Robust Data Protection Standards Could Spur Regional Economic Integration

By Edrine Wanyama |

Leaders in charge of various data protection agencies and Civil Society Organisations (CSOs) who met at the East African Exchange on Data Protection held in Kampala, Uganda on March 6, 2024, recognised the need to buttress data protection by promoting the right to privacy in the region. 

The event drew representatives of government agencies and CSOs from Burundi, the Democratic Republic of Congo, Kenya, Rwanda, Somalia, South Sudan, Tanzania, and Uganda. Speaking to the importance of the Data Exchange programme, Stella Alibateese, the Director of the National Personal Data Protection Office in Uganda emphasised the need to enhance the right to privacy. 

“As we navigate these waters, we must recognise the diverse stages of development and implementation of data protection and privacy laws across our partner states in the East African Community,” she said. “Yet, within this diversity lies our strength – the unparalleled opportunity for knowledge exchange, peer learning, and collective growth.”

Dr. Chris Baryomunsi, Uganda’s Minister of ICT and National Guidance, underscored the need for collaboration in dealing with the complexities of data protection. “As a bloc, we must therefore embrace innovative solutions and continue these collaborative efforts amongst regulators, development partners, businesses, and the general public so as to achieve effective data protection and respect for privacy rights,” said Baryomunsi. “I am confident that the outcomes of this knowledge exchange will go a long way in defining a regional approach to addressing emerging threats in data protection.”

Data privacy is necessary for enhancing state relations in trade and business. This includes e-commerce, transport, movement of goods and services, efficiency of service delivery, movement of persons and labour, and information exchange for a quicker economic integration process.

While the East Africa Community (EAC) stands on four pillars (the Customs Union, the Common Market, Monetary Union and Political Federation), which are the core foundations for economic development, the Customs Union, movement of persons, movement workers and the Monetary Union involve mass collection of personal data including in trade and business and travel. 

Additionally, not all the states in the region have established strong safeguards on data protection and privacy. For instance, while Kenya, Rwanda, Somalia, South Sudan, Tanzania, and Uganda have specific legislation on data protection, some of the laws are criticised for failing to meet internationally accepted standards by, among others, not having clear and independent authorities to oversee and manage personal data and privacy. Another concern is that Burundi and the Democratic Republic of Congo are yet to enact specific laws on data protection, which puts data movement in the region at risk. 

At the regional level, the Draft EAC Legal Framework For Cyber Laws of 2008 has been largely unimplemented. Also, Rwanda is the only country within the EAC that has signed and ratified the African Union Convention on Cyber Security and Personal Data Protection, (the Malabo Convention). As such there is no unified code or standard on data protection and privacy in the region.

Nevertheless, according to Annette Ssemuwemba, Deputy Secretary General for Customs, Trade and Monetary Affairs at the EAC, the bloc is undertaking measures to come up with a harmonised framework on data security. She said such a harmonised framework has the potential to inform data protection practices across the region with high chances of setting a common standard amongst the member states. 

Meanwhile, the existing data protection agencies in the EAC Member States face common challenges. These include limited financial resources, lack of sufficient technical and competent staff with a firm grasp of data protection and privacy issues, and receiving of complaints which are not necessarily related to the right to privacy. These challenges have undermined the potential of a transformational data privacy era in the region including in carrying out investigations into data breaches and adjudicating complaints. 

Nevertheless, the need to leverage more opportunities for data exchange were highlighted. These include through knowledge exchange, collaboration, governments’ political will, professionalisation of the technology sector, independence of the data protection agencies, ratification of the Malabo Convention, picking lessons from the General Data Protection Regulation (GDPR) of the European Union and the adoption of a uniform code for personal data protection in the region. Such measures could spur the protection and promotion of the right to privacy nationally, regionally, and internationally. Similarly, EAC countries without data protection should swiftly enact them to be on the same page with the rest.

Towards Ethical AI Regulation in Africa

By Tusi Fokane |

The ubiquity of generative artificial intelligence (AI)-based applications across various sectors has led to debates on the most effective regulatory approach to encourage innovation whilst minimising risks. The benefits and potential of AI are evident in various industries ranging from financial and customer services to education, agriculture and healthcare. AI holds particular promise for developing countries to transform their societies and economies. 

However, there are concerns that, without adequate regulatory safeguards, AI technologies could further exacerbate existing governance concerns around ethical deployment, privacy, algorithmic bias, workforce disruptions, transparency, and disinformation. Stakeholders have called for increased engagement and collaboration between policymakers, academia, and industry to develop legal and regulatory frameworks and standards for ethical AI adoption. 

The Global North has taken a leading position in exploring various regulatory modalities. These range from risk-based or proportionate regulation as proposed by the European Commission’s AI Act. Countries such as Finland and Estonia have opted for a greater focus on maintaining trust and collaboration at national level by adopting a human-centric approach to AI. The United Kingdom (UK) has taken a “context-specific” approach, embedding AI regulation within existing regulatory institutions. Canada has prioritised bias and discrimination, whereas other jurisdictions such as France, Germany and Italy have opted for greater emphasis on transparency and accountability in developing AI regulation. 

On the other hand, China has taken a more firm approach to AI regulation, distributing policy responsibility amongst existing standards bodies. The United States of America (USA) has adopted an incremental approach, introducing additional guidance to existing legislation and emphasising rights and safety. 

Whilst there are divergent approaches to AI regulation, there is at least some agreement, at a muti-lateral level, on the need for a human-rights based approach to ensure ethical AI deployment which respects basic freedoms, fosters transparency and accountability, and promotes diversity and inclusivity through actionable policies and specific strategies. 

Developments in AI regulation in Africa

Regulatory responses in Africa have been disparate, although the publication of the African Union Development Agency (AUDA-NEPAD) White Paper: Regulation and Responsible Adoption of AI for Africa Towards Achievement of AU Agenda 2063 is anticipated to introduce greater policy coherence. The White Paper follows the 2021 AI blueprint and the African Commission on Human and Peoples’ Rights Resolution 473, which calls for a human-rights-centred approach to AI governance. 

The White Paper calls for a harmonised approach to AI adoption and underscores the importance of developing an enabling governance framework to “provide guidelines for implementation and also keep AI development in check for negative impacts.” Furthermore, the White Paper calls on member states to adopt national AI strategies that emphasise data safety, security and protection in an effort to promote the ethical use of AI. 

The White Paper proposes a mixed regulatory and governance framework, depending on the AI use-case. First, the proposals encompass self-regulation, which would be enforced through sectoral codes of conduct, and which offer a degree of flexibility to match an evolving AI landscape. Second, the White Paper suggests the adoption of standards and certification to establish industry benchmarks. The third proposal is for a distinction between hard and soft regulation, depending on the identified potential for harm. Finally, the White Paper calls for AI regulatory sandboxes to allow for testing under regulatory supervision. 

Figure 1: Ethical AI framework

However, there are still concerns that African countries are lagging behind in fostering AI innovation and putting in place the necessary regulatory framework. According to the 2023 Government AI Readiness Index, Benin, Mauritius, Rwanda, Senegal, and South Africa are ahead in government efforts around AI out of the 24 African countries assessed. The index measures a country’s progress against four pillars: government/strategy, data & infrastructure, technology sector, and global governance/international collaboration.  

The national AI strategies of Mauritius, Rwanda, Egypt, Kenya, Senegal and Benin have a strong focus on infrastructure and economic development whilst also laying the foundation for AI regulation within their jurisdictions. For its part, Nigeria has adopted a more collaborative approach in co-creating its National Artificial Intelligence Strategy, with calls for input from AI researchers. 

Thinking beyond technical AI regulation 

Despite increasingly positive signs of AI adoption in Africa, there are concerns that the pace of AI regulation on the continent is too slow, and that it may not be fit for purpose for local and national conditions. Some analysts have warned against wholesale adoption of policies and strategies imported from the Global North, and which may fail to consider country-specific contexts.

Some Global South academics and civil society organisations have raised questions regarding the importation of regulatory standards from the Global North, some even referring to the practice as ‘data colonialism’. The apprehension of copy-pasting Global North standards is premised on the continent’s over-reliance on Big Tech digital ecosystems and infrastructure. Researchers indicate that “These context-sensitive issues raised on various continents can best be understood as a combination of social and technical systems. As AI systems make decisions about the present and future through classifying information and developing models from historical data, one of the main critiques of AI has been that these technologies reproduce or heighten existing inequalities involving gender, race, coloniality, class and citizenship.” 

Other stakeholders caution against ‘AI neocolonialism’, which replicates Western conventions, often resulting in poor labour outcomes and stifling the potential for the development of local AI approaches.  

Proposals for African solutions for AI deployment 

There is undoubtedly a need for ethical and effective AI regulation in Africa. This calls for the development of strategies and a context-specific regulatory and legal foundation, and this has been occurring in various stages. African policy-makers should ensure a multi-stakeholder and collaborative approach to designing AI governance solutions in order to ensure ethical AI, which respects human rights, is transparent and inclusive. This becomes even more significant given the potential risks to AI during election season on the continent. 
Beyond framing local regulatory solutions, stakeholders have called for African governments to play a greater role in global AI discussions to guard against regulatory blindspots that may emerge from importing purely Western approaches. Perhaps the strongest call is for African leaders to leverage expertise on the continent, and promote greater collaboration amongst African policymakers. 

Save the Date: The Forum on Internet Freedom in Africa (FIFAfrica24) September 25-27, 2024!

Announcement |

It’s time to mark your calendars for the annual Forum on Internet Freedom in Africa (FIFAfrica), the largest gathering on digital rights on the continent.  The 2024 edition will be held on September 25-27 and as in previous years will align with the commemoration of the annual International Day for Universal Access to Information (IDUAI).

FIFAfrica sets the stage for concerted efforts to advance digital rights in Africa and promote the multi-stakeholder model of Internet governance. It places internet freedom directly on the agendas of key stakeholders, including policymakers, journalists, activists, global platform operators, telecommunications companies, regulators, human rights defenders, academia, and law enforcement.

Now in its 11th year, FIFAfrica has grown to serve as a vital response to the mounting obstacles facing digital democracy in Africa, including arrests and intimidation of online users, internet disruptions, and regressive laws that stifle the potential of digital technology to catalyse socio-economic and political development on the continent. 

This year, FIFAfrica24 will serve as a key channel that informs the way ahead for digital democracy in Africa and the role that different stakeholders need to play to realise the Digital Transformation Strategy for Africa and Declaration 15 of the 2030 Agenda for Sustainable Development. The Declaration notes that the spread of information and communications technology and global interconnectedness has great potential to accelerate human progress, to bridge the digital divide and develop knowledge societies.

FIFAfrica offers something for everyone! Be sure to save the date and don’t miss this chance to be part of the #InternetFreedomAfrica movement dedicated to protecting and promoting internet freedom across the continent.

Stay tuned for more details and registration information! 

Senegal Elections: CIPESA and AfricTivistes Engage Key Stakeholders on Content Moderation

By Abdou Aziz Cissé, Laïty Ndiaye and CIPESA Staff Writer |

The postponement of Senegal’s presidential elections in February 2024 escalated political tensions in the west African country. In response, the Ministry of Communication, Telecommunications and Digital Economy suspended access to mobile internet, first on February 5 as parliament debated the extension of President Macky Sall’s tenure, and again on February 13 amidst civil society-led protests. The ministry claimed that social media platforms were fuelling the dissemination of “several subversive hate messages” that incited violence. 

The February 2024 restrictions on access to mobile internet were the third instance of network disruptions in the country, which had in the past kept the internet accessible during pivotal moments including elections. Last year, Senegal restricted access to the internet and banned TikTok, amidst opposition protests.

It is against this backdrop that the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), in partnership with AfricTivistes, organised a workshop on platform accountability and content moderation on February 8, 2024. The workshop held in the capital Dakar examined the efficacy and impact of content moderation and discussed the opportunities for stakeholder collaboration and common approaches for advancing internet freedom in Senegal. 

As at September 2023, there were over 18 million internet subscribers in Senegal. Participants at the workshop acknowledged that the growth in user numbers had fueled online disinformation and hate speech, which are threatening social cohesion. However, they also raised concerns about the disproportionate responses, notably network disruptions instituted by the government, which undermine freedom of expression, access to information and citizen participation. 

According to Ababacar Diop, a Commissioner with the Personal Data Protection Commission (CDP), efforts to curb the spread of harmful and illegal content online had seen the Commission partner with popular social media platforms to explore mechanisms to effectively regulate content. He added, however, that since the platforms are not domiciled in Senegal, the partnership’s effect has been limited. Besides being the authority responsible for personal data protection, the CDP’s mandate includes ensuring that technology does not pose a threat to the rights and lives of citizens. 

The CDP’s engagements with platforms complemented user reporting of harmful and illegal content and the trusted partner programme. However, participants noted that user reports and trusted partner programmes are heavily subjective, with users and partners sometimes flagging content as inappropriate or dangerous “solely based on their opinions”. “Moderation policies by platforms and governments must be alive to differing contexts and opinions,” said Serge Koué, a blogger and Information Technology expert. Moreover, algorithm-based content moderation measures are also prone to the same challenge, as they do not understand local context and languages, according to Pape Ismaïla Dieng, Communication and Advocacy Officer at AfricTivistes.

The complexities in content moderation were further highlighted with case studies from Nigeria and Uganda. In 2021, former Nigerian President Muhammadu Buhari announced a countrywide ban on Twitter following the deletion of a tweet from his account about the Biafra civil war. Twitter claimed the tweet violated the platform’s policy on “abusive behaviour.” Twitter was blocked from operating in the country following this face-off. In October 2021,the government issued several conditions for lifting the ban. It required Twitter to set up a local office, pay tax locally and cooperate with the Nigerian government to regulate harmful tweets. The platform remained banned in the country until January 2022. 

In Uganda, during the 2021 election period, Facebook and Twitter suspended the accounts of various pro-government individuals over what Facebook described as “Coordinated Inauthentic Behaviour (CIB)” to suit the online narrative interests of the ruling party. The platforms’ actions  sparked the ire of President Yoweri Museveni who responded by stating in a national address that, “If you want to take sides against the (ruling party), then that group will not operate in Uganda,” adding that, “We cannot tolerate this arrogance of anybody coming to decide for us who is good and who is bad.” A day later on January 11, 2021, access to social media was blocked and two days later the internet as a whole was blocked as citizens prepared to go to the polls. Facebook remains blocked to-date. 

The experiences from Nigeria and Uganda highlighted not only the role of public figures as perpetrators of harmful content but also the impact of the unchecked power of governments to censor and restrict access to platforms in direct response to content moderation based on platforms’ Community Standards.

During the workshop, Olivia Tchamba, Meta’s Public Policy Manager for Francophone Africa, stated that the platform was committed to striking a balance between giving users a voice and ensuring the predominance of reliable information. She added that regulation coupled with responsible user behaviour should be the norm. 

CIPESA’s Programme Manager Ashnah Kalemera also reiterated that content moderation requires a multi-stakeholder and multi-faceted approach not only involving platforms and regulators but also users. 

The workshop, which was attended by 25 participants including journalists, social media influencers, human rights defenders and staff of civil society organisations, called on platforms to ensure their terms of use are available in multiple languages, increase transparency in their content moderation processes, and promote awareness and understanding among African users of recourse mechanisms. 

They also emphasised that consolidating efforts such as by civil society, the CDP and Meta’s Oversight Board in line with national laws and international human rights standards, would help create a social media ecosystem that upholds freedom of expression and privacy, among other rights. 
Whereas the Senegalese Constitutional Court ruled against the postponement of elections, a new date for the polls is yet to be determined. The dialogue during CIPESA’s and AfricTivistes workshop is critical as tensions continue to simmer online and offline, and sets the pace for similar engagements in other African countries set to go to the polls during 2024 and the push for increased tech accountability.

Africa Commission Resolution A Boon For Fight Against Unlawful Surveillance

By CIPESA Writer |

The Collaboration on International ICT Police for East and Southern Africa (CIPESA) welcomes the resolution by the African Commission on Human and Peoples’ Rights, which urges African governments to cease undertaking unlawful communications surveillance.

The resolution is timely, as it comes amidst an unprecedented spike in the scale and nature of state surveillance that is often unlawful, excessive, and inadequately supervised by oversight bodies. As CIPESA research has found, the expansion in state surveillance in various African countries is denying citizens their rights to freedom of expression, association and assembly, and undermining their participation in democratic processes.

The Resolution on the deployment of mass and unlawful targeted communication surveillance and its impact on human rights in Africa, adopted last November at the Commission’s 77th Ordinary Session held in Arusha, Tanzania, expresses concern about the unrestrained acquisition of communication surveillance technologies by states without adequate regulation. It also notes the lack of adequate national frameworks on privacy, communication surveillance, and personal data protection. 

Furthermore, the resolution notes the Commission’s concern about the disproportionate targeting of journalists, human rights defenders, civil society organisations, whistleblowers and opposition political activists by state surveillance.

CIPESA welcomes the resolution, which reflects the findings of our research and the recommendations we have variously made to African governments regarding the conduct of state surveillance. CIPESA has previously called upon stakeholders, including governments, to take all measures that buttress the right to privacy in order to guarantee and enhance free expression, access to information, freedom of association, and freedom of assembly in accordance with international human rights standards.

Notably, the African Commission resolution urges African countries to ensure that all restrictions on privacy and other fundamental freedoms are necessary and proportionate, and in line with international human rights law and standards. It also urges states to consider safeguards such as the requirement for prior authorisation of surveillance by an independent and impartial judicial authority and the need for effective monitoring and regular review by independent oversight mechanisms.

According to CIPESA’s Legal Officer Edrine Wanyama, “The resolution is a step forward to buttressing data rights and privacy on the continent. States should take advantage of the resolution and overhaul regressive surveillance practices while embracing all internationally recognised efforts and standards for strengthening the right to privacy.”

According to the Declaration of Principles on Freedom of Expression and Access to Information in Africa, states should only engage in targeted surveillance in conformity with international human rights law (principle 41), and every individual shall have legal recourse to effective remedies in relation to the violation of their privacy and the unlawful processing of their personal information (principle 42 (7)). In addition, principle 20 requires states to guarantee the safety of journalists and other media practitioners by taking measures that prevent threats and unlawful surveillance.
See related CIPESA resources: Privacy Imperilled: Analysis of Surveillance, Encryption and Data Localisation Laws in Africa; Effects of State Surveillance on Democratic Participation in Africa; Compelled Service Provider Assistance for State Surveillance in Africa: Challenges and Policy Options; Mapping and Analysis of Privacy Laws in Africa.