Robust Data Protection Standards Could Spur Regional Economic Integration

By Edrine Wanyama |

Leaders in charge of various data protection agencies and Civil Society Organisations (CSOs) who met at the East African Exchange on Data Protection held in Kampala, Uganda on March 6, 2024, recognised the need to buttress data protection by promoting the right to privacy in the region. 

The event drew representatives of government agencies and CSOs from Burundi, the Democratic Republic of Congo, Kenya, Rwanda, Somalia, South Sudan, Tanzania, and Uganda. Speaking to the importance of the Data Exchange programme, Stella Alibateese, the Director of the National Personal Data Protection Office in Uganda emphasised the need to enhance the right to privacy. 

“As we navigate these waters, we must recognise the diverse stages of development and implementation of data protection and privacy laws across our partner states in the East African Community,” she said. “Yet, within this diversity lies our strength – the unparalleled opportunity for knowledge exchange, peer learning, and collective growth.”

Dr. Chris Baryomunsi, Uganda’s Minister of ICT and National Guidance, underscored the need for collaboration in dealing with the complexities of data protection. “As a bloc, we must therefore embrace innovative solutions and continue these collaborative efforts amongst regulators, development partners, businesses, and the general public so as to achieve effective data protection and respect for privacy rights,” said Baryomunsi. “I am confident that the outcomes of this knowledge exchange will go a long way in defining a regional approach to addressing emerging threats in data protection.”

Data privacy is necessary for enhancing state relations in trade and business. This includes e-commerce, transport, movement of goods and services, efficiency of service delivery, movement of persons and labour, and information exchange for a quicker economic integration process.

While the East Africa Community (EAC) stands on four pillars (the Customs Union, the Common Market, Monetary Union and Political Federation), which are the core foundations for economic development, the Customs Union, movement of persons, movement workers and the Monetary Union involve mass collection of personal data including in trade and business and travel. 

Additionally, not all the states in the region have established strong safeguards on data protection and privacy. For instance, while Kenya, Rwanda, Somalia, South Sudan, Tanzania, and Uganda have specific legislation on data protection, some of the laws are criticised for failing to meet internationally accepted standards by, among others, not having clear and independent authorities to oversee and manage personal data and privacy. Another concern is that Burundi and the Democratic Republic of Congo are yet to enact specific laws on data protection, which puts data movement in the region at risk. 

At the regional level, the Draft EAC Legal Framework For Cyber Laws of 2008 has been largely unimplemented. Also, Rwanda is the only country within the EAC that has signed and ratified the African Union Convention on Cyber Security and Personal Data Protection, (the Malabo Convention). As such there is no unified code or standard on data protection and privacy in the region.

Nevertheless, according to Annette Ssemuwemba, Deputy Secretary General for Customs, Trade and Monetary Affairs at the EAC, the bloc is undertaking measures to come up with a harmonised framework on data security. She said such a harmonised framework has the potential to inform data protection practices across the region with high chances of setting a common standard amongst the member states. 

Meanwhile, the existing data protection agencies in the EAC Member States face common challenges. These include limited financial resources, lack of sufficient technical and competent staff with a firm grasp of data protection and privacy issues, and receiving of complaints which are not necessarily related to the right to privacy. These challenges have undermined the potential of a transformational data privacy era in the region including in carrying out investigations into data breaches and adjudicating complaints. 

Nevertheless, the need to leverage more opportunities for data exchange were highlighted. These include through knowledge exchange, collaboration, governments’ political will, professionalisation of the technology sector, independence of the data protection agencies, ratification of the Malabo Convention, picking lessons from the General Data Protection Regulation (GDPR) of the European Union and the adoption of a uniform code for personal data protection in the region. Such measures could spur the protection and promotion of the right to privacy nationally, regionally, and internationally. Similarly, EAC countries without data protection should swiftly enact them to be on the same page with the rest.

Towards Ethical AI Regulation in Africa

By Tusi Fokane |

The ubiquity of generative artificial intelligence (AI)-based applications across various sectors has led to debates on the most effective regulatory approach to encourage innovation whilst minimising risks. The benefits and potential of AI are evident in various industries ranging from financial and customer services to education, agriculture and healthcare. AI holds particular promise for developing countries to transform their societies and economies. 

However, there are concerns that, without adequate regulatory safeguards, AI technologies could further exacerbate existing governance concerns around ethical deployment, privacy, algorithmic bias, workforce disruptions, transparency, and disinformation. Stakeholders have called for increased engagement and collaboration between policymakers, academia, and industry to develop legal and regulatory frameworks and standards for ethical AI adoption. 

The Global North has taken a leading position in exploring various regulatory modalities. These range from risk-based or proportionate regulation as proposed by the European Commission’s AI Act. Countries such as Finland and Estonia have opted for a greater focus on maintaining trust and collaboration at national level by adopting a human-centric approach to AI. The United Kingdom (UK) has taken a “context-specific” approach, embedding AI regulation within existing regulatory institutions. Canada has prioritised bias and discrimination, whereas other jurisdictions such as France, Germany and Italy have opted for greater emphasis on transparency and accountability in developing AI regulation. 

On the other hand, China has taken a more firm approach to AI regulation, distributing policy responsibility amongst existing standards bodies. The United States of America (USA) has adopted an incremental approach, introducing additional guidance to existing legislation and emphasising rights and safety. 

Whilst there are divergent approaches to AI regulation, there is at least some agreement, at a muti-lateral level, on the need for a human-rights based approach to ensure ethical AI deployment which respects basic freedoms, fosters transparency and accountability, and promotes diversity and inclusivity through actionable policies and specific strategies. 

Developments in AI regulation in Africa

Regulatory responses in Africa have been disparate, although the publication of the African Union Development Agency (AUDA-NEPAD) White Paper: Regulation and Responsible Adoption of AI for Africa Towards Achievement of AU Agenda 2063 is anticipated to introduce greater policy coherence. The White Paper follows the 2021 AI blueprint and the African Commission on Human and Peoples’ Rights Resolution 473, which calls for a human-rights-centred approach to AI governance. 

The White Paper calls for a harmonised approach to AI adoption and underscores the importance of developing an enabling governance framework to “provide guidelines for implementation and also keep AI development in check for negative impacts.” Furthermore, the White Paper calls on member states to adopt national AI strategies that emphasise data safety, security and protection in an effort to promote the ethical use of AI. 

The White Paper proposes a mixed regulatory and governance framework, depending on the AI use-case. First, the proposals encompass self-regulation, which would be enforced through sectoral codes of conduct, and which offer a degree of flexibility to match an evolving AI landscape. Second, the White Paper suggests the adoption of standards and certification to establish industry benchmarks. The third proposal is for a distinction between hard and soft regulation, depending on the identified potential for harm. Finally, the White Paper calls for AI regulatory sandboxes to allow for testing under regulatory supervision. 

Figure 1: Ethical AI framework

However, there are still concerns that African countries are lagging behind in fostering AI innovation and putting in place the necessary regulatory framework. According to the 2023 Government AI Readiness Index, Benin, Mauritius, Rwanda, Senegal, and South Africa are ahead in government efforts around AI out of the 24 African countries assessed. The index measures a country’s progress against four pillars: government/strategy, data & infrastructure, technology sector, and global governance/international collaboration.  

The national AI strategies of Mauritius, Rwanda, Egypt, Kenya, Senegal and Benin have a strong focus on infrastructure and economic development whilst also laying the foundation for AI regulation within their jurisdictions. For its part, Nigeria has adopted a more collaborative approach in co-creating its National Artificial Intelligence Strategy, with calls for input from AI researchers. 

Thinking beyond technical AI regulation 

Despite increasingly positive signs of AI adoption in Africa, there are concerns that the pace of AI regulation on the continent is too slow, and that it may not be fit for purpose for local and national conditions. Some analysts have warned against wholesale adoption of policies and strategies imported from the Global North, and which may fail to consider country-specific contexts.

Some Global South academics and civil society organisations have raised questions regarding the importation of regulatory standards from the Global North, some even referring to the practice as ‘data colonialism’. The apprehension of copy-pasting Global North standards is premised on the continent’s over-reliance on Big Tech digital ecosystems and infrastructure. Researchers indicate that “These context-sensitive issues raised on various continents can best be understood as a combination of social and technical systems. As AI systems make decisions about the present and future through classifying information and developing models from historical data, one of the main critiques of AI has been that these technologies reproduce or heighten existing inequalities involving gender, race, coloniality, class and citizenship.” 

Other stakeholders caution against ‘AI neocolonialism’, which replicates Western conventions, often resulting in poor labour outcomes and stifling the potential for the development of local AI approaches.  

Proposals for African solutions for AI deployment 

There is undoubtedly a need for ethical and effective AI regulation in Africa. This calls for the development of strategies and a context-specific regulatory and legal foundation, and this has been occurring in various stages. African policy-makers should ensure a multi-stakeholder and collaborative approach to designing AI governance solutions in order to ensure ethical AI, which respects human rights, is transparent and inclusive. This becomes even more significant given the potential risks to AI during election season on the continent. 
Beyond framing local regulatory solutions, stakeholders have called for African governments to play a greater role in global AI discussions to guard against regulatory blindspots that may emerge from importing purely Western approaches. Perhaps the strongest call is for African leaders to leverage expertise on the continent, and promote greater collaboration amongst African policymakers. 

Save the Date: The Forum on Internet Freedom in Africa (FIFAfrica24) September 25-27, 2024!

Announcement |

It’s time to mark your calendars for the annual Forum on Internet Freedom in Africa (FIFAfrica), the largest gathering on digital rights on the continent.  The 2024 edition will be held on September 25-27 and as in previous years will align with the commemoration of the annual International Day for Universal Access to Information (IDUAI).

FIFAfrica sets the stage for concerted efforts to advance digital rights in Africa and promote the multi-stakeholder model of Internet governance. It places internet freedom directly on the agendas of key stakeholders, including policymakers, journalists, activists, global platform operators, telecommunications companies, regulators, human rights defenders, academia, and law enforcement.

Now in its 11th year, FIFAfrica has grown to serve as a vital response to the mounting obstacles facing digital democracy in Africa, including arrests and intimidation of online users, internet disruptions, and regressive laws that stifle the potential of digital technology to catalyse socio-economic and political development on the continent. 

This year, FIFAfrica24 will serve as a key channel that informs the way ahead for digital democracy in Africa and the role that different stakeholders need to play to realise the Digital Transformation Strategy for Africa and Declaration 15 of the 2030 Agenda for Sustainable Development. The Declaration notes that the spread of information and communications technology and global interconnectedness has great potential to accelerate human progress, to bridge the digital divide and develop knowledge societies.

FIFAfrica offers something for everyone! Be sure to save the date and don’t miss this chance to be part of the #InternetFreedomAfrica movement dedicated to protecting and promoting internet freedom across the continent.

Stay tuned for more details and registration information! 

CIPESA Trains CSOs on Digital Rights Advocacy and Campaigning in Africa

By Asimwe John Ishabairu |

As part of efforts to build digital rights movements in Africa that are impactful and sustainable, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) trained civil society organisations (CSOs) from Lesotho, Mozambique, Tanzania, Uganda, and Zimbabwe on digital rights advocacy and campaigning. The training, which was conducted February 6-7, 2024, in Dakar, Senegal, featured sessions on methodologies for tech accountability, campaign planning and strategies, impact communications, and media relations. The training also featured experience-sharing sessions on stakeholder engagement by the Global Network Initiative (GNI) and the Senegalese Personal Data Protection Commission (CDP).   

The training included participants from the African Centre for Media Excellence (ACME), Internet Society Lesotho Chapter, Digital Agenda for Tanzania Initiative, as well as the Media Institute of Southern Africa (MISA) Mozambique and Zimbabwe chapters – all Local Partners of the Global Internet Freedom (GIF) program, an initiative of Internews. The partners are implementing various interventions aimed at promoting in-country stakeholder engagements on digital rights issues, particularly digital identity and data protection. As a Regional Partner for GIF, CIPESA’s role is to coordinate activity implementation by the local partners, support learning and exchange among the partners, as well as support their network building, including through the annual Forum on Internet Freedom in Africa (FIFAfrica).

The Local Partners’ advocacy initiatives are expected to leverage the Ranking Digital Rights Corporate Accountability Index Key findings and recommendations. The index analyses the policies and practices of eight leading telecommunications companies operating across four African countries — Tanzania, Uganda, Zambia, and Zimbabwe and the resultant effects of these policies on freedom of expression and privacy.

“Existing research, such as that by Ranking Digital Rights and CIPESA’s annual report on the State of Internet Freedom in Africa, are critical resources that provide an overview of the continent’s landscape and support our conduct of evidence-based advocacy engagements with government actors and telecommunication companies,” noted Apolo Kakaire, Communication and Advocacy Manager, ACME, Uganda.

Similarly, networks and alliances such as the GNI, of which CIPESA is a member, alongside internet and telecommunications companies, human rights groups, investors, and academic institutions, are strategic alliances for advocacy engagements. “We have relationships with some of the telecom companies you [CSOs] are likely to engage and pledge support for outreach to their global and national offices as needed, ” said GNI’s Program and Operations Associate Montserrat Legorreta.

Indeed, as stated by Peter Mmbando from Digital Agenda for Tanzania Initiative, local CSOs experience challenges engaging with telecom companies. “We often invite them to engagements, but they don’t show up. Support from GNI to get the telecom giants in the rooms will be highly appreciated,” said Mmbabo.

The interventions of the six trained CSOs are expected to promote increased knowledge of internet freedom issues and advance human rights in the digital space in their respective countries.

A Decade of Internet Freedom in Africa: Report Documents Reflections and Insights from Change Makers

CIPESA Writer |

Over the last decade, Africa’s journey to achieve internet freedom has not been without challenges. There have been significant threats to internet freedom, evidenced by the rampant state censorship through
internet shutdowns, surveillance, blocking and filtering of websites, and the widespread use of repressive laws to suppress the voices of key actors.

However, amidst all this, there is a community of actors who have dedicated efforts towards advancing digital rights in the continent with the goal of ensuring that more Africans can enjoy the full benefits of the internet.

As part of our efforts recounting the work of the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) over the years, we are pleased to share this special edition report: A Decade of Digital Rights in Africa: Reflections and Insights from 10 Change Makers, where we document reflections and insights from ten collaborators who have been instrumental in shaping Africa’s digital and Internet freedom advocacy landscape over the last ten years.

These changemakers have demonstrated change by advocating for a more free, secure, and open internet in Africa and working to ensure that no one is left behind.

Read the full report: A Decade of Digital Rights in Africa: Reflections and Insights from 10 Change Makers!

Meet the Changemakers

‘Gbenga Sesan, the Executive Director of Paradigm Initiative, is an eloquent advocate for internet freedom across the continent, leading efforts to push back against repressive laws and promoting digital
inclusion while speaking truth to power. He continues to champion the transformative power of technology for social good and to drive positive change in society.

Arthur Gwagwa is a Research Scholar at Utrecht University, Netherlands, and a long-standing advocate for digital rights and justice. His work in the philanthropic sector has been instrumental in supporting various grassroots initiatives to promote internet freedom in Africa. Similarly, his pioneering research work and thought leadership continue to inspire and transform the lives of people in Africa.

Edetaen Ojo, the Executive Director of Media Rights Agenda, is a prominent advocate for advancing media rights and internet freedom. Known for his strategic vision and dedication to media freedom, he pioneered the conceptualisation and development of the African Declaration on Internet Rights and has been a key voice in shaping Internet policy-making in Africa.

Emilar Gandhi, the Head of Stakeholder Engagement and Global Strategic Policy Initiatives at Meta, built a strong foundation in civil society as an advocate for Internet freedom. She is a prominent figure in technology policy in Africa whose expertise and dedication have made her a valuable voice for inclusivity and responsible technology development in the region.

Dr. Grace Githaiga, the CEO and Convenor of Kenya ICT Action Network (KICTANet), has been a leading
advocate for media freedom and digital rights in Africa. Her tireless advocacy in shaping internet policy has earned her recognition for her pivotal roles in championing internet freedom, digital inclusion,
multistakeholderism, and women’s rights online.

Julie Owono, the Executive Director of Internet Sans Frontières (Internet Without Borders), is a passionate and respected digital rights advocate and thought leader in the global digital community. She is not only a champion for internet freedom in Africa but is also a symbol of hope for many communities standing at the forefront of the battle for internet freedom and connectivity in Africa.

Neema Iyer, the founder of Pollicy, is well known for her advocacy efforts in bringing feminist perspectives into data and technology policy. Her dynamic and multi-faceted approach to solving social challenges exemplifies the potential of data and technology to advance social justice and promote digital inclusion and internet freedom in Africa.

Dr. Tabani Moyo, the Regional Director of the Media Institute of Southern Africa (MISA), is a distinguished
media freedom advocate and influential leader in guiding a community of changemakers in Southern Africa. He has played an extensive and formidable role in pushing back against restrictive and repressive laws, supporting journalists under threat, empowering young Africans, and shaping internet governance policies.

Temitope Ogundipe, the Founder and Executive Director of TechSocietal, has been a champion for digital rights and inclusion in Africa. She is an advocate for women’s rights online and uses her expertise to contribute to the development of youth and address digital inequalities affecting vulnerable groups across the continent.

Wafa Ben-Hassine, the Principal Responsible Technology at Omidyar Network, is a recognised human rights defender and visionary leader dedicated to promoting human rights and responsible technological
development. Her relentless advocacy and valuable contributions to defending digital rights, civil liberties, and technology policy continue to inspire many across the continent.

Join the Report Launch Webinar:

When: January 31, 2024
Time: 14:00-16:00 (Nairobi Time)
Location: Zoom (Register here)
After registering, you will receive a confirmation email containing information about joining the webinar.

Updated: Watch the report launch webinar.