Internet Freedom Archives – Collaboration on International ICT Policy for East and Southern Africa (CIPESA)

15Dec

How CIPESA Is Supporting Harmonised Data Governance in African Countries

CIPESA December 15, 2025December 16, 2025

By Juliet Nanfuka |

Across the world, larger amounts of data are being collected than ever before. For instance, massive volumes of data are being collected by national identity systems and mandatory SIM card registration exercises, as well as by private actors, including through online platforms and mobile devices. However, in many African countries data governance structures remain lacking, fuelling various concerns such as data breaches and surveillance.

Over the course of 2025, CIPESA has undertaken extensive work alongside the GIZ DataCipation programme and the African Union to support countries and Regional Economic Communities (RECs) to collaboratively develop data governance policies that are progressive and rights-respecting.

The various engagements, which were guided by the African Union Data Policy Framework (AUDPF), also involved building the capacity of regulators, policymakers, and other stakeholders in devising and implementing data governance policies that promote socio-economic transformation and regional integration.

Adopted in 2022, the AUDPF offers a harmonised set of principles to guide African states in governing data safely, fairly, and effectively, as it provides a continental vision for protecting personal rights, enabling cross-border data flows, unlocking socio-economic value, and fostering interoperable digital systems. CIPESA has long advocated for African countries to adopt the AUDPF as a common benchmark to guide data policies that strengthen accountability and foster trust between governments and citizens.

The inaugural capacity building workshop to build the capacity of judges and senior staff of the East African Court of Justice (EACJ) on data governance, was held in March 2025, in Kigali, Rwanda. The training aimed to enhance court officials’ understanding of the AUDPF and its implications for national and regional data governance, as well as the need for harmonised data governance policies within the East African Community (EAC).

As East Africa moves into a regional economy, the EACJ might be faced with a number of challenges in its operations. There are cases in national courts related to data governance, and if the EACJ is not aware of what is going on in the digital space, it might not be able to handle such cases should they come before the court.” Hon. Justice Nestor Kayobera, President of the EACJ

This was followed by another training in April 2025 in Kampala, Uganda for members of the East African Legislative Assembly (EALA). At a time when the eight-member regional bloc was developing a harmonised data policy legislation, this training strengthened the capacity of members and staff of the regional parliament in the areas of data governance, data protection, and related legislative and policy issues.

The Southern African Development Community (SADC) has similarly embarked on developing a Regional Data Governance Framework. In September, CIPESA supported training for more than 50 regulators and policymakers from 16 SADC countries in Madagascar, on harmonising data protection frameworks to support cross-border data flows and regional trade.

At the country level, CIPESA has supported capacity development as well as data governance policy development. In July 2025, a consultative workshop in the capital Maseru brought together more than 60 stakeholders from the Lesotho government, civil society, academia, and the private sector to review the country’s draft Data Management Policy and align it with the AUDPF. The workshop developed a roadmap towards building a more progressive data governance policy framework, with various revisions being made to the Data Management Policy. In October, the policy was validated at a multi-stakeholder engagement led by the Ministry of Information, Communications, Science, Technology and Innovation, alongside the AU, GIZ, and CIPESA.

In November 2025, CIPESA supported capacity building in Liberia for government ministries, civil society organisations, and private sector representatives at a two-day workshop in Monrovia. The engagement, which was convened by the Ministry of Posts and Telecommunications, CIPESA, and the AU, explored how data could support Liberia’s digital transformation and the need to align the country’s laws and policies with continental and global frameworks.

Additionally, CIPESA is supporting the government of Liberia to develop a Data Governance Policy that is aligned to the AUDPF. In this regard, a separate two-day multi-stakeholder consultation was held to inform the content of the prospective policy, which is anticipated to be completed early in 2026. The consultation marked a critical step in Liberia’s ongoing efforts to establish a coherent national framework for data governance, protection, and utilisation.

Also in November, CIPESA supported capacity building in Uganda for 81 policymakers, regulators, civil society, and private sector actors. In partnership with the Ministry of ICT and National Guidance, the Personal Data Protection Office, GIZ and AU, in Kampala, Uganda. Participants explored foundational elements of data governance, including data infrastructure, data value creation, standards, trust mechanisms, and institutional arrangements. Participants discussed regulatory approaches, institutional structures, and capacity-building strategies necessary for Uganda to harness data responsibly and efficiently.

Meanwhile, various global settings have also served as platforms to further deliberate and contribute to the global discourse on data governance in Africa. At the June 2025 Internet Governance Forum held in Norway, a collaborative session hosted by CIPESA, GIZ, and The Republic of The Gambia saw discussions on how fragmented national regulations and inconsistent privacy and cybersecurity standards pose challenges to regional and global cooperation.

Similarly at the September 2025 Forum on Internet Freedom in Africa (FIFAfrica25) hosted by CIPESA, various sessions discussed data governance as central to Africa’s digitalisation efforts. Across multiple sessions, speakers underscored the growing recognition that how data is governed will shape the continent’s democratic, economic, and social futures. Notably, the European Union (EU) Delegation to Namibia emphasised its continued commitment to investing in digital infrastructure, strengthening democratic governance, and advancing a human-centric digital transformation through the Global Gateway strategy.

10Dec

Addressing Online Harms Ahead of Rwanda’s 2026 UPR Review

CIPESA December 10, 2025December 17, 2025

By Patricia Ainembabazi |

As the world commemorates the 16 Days of Activism Against Gender-Based Violence (November 25 to December 10), global attention is drawn to the rising risks women and girls face in digital environments. These harms increasingly undermine political participation, public discourse, and the safety of women across Africa.

Accordingly, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the Association for Progressive Communications (APC) have stressed the urgent need to address technology-facilitated gender-based violence (TFGBV) in Rwanda in written and oral submissions to the Universal Periodic Review (UPR) 51st pre-session for Rwanda at the United Nations Human Council in Geneva. In a joint CIPESA–APC fact sheet on human rights, the two organisations highlighted critical gaps in legal protections, online safety, and digital inclusion in Rwanda.

The joint UPR report notes that TFGBV has become a major deterrent to Rwandan women’s participation online, affecting women in politics, journalism, activism, and advocacy. The 2024 online smear campaign against opposition figure Victoire Ingabire Umuhoza illustrates the gendered nature of digital disinformation and harassment. Such attacks rely on misogynistic narratives designed to humiliate, silence, and delegitimise women’s public engagement. This pattern is not only a violation of rights; it also reinforces structural inequalities and dissuades other women from engaging in civic or political life.

These concerns reflect global trends. UN Women has warned of the rapid escalation of deepfake pornography, a form of digitally manipulated sexualised content disproportionately deployed against women and girls. Deepfakes can cause severe psychological, reputational, and professional harm, often leaving survivors without effective avenues for redress. They are increasingly used to silence women, distort electoral participation, and discourage women from entering political leadership. Such harms undermine democratic processes, distort public debate, and entrench gender inequality.

Rwanda’s obligations under the Convention on the Elimination of All Forms of Discrimination Against Women (CEDAW) require the state to take comprehensive measures to eliminate discrimination (Articles 2 and 3) and ensure women’s full participation in political and public life (Article 7). However, as documented in the joint UPR report and fact sheet, gaps persist. The 2018 Cybercrime Law lacks survivor-centred provisions, and its broad definitions have on occasion been applied in ways that disadvantage victims.

Moreover, enforcement remains inconsistent, and the absence of specialised mechanisms for investigating and prosecuting online violence limits accountability. In this context, TFGBV is not merely a digital phenomenon; it is a direct barrier to fulfilling Rwanda’s CEDAW obligations and achieving SDGs 5 and 16.

The gender digital divide further compounds these harms. Internet penetration in Rwanda stands at 34.2%, with women representing just 38.2% of social media users. Structural inequalities, including device affordability, income disparities, and limited digital literacy, restrict women’s participation in digital spaces. These inequalities heighten vulnerability to online harm and restrict access to safety tools, reporting mechanisms, and digital rights resources. As the joint CIPESA–APC evidence indicates, without targeted investment in digital literacy, device access, and connectivity for women, Rwanda risks deepening existing socio-economic and civic inequalities.

During the UPR pre-session, CIPESA and APC presented a set of recommendations aimed at promoting rights-respecting digital governance. These included adopting survivor-centred TFGBV protections aligned with CEDAW, strengthening investigative and prosecutorial capacities to effectively respond to online harms, and compelling technology platforms to improve reporting, moderation, and accountability mechanisms. The submission also called for amending restrictive provisions in the Penal Code and Cybercrime Law, establishing independent oversight over surveillance operations, and addressing the gender digital divide through targeted digital literacy and affordability initiatives.

The 16 Days of Activism provide an important reminder that violence against women is evolving in both form and reach. Digital technologies have expanded the avenues through which women are targeted, often enabling harm that is faster, more pervasive, and harder to remedy. Ending violence against women, therefore, requires recognising online spaces as critical sites of protection.

Rwanda enters its fourth UPR cycle with a number of unaddressed commitments. During the 2021 review, the Rwandan government received 32 recommendations on freedom of expression and media freedom, including 24 urging reforms to restrictive speech provisions and 17 calling for enhanced protections for journalists and human rights defenders. Yet implementation has been limited. Provisions in Rwanda’s 2018 Penal Code and 2018 Cybercrime Law continue to criminalise “false information”, edited content, and criticism of public authorities, enabling arrests of journalists and discouraging dissenting expression.

These laws have contributed to widespread self-censorship, shrinking civic space, and undermining public participation in digital environments. At the same time, reports of intrusive surveillance, such as the documented use of Pegasus spyware targeting thousands of journalists, activists, and diaspora members, further erode trust and violate privacy rights. The absence of independent oversight in surveillance practices intensifies this concern.

The Country’s ongoing engagement with the UPR process and its upcoming review scheduled for January 21, 2026, offers a timely opportunity to address these challenges. During the pre-sessions 51 from 26 -27 November 2025 in Geneva, several permanent missions expressed eagerness to advance strong recommendations for Rwanda, and there is hope that these delegations will amplify our proposals during the formal review.

CIPESA and APC remain committed to supporting evidence-based reforms that strengthen digital rights protections across Africa. Rwanda’s review presents a defining moment for the government to adopt meaningful, future-focused reforms that uphold human rights, ensure accountability, and create a digital environment where all citizens, especially women, can participate safely, freely, and equally in shaping the country’s democratic and digital future.

02Dec

#BeSafeByDesign: A Call To Platforms To Ensure Women’s Online Safety

CIPESA December 2, 2025December 3, 2025

By CIPESA Writer |

Across Eastern and Southern Africa, activists, journalists, and women human rights defenders (WHRDs) are leveraging online spaces to mobilise for justice, equality, and accountability. However, the growth of online harms such as Technology-Facilitated Gender-Based Violence (TFGBV), disinformation, digital surveillance, and Artificial Intelligence (AI)-driven discrimination and attacks has outpaced the development of robust protections.

Notably, human rights defenders, journalists, and activists face unique and disproportionate digital security threats, including harassment, doxxing, and data breaches, that limit their participation and silence dissent.

It is against this background that the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), in partnership with Irene M. Staehelin Foundation, is implementing a project aimed at combating online harms so as to advance digital rights. Through upskilling, advocacy, research, and movement building, the initiative addresses the growing threats in digital spaces, particularly affecting women journalists and human rights defenders.

The first of the upskilling engagements kicked off in Nairobi, Kenya, at the start of December 2025, with 25 women human rights defenders and activists in a three-day digital resilience skills share workshop hosted by CIPESA and the Digital Society Africa. Participants came from the Democratic Republic of Congo, Madagascar, Malawi, South Africa, Tanzania, Uganda, Zambia, and Zimbabwe. It coincides with the December 16 Days Of Activism campaign, which this year is themed “Unite to End Digital Violence against All Women and Girls”.

According to the United Nations Population Fund (UNFPA), TFGBV is “an act of violence perpetrated by one or more individuals that is committed, assisted, aggravated, and amplified in part or fully by the use of information and communication technologies or digital media against a person based on their gender.” It includes cyberstalking, doxing, non-consensual sharing of intimate images, cyberbullying, and other forms of online harassment.

Women in Sub-Saharan Africa are 32% less likely than men to use the internet, with the key impediments being literacy and digital skills, affordability, safety, and security. On top of this gender digital divide, more women than men face various forms of digital violence. Accordingly, the African Commission on Human and Peoples’ Rights (ACHPR) Resolution 522 of 2022 has underscored the urgent need for African states to address online violence against women and girls.

Women who advocate for gender equality, feminism, and sexual minority rights face higher levels of online violence. Indeed, women human rights defenders, journalists and politicians are the most affected by TFGBV, and many of them have withdrawn from the digital public sphere due to gendered disinformation, trolling, cyber harassment, and other forms of digital violence. The online trolling of women is growing exponentially and often takes the form of gendered and sexualised attacks and body shaming.

Several specific challenges must be considered when designing interventions to combat TFGBV. These challenges are shaped by legal, social, technological, and cultural factors, which affect both the prevalence of digital harms and violence and the ability to respond effectively. They include weak and inadequate legal frameworks; a lack of awareness about TFGBV among policymakers, law enforcement officers, and the general public; the gender digital divide; and normalised online abuse against women, with victims often blamed rather than supported.

Moreover, there is a shortage of comprehensive response mechanisms and support services for survivors of online harassment, such as digital security helplines, psychosocial support, and legal aid. On the other hand, there is limited regional and cross-sector collaboration between CSOs, government agencies, and the private sector (including tech companies).

A guiding strand for these efforts will be the #BeSafeByDesign campaign that highlights the necessity of safe platforms for women as well as the consequences when safety is missing. The #BeSafeByDesign obligation shifts the burden of responsibility of ensuring safety in online spaces away from women and places it on platforms where more efforts on risk assessments, accessible and stronger reporting pathways, proactive detection of abuse, and transparent accountability mechanisms are required. The initiative will also involve the practical upskilling of at-risk women in practical cybersecurity.

14Nov

Advancing African-Centred AI is a Priority for Development in Africa

CIPESA November 14, 2025November 17, 2025

By Patricia Ainembabazi |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) participated in the annual DataFest Africa event held on 30-31 October, 2025. Hosted by Pollicy, the event serves to celebrate data use in Africa by bringing together various stakeholders from diverse backgrounds, such as government, civil society, donors, academics, students, and private industry experts, under one roof and theme. The event provided a timely platform to advance discussions on how Africa can harness AI and data-driven systems in ways that centre human rights, accountability, and social impact.

CIPESA featured in various sessions at the event, one of which was the launch of the ‘Made in Africa AI for Monitoring, Evaluation, Research and Learning (MERL)’ Landscape Study by the MERL Tech Initiative. At the session, CIPESA provided reflections on the role of AI in development across several humanitarian sectors in Africa.

CIPESA’s contributions complemented insights from the study that explored African approaches to AI in data-driven evidence systems and which emphasised responsive and inclusive design, contextual relevance, and ethical deployment. The Study resonated with insights from the CIPESA 2025 State of Internet Freedom in Africa report, which highlights the role of AI as Africa navigates digital democracy.

According to the CIPESA report, AI technologies hold significant potential to improve civic engagement, extend access to public services, scale multilingual communication tools, and support fact-checking and content moderation. On the flip side, the MERL study also underscores the risks posed by AI systems that lack robust governance frameworks, including increased surveillance capacity, algorithmic bias, the spread of misinformation, and deepening digital exclusion. The aforementioned risks and challenges pose major concerns regarding readiness, accountability, and institutional capacity, given the nascent and fragmented legal and regulatory landscape for AI in the majority of African countries..

Sam Kuuku, Head of the GIZ-African Union AI Made in Africa Project, noted that it is important for countries and stakeholders to reflect on how well Africa can measure the impact of AI and evaluate the role and potential of AI use in improving livelihoods across the continent. He further reiterated the value of various European Union (EU) frameworks in providing useful guidance for African countries seeking to develop AI policies that promote both innovation and safety, to ensure that technological developments align with public interest, legal safeguards, and global standards.

The session was underscored by the need for African governments and stakeholders to benchmark global regulatory practices that are grounded in human rights principles for progressive adoption and deployment of AI. CIPESA pointed out the EU AI Act of 2024, which offers a structured and risk-based model that categorises AI systems according to the level of potential harm and establishes controls for transparency, safety, and non-discrimination.

Key considerations for labour rights, economic justice, and the future of work were highlighted, particularly in relation to the growing role of African data annotators and platform workers within global AI supply chains. Investigations into outsourced data labelling, such as the case of Kenyan workers contracted by tech platforms to train AI models under precarious economic conditions, underlie the need for stronger labour protections and ethical AI sourcing practices. Through platforms such as DataFest Africa, there is a growing community dedicated towards shaping a forward-looking narrative in which AI is not only applied to solve African problems but is also developed, regulated, and critiqued by African actors. The pathway to an inclusive and rights-respecting digital future will rely on working collectively to embed accountability, transparency, and local expertise within emerging AI and data governance frameworks.

12Nov

Safeguarding African Democracies Against AI-Driven Disinformation

CIPESA November 12, 2025November 17, 2025

ADRF Impact Series |

As Africa’s digital ecosystems expand, so too do the threats to its democratic spaces. From deepfakes to synthetic media and AI-generated misinformation, electoral processes are increasingly vulnerable to technologically sophisticated manipulation. Against this backdrop, THRAETS, a civic-tech pro-democracy organisation, implemented the Africa Digital Rights Fund (ADRF)-supported project, “Safeguarding African Elections – Mitigating the Risk of AI-Generated Mis/Disinformation to Preserve Democracy.”

The initiative aimed to build digital resilience by equipping citizens, media practitioners, and civic actors with the knowledge and tools to detect and counter disinformation with a focus on that driven by artificial intelligence (AI) during elections across Africa.

At the heart of the project was a multi-pronged strategy to create sustainable solutions, built around three core pillars: public awareness, civic-tech innovation, and community engagement.

The project resulted in innovative civic-tech tools, each of which has the potential to address a unique facets of AI misinformation. These tools include the Spot the Fakes which is a gamified, interactive quiz that trains users to differentiate between authentic and manipulated content. Designed for accessibility, it became a key entry point for public digital literacy, particularly among youth. Additionally, the foundation for an open-source AI tracking hub was also developed. The “Expose the AI” portal will offer free educational resources to help citizens evaluate digital content and understand the mechanics of generative AI.

A third tool, called “Community Fakes” which is a dynamic crowdsourcing platform for cataloguing and analysing AI-altered media, combined human intelligence and machine learning. Its goal is to support journalists, researchers, and fact-checkers in documenting regional AI disinformation. The inclusion of an API enables external organisations to access verified datasets which is a unique contribution to the study of AI and misinformation in the Global South. However, THRAETS notes that the effectiveness of public-facing tools such as Spot the Fakes and Community Fakes is limited by the wider digital literacy gaps in Africa.

Meanwhile, to demonstrate how disinformation intersects with politics and public discourse, THRAETS documented case studies that contextualised digital manipulation in real time. A standout example is the “Ruto Lies: A Digital Chronicle of Public Discontent”, which analysed over 5,000 tweets related to Kenya’s #RejectTheFinanceBill protests of 2024. The project revealed patterns in coordinated online narratives and disinformation tactics, achieving more than 100,000 impressions. This initiative provided a data-driven foundation for understanding digital mobilisation, narrative distortion, and civic resistance in the age of algorithmic influence.

THRAETS went beyond these tools and embarked upon a capacity building drive through which journalists, technologists, and civic leaders were trained in open-source intelligence (OSINT), fact-checking, and digital security.

In October 2024, Thraets partnered with eLab Research to conduct an intensive online training program for 10 Tunisian journalists ahead of their national elections. The sessions focused on equipping the participants with tools to identify and counter-tactics used to sway public opinion, such as detecting cheap fakes and deepfakes. Journalists were provided with hands-on experience through an engaging fake content identification quiz/game. The training provided journalists with the tools to identify and combat these threats, and this helped them prepare for election coverage, but also equipped them to protect democratic processes and maintain public trust in the long run.

This training served as a framework for a training that would take place in August 2025 as part of the Democracy Fellowship, a program funded by USAID and implemented by the African Institute for Investigative Journalism (AIIJ). This training aimed to enhance media capacity to leverage OSINT tools in their reporting.

The THRAETS project enhanced regional collaboration and strengthened local investigative capacity to expose and counter AI-driven manipulation. This project demonstrates the vital role of civic-tech innovation that integrates participation and informed design. As numerous African countries navigate elections, initiatives like THRAETS provide a roadmap for how digital tools can safeguard truth, participation, and democracy.

Find the full project insights report here.

1 2 3 … 33 Next page

Tag Archives: Internet Freedom