaborated with the BBC on an investigative report into allegations of corruption implicating the brother of President Mack Sall. According to the Publishing Director Lissa Faye, the hack was “sponsored” given that “60% of Senegalese news sites are with the same host and PressAfrik is the only site to be inaccessible”. 
  4. The telecoms regulator ARTP has in the past issued ultimatums to telecommunications operators to improve quality of services.
  5. According to Facebook’s Transparency report, Senegal made six requests for user data, relating to seven accounts in 2020 – none of which was complied with. Earlier requests totaling 21 in the period 2016-2019 were also not complied with.
  6. Since 2009, Senegal has made four requests to remove content to Google
  7. Back in 2016, Senegal is reported to have made the second highest number of subscriber information requests  to Orange  – 18,653, up from 13,557 the previous year.  

Conclusion and Recommendations

The legislative and practice environment for liability of intermediaries in Senegal lacks clarity on roles and obligations. In some cases excessive powers over network operations are granted to service providers and the regulator. In others, requirements to cooperate with law enforcement authorities are broad, without specifying the recourse avenues for abuse of users’ rights. While the eTransactions Act and the Decree on eCommunications are clear about intermediary’s role regarding user’s content, the Intelligence Services Act, the Penal Code and other documents provide conflicting provisions related to surveillance and interception of communications that are likely to infringe privacy and freedom of expression online. 

There is need for specific legislation to determine the liability of intermediaries including with precision on content subject to take down or blockage, appeals procedures for decisions and measures for reinstating removed content. In the absence of a specific legal document entirely dedicated to intermediary liability, definition of intermediary liability, responsibilities and obligations, as well as unlawful content should be clear and consistent across all the existing legislation.

For their part, intermediaries should provide clear, accessible and understandable terms and conditions for service use, including options for privacy, back up and anonymisation, in accessible formats towards promoting privacy and data protection. Furthermore, increased transparency of service providers should include advance communication of changes to relevant user policies, service restrictions, as well as publication of detailed reports on cooperation with authorities.  Meanwhile, there is need for increased partnerships and engagement with civil society towards collaborative advocacy to promote business and human rights principles

Astou Diouf is a CIPESA Fellow, working on the role of internet intermediaries and service providers in the fight against Covid-19 in Senegal, including on issues such as facilitating increased access to the internet, privacy and personal data infringements, and content.

Why Access to Information is Essential for Democratic Elections in Africa

By Dunia Mekonnen Tegegn |

The importance of access to information in the electoral process and for democratic governance is documented in the African Charter for Democracy, Elections and Governance, and other sub-regional treaties and standards.

Without access to reliable information during the electoral process, it is difficult for citizens to eloquently exercise their right to make an informed choice. For elections to be free, fair, and credible, voters must have access to information at all stages of the electoral process. Access to information enables voters to be educated and informed about political processes so that they can have a basis upon which to vote for political office holders and to hold public officials responsible for their acts or oversights in the implementation of their actions.

Though Africa has developed several normative frameworks and legal instruments defining democratic elections, the wider dissemination of relevant information during the electoral process remains a challenge, putting the credibility of the process into question.

The Revised Declaration of Principles of Freedom of Expression and Access to Information under principle 13 emphasises that any preparatory work for elections should take into account the need for access to information and adherence to the African Union Commission’s Guidelines on access to information and elections.

Over the past few years, access to information has further been made easier through advances in information and communications technology (ICT), especially the internet, which have expanded the avenues through which people can access and share news and information.

Consequently, the importance of internet access in the dissemination of information that is politically balanced and adequate, particularly during election times, has also been underscored under many of the regional human rights instruments     .

For example, the UN Committee on Civil and Political Rights (CCPR) has emphasised that the internet is one way of expression since paragraph 2 of article 19 protects all forms of expression and the means of their dissemination. Similarly, principles 37 and 38 of the Revised Declaration of Principles of Freedom of Expression and Access to Information provide protection for access to the internet.

Despite existing guarantees, both state and non-state actors have violated these rights by limiting access to information during election periods through ordering internet shutdowns, clamping down on news media, and restricting the movements of political opponents to campaign. This in turn undermined the reliability of electoral processes.

Trends also indicate that most of the African countries conducting elections in 2020 and beyond have experienced internet shutdowns, often affecting the fairness and credibility of the elections.

The situation has further been complicated by COVID-19, which has hampered crucial offline electioneering, making the online space crucial. Though state and non-state actors have used various types of strategies to censor and restrict information during election times including through blocking certain content and internet pages, the impact blanket internet shutdowns have on access to information is massive. This strategy is not the best option as internet shutdowns only present short term solutions. Other alternatives should be sought, such as progressive laws, judicial oversight , and legal actions before domestic and regional courts     .

In this report, the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) explores the challenges citizens face in accessing crucial information in Africa, especially during elections, despite the recent developments in the ICT sector, including the internet which is often shut down as governments attempt to stifle their citizens’ ability to seek and share information online.

DataCon Africa

DataCon Africa, established as a spin-off event of CDAO (Chief Data & Analytics Officer) will see international and local industry experts from various industries discuss challenges within data governance such as data remediation, enrichment, breaking down the silos, data security and more. Culture Change and Change Management is becoming of utmost importance as organisations are looking to become data-driven before they are left behind and DataCon Africa will host workshops on these subjects.
For more information on this event, please click here.

Building Collaborations in Research for Internet Policy Advocacy in Africa

By Juliet Nanfuka |

Many African countries are caught between developing policies that support the unfettered use of the internet as a tool for social, economic and political growth, and laws that threaten citizens’ rights and use of digital technologies. Often, this is partly due to limited evidence upon which to base policies and decision-making, which results from the scant availability of relevant in-depth research.

As the need for internet policy advocacy that is informed by research grows, it is essential to increase the amount and depth of research originating from Africa. It is equally necessary to expand the methods used beyond the traditional to more contemporary ones such as network measurements, social network analysis and data mining. This has led to the need to train, connect, and build collaboration between researchers, policy makers and internet freedom advocates across the region and formed the basis of an intensive training on internet policy research methods.

The training workshop, which was held between February 27 and March 3, 2018, was organised by the Annenberg School for Communication’s Internet Policy Observatory and the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), alongside several partners from across Africa. A total of 40 participants from 17 countries attended the training in Kampala, Uganda. They included journalists, lawyers, technologists, academics, telecom regulators, government officials, and digital rights advocates.

 

The six days’  intensive curriculum covering various topics including on policy research, legal analysis, survey methods, social network analysis, strategic communication, data visualization, and network measurement was led by experts in the field, including faculty from Makerere University, University of San Francisco, the University of Pennsylvania, as well as various think tanks and civil society organisations.

The workshop emphasised the need to embrace more collaborative push back efforts such as strategic litigation, the deployment of tools such as the Ooni probe that monitor internet speed and performance, accompanied by social network analysis, data visualisation and data scraping which can reflect patterns of online narrative. It was also stressed that these methodologies, coupled with traditional research approaches through physical interactions such as focus group discussions and key informant interviews would support more multidisciplinary collaborations and versatile communication strategy for internet policy advocacy in Africa.

Indeed, evidence-based advocacy is fundamental today perhaps more than ever, as the affronts to citizen’s rights online continuously evolve, including at a technological infrastructure level (internet throttling, internet shutdowns, surveillance and data breaches), as well as laws and regulations that increasingly criminalise internet use. More recently, financial affronts to online content production and dissemination have been witnessed in Tanzania and Uganda.

The workshop alumni join a cohort of others from the Middle EastAsia, and Latin America equipped with the skills needed to collaborate across disciplinary and professional silos for progressive internet policy and practice at national, regional and global levels.

Below are some tweets shared  from the workshop:


https://twitter.com/kudathove/status/969500199486984192


https://twitter.com/kudathove/status/969125256911781889


https://twitter.com/NHLAKANHLANHLA/status/968457060424781824


https://twitter.com/kudathove/status/968095031763652610
 


 

Solving Uganda’s Challenges through Data & Service Design

By Neema Iyer|

Last week, we asked “What is Service Design?” and answered our question with “Service design is the process of taking a service and better tailoring it to the needs and wants of the end user, whether that’s a client, customer or in the case of civic service design, the citizen. It could be improving an existing service, or creating a new service totally from scratch.”

On December 5th, Pollicy and the Collaboration in International ICT Policy for Eastern and Southern Africa (CIPESA) brought back the civic technology community in Uganda, but this time, with a focus on data and design. As issues of data ownership, digital security, censorship become more pertinent in our society, so does the need to appropriately harness the benefits of big data. Through a series of interesting panel discussions, lightening talks and a hands-on design training, we took participants through a journey on how data can be used to revolutionize how citizens and governments interact for mutual benefit.

We first tackled the hard issues around the ethics of data in improving service delivery in Uganda through a panel discussion analyzing the issue from the perspective of the Ugandan Police Force, human rights defenders and the healthcare industry. Mr.Jimmy Haguma, the Acting Commissioner of Police — IT & IM, Mr.Neil Blazevic from DefendDefenders Tech Unit and Mr.Samson Jarso from Andromeda Innovations led the panel moderated by Pollicy’s own Patricia Navvuga.

 Next, we engaged the private sector on how they use big data to improve how they deliver services to Uganda citizens. Engaging lightening talks from Umeme, Viamo and Fenix: Uganda’s electricity company, a mobile technology company bringing information to the last mile and one of the biggest home solar system companies in Uganda.


In the afternoon, after a networking lunch we came together as a group to tackle challenges using the principles of service design, facilitated by Design without Borders. Using a process of iterative prototyping, our faciliators Lawrence and Rachit discussed how they conduct user research, ideate and convert their ideas in prototypes which they extensive test with their end users until completely satisfied with the user journey.

Service design creates better citizen and staff experiences while at the same time reducing inefficiencies and increasing value to society. Think of all the time, money and mental energy saved by improving upon the processes listed below.

As small groups 6–7 participants, we tackled three main challenges:
1. Public Transport in Kampala in quite inefficient
2. Obtaining a new passport is troublesome
3. There is a lack of monitoring of public complaints


From our discussions, we realized that the solutions could be readily implemented by thinking of the issues holistically. In the previous blog post, we looked at the example of acquiring a new passport here in Uganda, and quite fittingly worked on the same issue in one of the small groups.

The group, working through the National ID or a temporary National ID, presented a simple online solution for registering linked information and obtaining feedback throughout the process via e-mail, SMS and by logging into the online portal to check on the status of the submission.

For public transportation, a colour-coded and numbering system for public minibuses and buses was offered as a solution to ease unruly drivers, unknown bus routes and improve connections between routes. For public complaints monitoring, the AskYourGov system was offered as a potential solution by engaging numerous government officials through one centralized portal.

What we took away from the session was that even though we were able to come up with these ideas in 1–2 hours, the solutions seemed readily implementable. But looking at the service design processes, we need to do further research with end user and to first prototype these concepts with small groups of users to perfect the process.

Getting to work hands-on on current pressing issues in Uganda was an eye-opening experience and we hope to bring in more members of the civic technology community together with government to problem solve some of these challenges using data and design principles.

For more information on service design, check out the Service Design Toolkithttp://www.servicedesigntoolkit.org/ and content from Interaction Design Foundationhttps://www.interaction-design.org/literature/topics/service-design

We’re thankful for everyone who showed up and remained engaged the entire time, and for our partner CIPESA on making this event possible!
On to the next!