Leveraging Digital Technologies to Enhance Data Governance Practices in Africa

By Paul Kimumwe |

Data governance policies and practices in many African countries have continued to attract attention due to their inadequacy in ensuring the protection and respect for the rights of individual data subjects. Key concerns have been raised regarding the data management practices, particularly related to biometrics, that have undermined the safety, confidentiality, accuracy, accessibility, and reliability of personal data, which are critical principles in data governance.

Several studies have documented cases of misuse of digitalised personal data, including data breaches, surveillance, misuse of personal information, unwarranted intrusion, and financial harm. Despite these misgivings, digitisation of data has been recognised within the African Union’s Digital Transformation Strategy for Africa (2020-2030) as critical in promoting and building confidence for the continent’s digital economy. For many governments, the desire to transform service delivery and enhance public participation has been a key driver for the adoption of biometric data collection and digital identities for purposes of issuing National Identity cards and updating of biometric voter registration and identification programmes.

In this blog, we highlight the critical areas in which advances in digital technologies can enhance data governance practices in Africa.

Understanding Data Governance

Data governance refers to the holistic approach to data management that entails the development and implementation of relevant norms, procedures, and standards to ensure that data is secure, accurate, reliable and consistently available, particularly spelling out clear standards and protocols that govern data collection, storage, and management, resulting in accurate, consistent, and up-to-date data. There is a growing concern that without a robust data governance framework, the continent risks missing out on maximising the benefits from its own datasets as they would be prone to abuse and misuse by poorly regulated data collectors and controllers.

Demand for a Robust Data Governance Framework

In Africa, the demand for a robust data governance framework has gained traction as a response to several countries moving away from paper-based to more digitised data management practices, raising concerns about the rights of data subjects, particularly the safety and confidentiality of user data.

While progress has been registered normatively – with the adoption of regional instruments such as the African Union Convention on Cyber Security and Personal Data Protection and the AU Data Policy Framework, both of which provide frameworks for rights’ respecting data protection practices, and with several countries adopting relevant privacy and data protection laws – full implementation remains a challenge.

In addition, the African Union’s Digital Transformation Strategy for Africa (2020-2030) calls upon states to “promote open data policies that can ensure the mandate and sustainability of data exchange platforms or initiatives to enable new local business models, while ensuring data protection and cyber resilience to protect citizens from misuse of data and businesses from cybercrime.”

Unfortunately, several laws contain problematic and vague provisions that provide for sharing of sensitive information and data localisation that are prone to abuse and misinterpretation. For example, provisions such as section 18 of Algeria’s Law No. 18-07 of 2018 on the protection of personal data, sections 44-47 of Kenya’s Data Protection Act 2019, and section 9 of Uganda’s Data Protection and Privacy Act, 2019, provide for circumstances under which sensitive personal information can be accessed, such as safeguarding national security, public interest, enforcement of the law, and conduct of criminal investigations. In addition, in many countries, biometric data collection programmes were initiated before the enactment of relevant data protection laws.

Leveraging Digital Technologies

While for the most part digital technologies have been used by various states to undermine the legitimacy and enjoyment of digital rights through surveillance and interception of communication, internet shutdowns, and data breaches, there is a growing belief that these technologies can be instrumental in building a robust data governance framework if applied correctly.

Ease of Authentication

Recent technological advancements including the multi-factor authentications (MFA) that enable secure access to services on the go are critical in facilitating seamless data collection, processing, verification and enhancing the authenticity and reliability of data compared to paper-based identifiers. Data subjects can easily request access to and verify their digitised data in the possession of data controllers. As technology becomes more accessible and affordable, governments and private entities can leverage biometrics and biometric technologies for functional and foundational identity purposes, and for an expanding array of applications.

Improving Data Storage and Confidentiality

Data storage is a key pillar within the data governance framework as it easily allows data subjects to exercise their individual rights to request and obtain their personal data in the hands of data controllers in a structured, commonly used, and machine-readable format, as well as request that their data be transferred directly to another organisation. With advances in technology, data controllers can easily encrypt, de-identify and destroy personal data in their possession. Technologies such as the Identity Management Systems (IDMS) facilitate interoperability, allowing seamless integration between different data management systems used by data controllers. In addition, new technologies such as blockchain facilitate the secure storage of datasets in blocks that are connected through cryptography.

Ease of Data Rectification

One of the fundamental rights of data subjects is the right to request data controllers to correct any inaccurate and incomplete data the data controller may have collected. Under Principles 5 and 16 of the European Union’s General Data Protection Regulation (GDPR), data controllers are required to keep personal data accurate and up-to-date,  and to take “every reasonable step” to ensure that inaccurate personal data is erased or rectified.

In many countries, data controllers have been accused of collecting and processing inaccurate and incomplete personal data due to the analogue way data is collected. The adoption of digital technologies and use of biometric data identifiers such as fingerprint, facial, or iris recognition become critical forms of authentication in issuing different forms of identities as well as easing on the verification and rectification processes by both data subjects and controllers.

As Africa strives to improve its data governance framework, it is important that we leverage on the new and emerging technologies such as biometric data collection, blockchain, and identify management systems to enhance the safety, security, accuracy, reliability and confidentiality of personal data.

Rollout of Digital Number Plates Poses Privacy Concerns in Uganda

By CIPESA Writer |

The rollout of the digital number plate system in Uganda is well underway. At a press conference last month, the Ministry of Works and Transport announced January 2025 as the deadline for full roll out. The system – over two years in the making – is a joint project between the government of Uganda and Russian company Joint Stock Company Global Security and has caused alarm among rights activists as it introduces another layer of massive personal data collection and processing amidst weak controls.

The stated objective of the Intelligent Transport Monitoring System (ITMS) is to improve the country’s transport management systems and security by enabling the authorities to “swiftly identify vehicles involved in criminal activities and improve traffic management through efficient ticketing and revenue collection”. It will involve the installation of digital number plates on all vehicles and motorcycles in the country, allowing security agencies to track and pinpoint their location at any one time.

  Overview of ITMS
Digital Number Plate ComponentsStatus of Fitment on Government Vehicles as at June 2024Target Installations (Registered Vehicles as at July 2024)
Aluminium plates – front and back1,0912,145, 988
A tracker
A sim chip
Bluetooth beacons – front and back
Snap locks

Once rolled out, the digital plates will add to the catalogue of surveillance apparatus in Uganda. The country already has a plethora of retrogressive laws, such as the Regulation of Interception of Communications Act 2010 and the Anti-Terrorism Act 2002 that require communication service providers to aid in intercepting communication by ensuring that their systems are always technically capable of supporting lawful interception. The laws also grant powers to an authorised officer to intercept the communications of a person and to conduct surveillance of individuals.

The components of the digital number plates will enable the government through its security agencies, such as the police, to swiftly identify vehicles and their owners. Instantaneous data exchanges pose major challenges to data privacy, especially in cases where there are calculated targets such as civil society organisations (CSOs), human rights defenders (HRDs), activists, and political opponents, government critics, or dissidents.

An added concern is that, according to the Uganda Police, the digital number plate system will be integrated with the Closed Circuit Television System (CCTV) system and others such as the motor vehicle registration system, the e-tax system managed by the Uganda Revenue Authority (URA) and the national identity database managed by the National Identification and Registration Authority (NIRA) to “ensure comprehensive vehicle and personal identification.” Given weak controls over data held by public bodies and rare punishment for data breaches and unauthorised access, linking these databases absent clear data-sharing frameworks and robust controls poses grave concerns. Notably, Uganda does not have a law or regulations governing CCTV/ video surveillance.

Whereas there are efforts to localise parts of the system through the establishment of a local production facility for the various components, the partnership with Joint Stock Company Global Security underscores Uganda’s reliance on foreign entities for purposes of conducting surveillance and interception of private communication of its citizens. For example, in August 2022, there were reports that the Uganda Police had purchased UFED, a technology developed by the Israeli firm Cellebrite that enables authorities to hack into password-protected smartphones.

Earlier, starting in 2018, Uganda turned to a Chinese company, Huawei, for the supply and installation of CCTV across major cities. The decision to install the CCTV cameras came on the heels of a spate of murders that had engulfed the country, with the security forces keen on using the CCTV cameras to improve security in the country. Like many other government security procurements, the CCTV deal raised a lot of transparency and accountability issues, including the secrecy that surrounded the entire process.

Additionally, there were reports that security agencies were working with Huawei technicians in Uganda to spy on opposition critics by intercepting encrypted communications and using cell data to track their movements. This appeared to be the continuation of a trend that was documented earlier in 2012, when the Uganda government reportedly relied on a Germany-made spyware, FinFisher, which it is said to have covertly installed in various places, including hotels, the parliament and key government institutions, for purposes of surveilling on its opponents, including politicians, civil society, and the media.

Given the country’s history of repressing the civic space and harassing political opponents, CSOs and HRDs, the ITMS digital number plates could further the suppression of civil liberties, including political participation, freedom of expression, access to information and assembly and association. Moreover, deeper democratic regression could occur since these liberties largely depend on privacy and the ability to express oneself with minimal interruptions or interference.

While the government has a legitimate desire to improve the security of its people and transport management, recent events as discussed above where the same government has used the acquired technologies to surveil its citizens and undermine digital rights, it is critical that any future attempt to enhance its surveillance apparatus is anchored in law with clear oversight mechanisms. This is because the deployment of surveillance technologies such as ITMS, FinFisher, and Huawei’s CCTV present a veritable avenue for economic and political exploitation by collecting extensive data on people’s behaviour, location, activities, and interests online and offline. This makes the risk of violation of privacy apparent, rendering citizens helpless because they essentially have no control over how the data will be used, even when they are aware that data is being collected.

It is, therefore, important that the government reduce its reliance on foreign-manufactured surveillance technologies, particularly from countries whose human rights record is wanting, as these have tended to use these tools to suppress civic spaces. In addition, the government should reconsider its regulatory framework to ensure it conforms to international standards on privacy and data protection, especially during the procurement and deployment of potentially intrusive technology that is prone to abuse.

Portal on Gender-Based Violence in Africa Expanded with ADRF Support

Update |

The Covid-19 pandemic was characterised by a sharp increase in gender-based violence (GBV) in Kenya, Nigeria, and South Africa, as well as other countries across the world. This was largely attributed to lockdown restrictions, which left victims isolated in the same physical space as their abusers, reduced availability of shelters and other support mechanisms, and exacerbated economic anxiety and mental health pressures – all key drivers of GBV.

The pandemic also accelerated digitalisation, which widened the scope of Technology-Facilitated Gender-Based Violence (TFGBV). According to UN Women, in Africa, online abuse, harassment and exploitation increased as learning went online during the pandemic. Similar  concerns about online harms are discussed in the African Union Guidelines on Gender-Responsive Responses to COVID-19.

Alt Advisory, a South Africa based public interest advisory firm, launched the endgbv.africa as a resource on domestic and international responses to GBV online and offline before, during and after the pandemic. At the time of its launch in 2022, the portal featured GBV mapping and assessments on the legal and policy developments, trends and statistics as well as key terminologies on six African countries – Malawi, Mozambique, Namibia, South Africa, Zambia, and Zimbabwe.

With a grant from the Africa Digital Rights Fund (ADRF) – an initiative of the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) –  Alt Advisory has revamped and expanded the portal to cover an additional seven countries – Eswatini, Ethiopia, Ghana, Kenya, Mauritius, Nigeria and Uganda. The project has also featured a spotlight series on experiences of sexual minorities in Botswana and Uganda.

The new seven country factsheets were developed in collaboration with researchers from various fields, with multidisciplinary perspectives regarding GBV, thereby expanding the breadth of information relating to organisations and movements hitherto unknown due to varied degrees of online visibility. This collaborative approach has strengthened the regional network of gender rights advocates beyond national borders.

“Our hope is that the project’s focus on TFGBV enabled researchers to develop their own insights on emergent forms of harm which may potentially enrich future policy advocacy in their contexts,” said S’lindile Khumalo, a Senior Associate at Alt Advisory.

Alt Advisory’s Equity and Inclusion as well as Media teams are working to publicise the portal to maximise uptake and impact. The firm will also continue to fundraise to expand the portal’s coverage to the full African continent and translate the resources to increase relevance and accessibility to a diversity of audiences. All this, in tandem with efforts in law and policy reform, advocacy, and activism on GBV and related issues. “As the portal undergoes further development, we hope that it contributes to the end of GBV in our lifetime,” concluded Khumalo.

East and Southern African National Human Rights Commissions Trained in Digital Rights Protection

By CIPESA Writer |

As part of its ongoing efforts to enhance the ability of African National Human Rights Institutions (NHRIs) to monitor, protect, and promote digital freedoms, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) last month conducted a two-day capacity-building training that attracted NHRI representatives from Lesotho, Mozambique, Tanzania, Uganda, Zimbabwe, and Zambia.

The two-day training that was held in Nairobi, Kenya, on June 25 and 26, 2024, sought to empower staff of NHRIs in the region to engage with the opportunities and challenges that digital technology poses for human rights protection and monitoring of digital rights. In his opening remarks, CIPESA Executive Director Dr. Wairagala Wakabi noted that NHRIs play a critical role in the protection and promotion of human rights, and given the deteriorating state of digital rights in the region, it was important that they are equipped to deal with the intersection between the digital and the traditional human rights. According to the Paris Principles, NHRIs are required to have a broad mandate that allows them to effectively execute their mandate of promoting and protecting human rights, both offline and online.

The Nairobi training followed a similar training that CIPESA conducted in Ethiopia for staff of the Ethiopian Human Rights Commission (EHRC), who identified key actions the commission could integrate in its annual work plans, such as digital rights monitoring, advocacy for enabling laws to be enacted, and developing tools for follow up on implementation of recommendations on digital rights by treaty bodies and the United Nations Human Rights Council.

Digital Rights as Human Rights

Digital rights have been recognised at both international and regional levels. For example, in 2018, during its 38th session, the United Nations Human Rights Council adopted resolution A/HRC/RES/38/7 that reaffirmed that “the same rights that people have offline must also be protected online.” In 2016, the United Nations General Assembly passed a non-binding resolution on “the promotion, protection, and enjoyment of human rights on the Internet,” condemning any measures taken by state parties to prevent or disrupt internet access and calling upon them to refrain from and cease any such measures.

In March 2024, the African Commission on Human and Peoples’ Rights passed resolution ACHPR.Res.580 (LXXVIII)2024 on Internet Shutdowns and Elections in Africa “reaffirming the importance of access to the internet in the digital age and its implication for the realisation of human rights”. The resolution called upon member states to “refrain from ordering the interruption of telecommunications services, shutting down the internet, and/or disrupting access to any other digital communication platforms before, during or after the elections.”

Challenges Facing NHRIs

In many cases, African NHRIs have found themselves operating in an increasingly hostile environment with limited funding and hostility from state agencies, who sometimes view their role as countering and incriminating the government in human rights violations. In addition, because of the limited funding, many NHRIs are not in a position to recruit or improve the level of expertise among their staff members, especially when it comes to new and emerging technologies and how they affect the enjoyment of human rights. Participants acknowledged that, in many cases, they are always playing catch-up when it comes to legislation, yet they are supposed to be the primary advisors and reviewers of draft laws related to human rights.

In his remarks, Victor Kapiyo, one of the trainers, noted that the adoption of digital technologies has brought up new human rights issues, particularly as governments have reacted by enacting laws that have, for the most part, served to stifle human rights as opposed to facilitating their enjoyment. On the other hand, digital technologies have also facilitated the spread of hate speech, disinformation, and technology-facilitated gender-based violence. It is important that NHRIs keep enhancing their capacity to monitor, investigate, and protect against violations of digital rights by both governments and private actors, including big tech companies.

Practical Strategies for NHRIs

During the training, participants discussed an array of strategies that they can adopt to monitor, document, and protect digital rights, including the use of practical legal and policy guidance set out in the Rabat Plan of Action, as well as Guiding Principles on Business and Human Rights when engaging with governments and business entities especially technological companies in regards to their obligations to respect, protect and promote human rights.

Participants also noted the need to engage with security agencies, the justice department, and policymakers on issues of digital rights. It was noted that because the concept of digital rights in Africa is new and evolving with limited understanding and jurisprudence, NHRIs need to constantly retool themselves on the emerging issues if they are to execute their mandates effectively. Other strategies included building coalitions and collaborations with civil society actors, the media and academia to help unpack and create awareness about digital rights.

The training was facilitated by trainers from CIPESA, Internews, the International Centre for Non-Profit Law, and the Kenya National Cohesion and Integration Commission (NCIC).

Counting the Benefits of Fact-Checking Training for Ethiopian Journalists

Journalists play a crucial role in informing citizens and shaping public opinion in Ethiopia. However, in recent years, the proliferation of disinformation and hate speech has become a significant challenge. The surge in disinformation is undermining social cohesion, promoting conflict, and leading to growing threats against journalists and human rights defenders.

Accordingly, it is crucial to conduct fact-checking training  for Ethiopian journalists so as to safeguard the integrity and reliability of journalism in the country. A number of Ethiopian journalists have undergone training in understanding disinformation and hate speech. However, most of them lack practical skills in conducting fact-checking. It is against this background that, in May 2024, CIPESA organised a fact-checking and ethical reporting workshop for 20 Ethiopian journalists in the capital Addis Ababa.

Two months later, journalists and media development actors point to the benefits of that training. 

“The fact-checking and verification training was crucial for Ethiopian journalists and content producers, as it provided them with valuable tools to combat daily misinformation and produce reliable news stories,” notes Kirubel Tesfaye, one of the experts that conducted the training. “The training equipped them with the most essential and current tools in the industry, allowing them to produce credible and trustworthy news and reports.” 

By equipping journalists with fact-checking skills, they can serve as gatekeepers of truth, helping to counter disinformation and to ensure that accurate information reaches the public. Ethiopia has experienced an explosion in disinformation over the last five years, with the armed conflicts which have plagued the country being key drivers of disinformation. 

Selam Mulugeta, a journalism lecturer at Addis Ababa University who participated in the training, enumerates the benefits of the fact-checking training. “One of the most important things was to learn how to recognise dis/misinformation on different websites and social media sites, and to learn [about] fact-checking tools to debunk disinformation,” she says. She adds that after gaining fact-checking knowledge, journalists will contribute to minimising the amount of false information in the public domain. This will in turn lessen the harms of disinformation.

According to Konjit Zewdie of NBC TV, there is a need for more practical training workshops focussed on fact-checking as there is a dire shortage of fact-checking skills among journalists amidst the deluge of illegal and harmful content, including hate speech. She says the training was crucial in capacitating journalists to identify sources of disinformation and to use various fact-checking tools. 

Konjit notes that Ethiopian journalists are often unable to get reliable information from concerned bodies, which presents a challenge for fact-checking. The training gave the journalists alternative ways of verifying information even when they face blockages in accessing information from official sources.

“The training added great value to the journalists because it covered several topics with practical exercises, from the basics of fact-checking to advanced fact-checking techniques. The participants gained insights into the motivations behind the sharing of disinformation, the actors responsible, and the tactics employed by them. Furthermore, the training highlighted prevalent disinformation trends in Ethiopia and provided participants with online tools and techniques to effectively combat disinformation.” – Kirubel Tesfaye, fact-checking trainer

The May 2024 training built on an earlier one CIPESA conducted in November 2023 that equipped 21 Ethiopian journalists, bloggers, and activists with knowledge to navigate the country’s law on hate speech and disinformation and skills to call out and fight disinformation and hate speech.

Mulugeta says that by honing their fact-checking skills, journalists are better positioned to deliver factual information and live up to their duty as mouthpieces of the masses. Moreover, journalists and content creators would become more responsible and accountable for the content they create, and play a role in developing media literacy among the general population.

Tiblets Tesfaye, a senior journalist with Wazema Media, said the training “offered significant value by equipping journalists and content creators with essential skills to identify and correct misinformation, fostering a culture of accuracy and ethical reporting”.

According to her, the training also enhanced the journalists’ ability to recognise and mitigate hate speech, thereby contributing to more reliable and responsible media practices that support social cohesion and peacebuilding in the country. Tesfaye adds: “The benefits are huge because most social media influencers are based in Addis Ababa, but it would be good to extend this training to regional cities as well.”

See more about the training focus here