Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Digital Rights

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Digital Rights
04Feb

Why Data and AI Governance Are Central to Africa’s Digital Trade Ambitions

Author CIPESA Posted on

By CIPESA Writer |

Digital technologies are changing how African businesses trade and connect across borders. However, digital trade on the continent remains hugely constrained, including by regulatory fragmentation, infrastructure gaps, and bureaucratic hurdles. How then should African countries leverage the growing digitalisation and emerging technologies such as Artificial Intelligence (AI) to boost their digital economies?

According to the World Trade Organization (WTO), in 2024, Africa’s exports of digitally delivered services (DDS) were valued at USD 41.3 billion, representing just one percent of global exports. Nonetheless, the continent’s prospects are promising. The WTO and the World Bank project that greater use of digital technologies could boost Africa’s digital services exports by USD 74 billion between 2023 and 2040, doubling Africa’s share of global exports.

Evidently, if African countries do not address existing barriers and take decisive action, the continent risks becoming an even more marginal player in the global digital trade ecosystem. How to bridge the barriers and leverage data and AI to shape digital trade and Africa’s economic future was at the centre of discussions at the African Economic Research Consortium (AERC) Summit 2025, held in Nairobi, Kenya, last December.

A panel on digital trade and the governance of digital and AI economies, where the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) featured, stressed that, although frameworks such as the African Continental Free Trade Area (AfCFTA) Digital Trade Protocol are a step in the right direction, they could fail to significantly grow digital trade if member states lack enabling data and AI governance systems and practices.

Today, DDS account for approximately 35% of Africa’s total services export value, and have been rising at a double-digit rate, outpacing growth in other regions globally. However, growth in digital services trade remains uneven, concentrated in a handful of countries, mostly South Africa, Morocco, Ghana, Egypt, and Mauritius. Kenya, Nigeria and Tunisia are also notable players but with lower export values than the leading African countries.

Regional initiatives such as the AfCFTA Digital Trade Protocol can help to expand digital trade beyond domestic markets, including in countries that currently lag. The protocol, which was adopted two years ago, aims to harmonise rules for cross-border digital trade across Africa, including on electronic transactions, data governance, and digital payments. Meanwhile, the African Guidelines on Integrating Data Provisions in Protocols on Digital Trade of 2024, emphasise harmonised data governance as an enabler of secure and inclusive digital trade across Africa.

The African Union Data Policy Framework (AUDPF) similarly provides for interoperable data ecosystems across the continent, that are enabled by harmonised laws that support both innovation and rights protection. The various regional efforts support the dream of a Digital Single Market by 2030, as envisaged by the Africa Digital Transformation Strategy of the African Union.

The Galore of Barriers

The region currently lacks an operational continent‑wide harmonised framework for data protection, e‑commerce regulation, digital taxation, or AI governance. This gap raises compliance costs and presents a barrier to businesses that aim to scale operations across borders. This undermines cross‑border digital trade and data flows. Moreover, lack of regulations for paperless trade, including on electronic invoicing, e-signatures and e-contracts, presents an additional hurdle.

On the other hand, high taxes on goods, services, data, and devices drive up costs for businesses, yet several entrepreneurs struggle to access affordable digital financial services, including for effecting cross-border payments. These challenges are made worse by low internet speeds, unreliable electricity supply, as well as weak understanding of export regulations, data protection, and cybersecurity.

Addressing these barriers would offer entrepreneurs a range of benefits. Businesses can reach new customers beyond national borders without investing much in physical export infrastructure, which can reduce costs and expand their market reach. Also, interoperable digital payments can help to minimise settlement delays and overcome currency conversion hurdles.

Priorities on AI and Data Governance

Projections by a WTO 2025 report show that AI could boost the value of cross-border flows of goods and services by around 40% by 2040, due to productivity gains and lower trade costs. However, Africa’s readiness for AI regulation and uptake, particularly by small and medium enterprises, remains low. The WTO report points to AI’s potential to reduce logistics costs, overcome language barriers, ease regulatory compliance, and boost productivity.

In a March 2025 survey among firms from across the world, the most cited benefits of AI were improved trade efficiency (22%), optimised trade decision-making (14%), expanding the foreign customer base (10%), enhanced supply chain management (9%), and broader import and export product ranges (9% and 8% respectively).

How data and AI are governed is therefore key for the future of Africa’s digital economy. If African countries do not put in place robust and harmonised legislation, they will risk perpetuating patterns of the so-called “AI colonialism” in which African data and users fuel global AI markets yet their economies do not receive proportionate economic benefits. Many African countries are adopting AI in the public and private sectors but lack comprehensive AI-specific laws and governance frameworks and often rely instead on outdated laws that pre-date the current technologies.

The State of Internet Freedom in Africa 2025 report calls for human‑centred AI laws that ensure transparency in algorithms, clear accountability, and effective mechanisms for liability and redress. The report urges governments to strengthen independent AI and data oversight institutions, invest in digital infrastructure and inclusion, expand internet access, and ensure AI tools serve local languages. The report also highlights that Africa’s AI market is projected to grow from USD 4.51 billion in 2025 to USD 16.5 billion by 2030.

Africa thus urgently needs cross-border data governance frameworks that support trusted data flows, reduce fragmented national rules, and establish interoperable standards to boost regional digital trade under initiatives such as AfCFTA and the AUDPF. At the same time, investments in affordable connectivity, local cloud capacity, public digital platforms, and datasets in African languages are essential.

The Role of Civil Society and Think Tanks

The Summit discussion stressed the urgent need for research to inform policy, particularly on cross-border data flows, AI adoption, and ways for Africa to avoid new forms of dependency while getting greater value from its data and digital innovation.

Also essential is civil society engagement in monitoring the implementation of continental digital trade and data initiatives, supporting harmonisation of policies and standards, and building the capacity of policymakers, regulators, and businesses.

Actions to Grow Digital Trade in Africa

  • Embrace digital transformation and connectivity by investing in robust networks and backup systems.
  • Implement robust cyber security frameworks while ensuring effective cyber leadership and prioritising investments in cyber infrastructure, skilling, awareness.
  • Recognise data as a trade enabler by ensuring trade agreements have provisions that prevent unnecessary restrictions on data flows.
  • Harmonise data protection standards to reduce compliance costs for businesses and build trust among different stakeholders.
  • Adopt and implement Intellectual Property (IP) laws to ensure that local innovators and individuals in the region benefit.
  • Build robust digital infrastructure with a focus on Digital Public Infrastructure (DPI) and data privacy.
  • Assess and address the impact of emerging technologies like artificial intelligence, blockchain and IoT, ensuring they foster innovation and address ethical challenges.

Source: CIPESA – Policy Considerations for Enhancing Digital Trade in East Africa

29Jan

Data Protection Officers Convene to Strengthen Privacy Leadership on International Data Privacy Day

Author CIPESA Posted on

By Anitah Ahebwa |

Data Protection Officers (DPOs) from across the country gathered at Four Points by Sheraton, Kampala, on Wednesday, 28 January 2026, for a masterclass aimed at strengthening strategic data protection leadership. Organised by the Personal Data Protection Office (PDPO) in partnership with the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), the event marked the annual International Data Privacy Day and focused on helping DPOs balance compliance, risk, and business needs within their organisations.

While giving opening remarks at the masterclass, Baker Birikujja, the National Personal Data Protection Director, highlighted the everyday realities of personal data protection.

“Some of the most damaging privacy incidents do not begin with hackers,” he said. “They begin with a printed report left on a desk, a patient file discussed in an open corridor, an unlocked cabinet, or a phone call handled without discretion. Personal data exists not only online, but on paper, in recordings, photographs, CCTV footage, and everyday conversations and it deserves the same discipline and respect wherever it sits.”

He added that modern privacy management is not merely a file of policies. “It is a system of decisions, behaviors, controls, and accountability,” he said, noting that effective data protection requires attention to both digital environments such as databases, apps, and cloud services, and physical or offline environments, including paper records, filing systems, CCTV, and call recordings.

Edrine Wanyama, Programme Manager Legal at CIPESA, noted that the partnership with the PDPO was driven by a shared commitment to building strong and effective collaborations in data governance and protection. “We believe in building good partnerships, and we have actively leveraged and worked through these processes to buttress efforts,” he said. He added that data protection is central to CIPESA’s work.

He further noted that marking International Data Privacy Day through the workshop was intentional, explaining that the masterclass was designed to enhance knowledge of Data Protection Officers and build their capacity to effectively respond to emerging data protection risks and take appropriate actions

Edrine Wanyama, Programme Manager, Legal at CIPESA, explained why CIPESA partnered with PDPO; “We believe in building strong partnerships and have leveraged these collaborations over time. Data protection is central to what we do, and data is critical because it relates directly to individuals.”

He also highlighted that the timing of the masterclass on International Data Privacy Day was intentional. He noted that the workshop was designed to bring Data Protection Officers together to not only acquire knowledge but also build their capacity to effectively do their work.

The masterclass featured three key sessions. The first explored the evolving role of the DPO as a strategic advisor, covering legal mandates, independence, and repositioning from a compliance officer to a trusted advisor. The second session focused on applying a risk-based approach to data protection, helping DPOs identify high-risk processing activities, prioritise compliance actions, and use risk assessments to guide management decisions. The final session addressed balancing compliance, risk, and business needs, equipping DPOs with strategies to advise leadership in clear business language, support innovation, and document recommendations effectively.

The sessions come against a backdrop of broader challenges for DPOs in Uganda. A recent PDPO training needs assessment conducted by the PDPO in November 2022, revealed that around 90.6% of DPOs lack formal certification in data protection and privacy, and only a small proportion have technical or legal backgrounds. Many officers are also less involved in core compliance tasks such as audits, breach reporting, and managing data protection complaints. These findings highlight the continued importance of professional development and knowledge-sharing forums like this masterclass.

By convening DPOs on International Data Privacy Day, PDPO and CIPESA emphasised the need for proactive privacy leadership in safeguarding personal data and maintaining public trust. Participants were equipped with practical tools to advise management, manage data protection risks, and integrate privacy considerations into organisational practices.

The masterclass is part of PDPO’s ongoing efforts to foster a culture of responsible data governance in Uganda, ensuring that personal data protection extends beyond regulatory compliance to build public confidence in the country’s growing digital economy.

Following the sessions, participants agreed on collective actions to:

  • Prioritise privacy-by-design and continually engage in robust cybersecurity practices aimed at protecting and securing individuals’ personal data.
  • Develop internal data protection policies to guide the implementation of data practices and ensure personal data protection.
  • Keep abreast of technological developments, including AI, and ensure minimisation of risks associated with it for progressive data protection.
  • Conduct staff and customer tailored trainings and raise awareness amongst them on data protection and the need to safeguard their data.
  • Ensure that as DPOs, they take on pivotal leadership over data protection to ensure compliance with the data protection principles and protection of data protection rights.
  • Hold all perpetrators of data breaches accountable for their actions in order to deter any further similar breaches by errant data controllers and processors.
  • Conduct regular data mapping and maintain up-to-date records of processing activities to understand what data is in their possession and how to rightly handle it in the changing technological and business spaces.
  • Foster collaboration across teams and recognise that privacy cannot be managed in isolation but through joint responsibility and efforts.
  • Recognise their central role in the compliance and reporting function to ensure the establishment of safeguards that protect their organisations from reputational, legal, and financial harms.

Please see an emerging press release here.

19Jan

CIPESA Condemns Ongoing Internet Disruption in Uganda

Author CIPESA Posted on

Statement |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) condemns the ongoing internet disruptions in Uganda and urges the government to immediately restore full access to social media platforms, blocked websites, and mobile money services. We further call upon the Government of Uganda to cease and desist from ordering internet throttling and blockages, which unjustifiably deny citizens the right to express themselves and to access, share and disseminate information. Internet disruptions further limit the public’s ability to conduct business, access public services, participate in community and civic affairs, socialise, and maintain contact with friends, family, and associates.

CIPESA joins numerous independent observers who have strongly condemned the disruptions to digital communications, including the Uganda Law Society, which has described the disruptions as unlawful. While the Uganda Communications Act (2013) grants powers to the national communications regulator, according to the Uganda Law Society, the Uganda Communications Commission (UCC) may order a blockage of communications following a formal declaration of a state of emergency. No such state of emergency was declared at the time the regulator ordered a nationwide shutdown two days before the January 15, 2026, polls. Government officials said the disruption was aimed at curbing the spread of online misinformation, electoral fraud, and incitement to violence in the lead-up to the elections.

As affirmed by the African Commission’s Special Rapporteur on Freedom of Expression and Access to Information, as well as global civil society organisations, governments must refrain from imposing network disruptions and instead address security or public order concerns through lawful, necessary, and proportionate measures. Indeed, internet shutdowns and restrictions are a disproportionate measure that violate Uganda’s constitutional guarantees and its regional and international human rights obligations, including those under the African Charter on Human and Peoples’ Rights.

Furthermore, CIPESA is concerned by the broader pattern of repression, including relentless attacks on civil society organisations. In the days preceding the elections, several organisations working on media rights, democratic governance, and human rights protection were suspended, in what appears to be a deliberate attempt to silence independent voices. This broader crackdown on civic space also included the arrest of human rights defender Sarah Bireete, Executive Director of the Centre for Constitutional Governance, further illustrating the shrinking environment for civil society and human rights work in the country.

A free, independent, and vibrant civil society is indispensable to any democratic society and should not be treated as government adversaries. The Government of Uganda should therefore recognise civil society organisations as legitimate and valuable partners in improving livelihoods, strengthening rights protection, and advancing democratic governance and socio-economic transformation.

Similarly, CIPESA urges the government to immediately cease attacks against journalists and media workers, particularly those from independent media houses and journalists who are critical of government actions. These violations, which have been widely documented by national and international actors, including the United Nations, undermine media freedom and the public’s right to access information, especially during electoral periods.

13Jan

Uganda’s Election and the Lingering Legacy of Internet Blockage

Author CIPESA Posted on

By Juliet Nanfuka |

In two days, as Uganda heads to its presidential and parliamentary elections slated for January 15, 2026, citizens, civil society actors, journalists, and digital rights defenders were stumped with the question, “will they shut down the internet again?” Or, this time, will we see a commitment to adherence to one of the basic fundamentals of digital democracy and have an election in which access to digital communications remains open?  

In recent weeks, anxiety about an impending internet blackout has surged despite Dr. Aminah Zawedde, Permanent Secretary of the Ministry of ICT and National Guidance, and Hon. Nyombi Thembo, Executive Director of the Uganda Communications Commission (UCC), dismissing rumours of plans to shut down the internet, calling them “false and misleading”.

However, for many, these pronouncements have done little to quell suspicions, especially due to the actions witnessed during the 2016 and 2021 elections. During those previous two elections, access to digital communications was restricted, resulting in a block to online communication, commerce, and key avenues for civic engagement.

Various actions in the lead up to the polls have also served to compound the suspicions. In a report issued in January 2026, the United Nations Office of the High Commissioner for Human Rights (OHCHR) describes the arrests of state critics as “arbitrary and discriminatory” and outside of the country’s constitutional guarantees.

Despite the strong constitutional protection of rights, the human rights situation in Uganda during the period under review has been characterized by increasingly restrictive legislation and their arbitrary and discriminatory application. The Government of Uganda has continued to rely on legislation such as the Public Order Management Act (POMA), the Anti-Terrorism Act, the NGO Act, the Computer Misuse (Amendment) Act and the Penal Code Act to shrink civic and democratic space and further weaken political participation, particularly of political opponents and their supporters, as well as the work of civil society, including journalists and human rights defenders.” OHCHR Report on Uganda

Meanwhile, independent media has come under increasing pressure, experiencing various forms of clampdowns in the lead up to the elections, including the denial of advertising spend. In October 2025, independent outlets – NTV Uganda and The Daily Monitor – were denied accreditation to cover parliamentary and presidential proceedings. Reports of harassment, equipment confiscation as well as attacks on journalists during election campaign coverage, and raids on media offices, have been commonplace – underscoring a deteriorating environment for media freedom.

Meanwhile the satellite internet provider Starlink, which has services that can operate independently of terrestrial networks, was halted in Uganda after a regulatory directive in early January 2026, rendering all Starlink terminals inactive ahead of polling day. The satellite internet service provider was providing  services without a valid local license. Critics still argue that the directive serves to limit alternatives for connectivity in the event of broader restrictions on internet access, feeding anxieties about reduced access to independent channels of information.

The UCC has also come under fire following its warning to broadcasters and digital content creators against live coverage of riots, protests, or incidents that could disrupt public order. The regulator stated that only the Electoral Commission may declare election results, and sharing unverified results is illegal. Dr. Zawedde stated, “Media platforms must not be abused to incite violence, spread misinformation, or undermine the credibility of the electoral process.”

By the afternoon of January 13, 2026, a directive circulating online had been issued by UCC to mobile network operators to block public access to the internet, effective at 18:00.

In a public statement, Access Now and the global #KeepItOn coalition had urged President Yoweri Museveni and relevant national authorities to ensure unrestricted internet access throughout the electoral period and to refrain from any disruptive measures that impede the free flow of information. The statement stresses the fundamental role that connectivity plays in inclusive participation, freedom of expression, and the credibility of the electoral process.

Likewise, the African Commission on Human and Peoples’ Rights (ACHPR) also reaffirmed that internet access is a core human right and a necessary condition for free and fair elections, warning against restrictions that would stifle civic space. The Commission called on the Government of Uganda to ratify the African Charter on Democracy, Elections and Governance, signed on January 27, 2013, which emphasises the importance of a culture of peaceful change of power based on regular, free, fair and transparent elections conducted by competent, independent and impartial electoral bodies.

For democracy to flourish in Uganda, authorities must demonstrate their commitment to open digital spaces. This means not only publicly guaranteeing uninterrupted internet access before, during, and after the elections but also building trust through transparency and accountability.  Citizens deserve to communicate freely, monitor the electoral process, and hold all actors accountable without fear of arbitrary disruption.

Ultimately, Uganda’s electoral credibility will not be judged by what happens at polling stations, but by whether the state resists the temptation to control information by disrupting digital access. In an era where civic participation, journalism, election transparency, and even livelihoods heavily rely on digital access, a disruption would signal a fear of accountability.

If the government chooses restraint in the coming hours, it would mark a major departure from a troubling past and offer Ugandans a rare assurance in the election process. If it does not, history will record yet another election where the digital access was shut down to presumably manage dissent rather than protect democracy.

29Dec

Samantha Sibanda

Author CIPESA Posted on

Who is Samantha Sibanda?

I am a human rights advocate and survivor of mental health issues who has dedicated the past decade of her life to championing the rights of persons with disabilities. In 2014, I founded the Signs of Hope Trust, an organisation for persons with disabilities, which focuses on access to information, digital rights, and inclusion, as well as inclusive civic engagement and public finance management.

I am also a trainer in the Freedom of Information Act, selected by the Zimbabwe Media Commission to support government entities and the public in understanding the Act and improving transparency and accessible information practices. My advocacy work is grounded in the principles of Ubuntu, which utilise community-driven and collaborative approaches to achieve change.

My motivation to work on disability and digital rights stems from a combination of personal experience and what I’ve observed in my own community. As a survivor of mental health challenges, I was drawn into advocacy through my own journey, and I continue to support community-based rehabilitation and mental health champions in my work.

As for digital rights, it grew naturally from my work at Signs of Hope Trust. For many years, we shared information via WhatsApp and other platforms to bridge information gaps for persons with disabilities. However, at the peak of the COVID-19 pandemic, between 2020 and 2021, the disability digital divide became more apparent. Everything shifted to online, including education, communication, and public services, and many individuals with disabilities were left behind due to inaccessible technologies, limited data, or a lack of access to devices.

That moment pushed me to focus intentionally on digital inclusion. We also added Digital Rights as a core programming area at Signs of Hope Trust, and I have continued to champion this work from the grassroots level, where our communities are most affected.

There have been tremendous efforts to expand digital rights and inclusion for persons with disabilities in Africa. The digital divide related to disabilities has become a key topic at most digital rights convenings that I have been privileged to attend. Regionally, the AfricanUnion (AU) Protocol to the African Charter on Human and Peoples’ Rights (ACHPR) on the Rights of Persons with Disabilities in Africa came into force in May 2024, reinforcing the legal basis for accessible ICT [Information and Communications Technology], barrier-free access to communication systems, and the right to information.

Alongside this, more organisations are adopting accessibility standards, governments are integrating disability inclusion into national digital strategies, and communities are increasingly vocal about the need for accessible online services. While gaps remain, the momentum is good, and the conversation is shifting from awareness to implementation.

I want to commend CIPESA for developing the Disability& ICT Accessibility Framework Indicators. I have personally used these in our research in Zimbabwe, and I have seen more studies that have used them.  This is a crucial tool for data-driven advocacy and enhancing access to ICT for persons with disabilities.

Additionally, Universal Service Funds are increasingly being used to finance assistive technologies and expand connectivity, while community-based efforts, such as community networks supported by the Internet Society, are bringing internet access to remote areas. In Zimbabwe, there are community information centres which provide shared devices, internet connectivity, and training spaces for persons with disabilities who may not have individual access. Lastly, emerging satellite internet solutions, such as Starlink, are bringing reliable internet access to remote areas.

These innovations, when combined with accessible design, digital literacy programmes, and advocacy for inclusive policy, are creating practical pathways for persons with disabilities to participate fully in the digital world.

There are several pressing challenges that threaten digital rights and inclusion for persons with disabilities in Africa. One emerging concern is the rise of Artificial Intelligence (AI) tools, such as generative AI chatbots and image generators, which can reproduce harmful biases and create misinformation that is difficult to fact-check. This disproportionately affects persons with disabilities, who often lack access to digital literacy and critical information verification skills. Information disorders, including deepfakes and manipulated content, further exacerbate these risks.

Ableism remains another persistent barrier, carried into online spaces and contributing to self-censorship or exclusion of persons with disabilities from digital participation. It also shapes whose voices are considered in policymaking, often leaving persons with disabilities sidelined in laws and digital governance.

I often reference the seven pillars of inclusion, and when contextualised to digital rights, several stand out. First, inclusive policy frameworks must provide tangible ways to embed the needs of these groups into national and regional digital strategies and practices. Communication should be accessible, transparent, timely, multilingual, and adaptable to diverse abilities, ensuring that information reaches everyone.

Offering choice in how people engage digitally allows communities to use tools and platforms that best suit their needs. Building strong partnerships across government, civil society, industry, and community networks amplifies impact and accountability. Accessibility must be prioritised in both digital content and devices, ensuring that platforms are usable by all. Web accessibility guidelines should be applied when developing websites to ensure they are accessible to all users.

1 2 3 33