Across Africa, the fast-evolving technology landscape has created pressure to adopt appropriate legislation to keep up with the pace of technological development. However, these efforts are being shackled by numerous challenges, including silo approaches to policy development, limited citizens’ inclusion in policy formulation, failure to harmonise stakeholder positions, ad hoc advocacy efforts by Civil Society Organisations (CSOs), and the failure to leverage the influence of private sector actors.
At the Forum on Internet Freedom in Africa 2022 (FIFAfrica22), digital rights activists and policymakers examined how existing processes and mechanisms that provide input into digital policies can be improved. In a panel session organised by the Centre for International Private Enterprise (CIPE), participants explored experiences and practical tips for policy engagement that upholds democratic values.
A key concern was that, on the one hand, Africa’s digital rights landscape has for years remained unregulated, leading to resistance to efforts to regulate it, and yet the absence of laws creates room for violation of rights online and abuse by state and non-state actors. On the other hand, where laws have been enacted, implementation and enforcement have been weaponised to target critics and dissent, as reflected in the continued infringement of rights online. This creates the need for proactive multi-stakeholder efforts in pushing back against regressive developments.
“While we should be [engaged] at the beginning of the process, we are ignored and when we enact a law, CSOs come to challenge it, yet if they involve us early enough, we would all be in agreement,” said Neema Lugangira, Member of Parliament from Tanzania and Chair of the African Parliamentary Network on Internet Governance (APNIG).
She noted that with a negative attitude towards each other, many parliamentarians question the motives of CSOs in pushing certain agendas and called for a change in approach. “I want to champion issues in which I have been involved. How do we make your agenda my agenda? You can scream whatever you want but you cannot get legislative change without working with Parliament,” said Lugangira.
Indeed, Boye Adegoke from Paradigm Initiative reiterated that one of the pitfalls of policy advocacy was to adopt the angel/devil relationship approach. He added that many CSOs lack adequate knowledge and skills to engage in policy processes. In turn, he called for more proactive efforts in tracking parliamentary debates and business related to digital policy and undertaking research to inform policy advocacy.
Building alliances, including with the local business and the tech community, was also cited as critical to strategic support for policy influence. “When they [business and tech community] speak, they tend to be listened to and governments tend to respect their views,” said Nashilongo Gervasius, a Namibian technology policy researcher and founder of NamTshuwe Media.
Equally emphasised was the need to leverage the power and influence of private sector players at international level, where the quality of policy negotiations by some African governments remains wanting, as noted by Ayaan Khalif, the Co-Founder of Digital Shelter, a digital rights group in Somalia. Citing the example of the 15% tax agreement between OECD countries and multinational companies, Ayaan stated that African countries and CSOs must bring the continent’s big market potential to the “negotiating table” in order to tap into the multinationals’ revenue.
Away from negotiations, the need to increase inclusive participation in public policy processes was also stressed. As Khalif stated, “Holistic stakeholder involvement should clearly define those being involved, ensure that they are actually given the opportunity to make meaningful input and outline the issues being addressed”.
Ultimately, context remains paramount given that most countries on the continent are at different levels of democracy and what is possible in one may not be tenable in another. What is important is to understand the policy making ecosystem and respond appropriately. “Policy advocacy is about incremental wins. If you are not invited to the table you can bring your own chair to the table, or you can set up your own table and bring people to it,” concluded Adegoke.
Over three years since the ouster of long-term authoritarian president Omar al-Bashir, Sudan’s ongoing political crisis continues to present challenges for internet freedom in the country. Initial positive reforms initiated by the transitional government led by Prime Minister Abdalla Hamdok have been clawed back since a military coup in October 2021. The new military government has weaponised laws, continues to institute network disruptions, and is clamping down on civil society organisations so as to consolidate its grip on power and silence critics.
The political situation in the country has had a marked correlation with the state of internet freedom in the north African state, whose record was largely poor even before the crisis deepened. According to the Freedom On The Net 2022 report, Sudan scored 29 out of 100 on internet freedom, thus continuing its classification on the index as “Not Free”. Developments in 2022 signalled a rapid decline from the progress recorded in 2021 and2020, when the country scored 33 and 30 respectively on the index, up from a lower score of 25 in 2019.
The Cybercrime Law Continues to Repress
One of the measures adopted by Sudanese authorities has been the use of internet-related laws as a weapon for repression. The cybercrimes law, which first came into force in the final days of al-Bashir’s regime in 2018, and its amendments in subsequent years, appear to be aimed at thwarting mass protests and restricting critical opinion of the government and its officials. The most recent amendment to the law, which contains vague provisions, was first announced in April 2022, with some reports stating that it was intended to criminalise acts such as insulting the leaders of the state and undermining the prestige of the state.
On November 2, 2022, the government spokesperson announced that the cabinet had adopted the amendments. The announcement stated that the law was necessary to address the proliferation of information-related crimes and the concealment of their perpetrators through the use of modern computer applications. Also, it claimed that it was necessary to address the shortcomings of the application of court fines that had failed to achieve complete deterrence. The amendment obliges courts to imprison offenders where the victim of defamation or fake news is a governmental public figure. As of December 2022, the amendment law is yet to be published and is awaiting the final approval of the President of the Sovereign Council.
Article 21 of the cybercrime law provides that: “Whoever prepares or uses the information or communications network or any information means or any applications to publish or promote ideas, programs, words or actions contrary to public order or morals, shall be punished with imprisonment for a period not exceeding six years”. Under article 24, “Anyone who publishes lies or fake news in cyberspace will be punished [with imprisonment of] four years, fined or both”.
Meanwhile, article 25 states that “Whoever prepares or uses the information or communications network, or any information means or applications to defame any person shall be punished with imprisonment for a term not exceeding six years.” The law also imposes a penalty of up to seven years imprisonment for anyone who obtains data or information that affects the “economy or the national security” of the country, which terms are not defined.
These articles limit access to information and freedom of expression as they fail to provide a clear definition of the acts constituting the offence, are excessive, and use undefined terms such as “public order” and “morals”, which can be interpreted subjectively by security and prosecutorial agencies and applied to punish legitimate expression.
Censorship
The contentious provisions of the cybercrime law have been used to limit press freedom through the blockage of access to online news websites. In September 2022, the public prosecutor ordered the blockage of the website of the Al-Sudani newspaper, one of the most respected dailies in Sudan, without even notifying the newspaper’s management. The Sudanese Electronic Press Association condemned the order, stating: “We reject prior trials and convictions from any party except the judiciary”. Ultimately, the website was not blocked after the leakage of the prosecutor’s order.
In the same month, Abdalrahman Al-Aqib, a journalist, was arrested by police after publishing an investigative article on corruption at the Ministry of Minerals in a local daily and on his Facebook account. Al-Aqib was charged under articles 24 and 25 of the cybercrimes law for publishing lies and fake news. Following his arrest, the Sudanese Journalists Syndicate condemned the actions of the police. It stated: “Al-Aqib was treated in a humiliating manner, and they did not respect his most fundamental rights, amid delays from the police’s duty officer, so as not to obtain his legal right to the guarantee”.
In both cases, the government’s response was primarily reprisal as opposed to offering counter-responses to the allegations raised in the stories. Notably, authorities did not use the press law against the journalist, perhaps because it prescribes less penalties in comparison to the harsh penalties under the cybercrimes law. The press law does not provide for imprisonment of journalists; rather, it stipulates disciplinary sanctions, such as fines and suspending a journalist from publishing for a specific period.
Network Disruptions
Disruptions to internet access and blockage of social media continues unabated, with authorities justifying them as necessary to ensure “national security and emergency state”. Five have been recorded during the past 15 months.
During the October 2021 coup, the army imposed a nationwide internet shutdown to isolate the protestors from mobilisation to resist the coup. The shutdown lasted 25 days, and after access was restored, some social media platforms remained blocked for two more days. On the one year anniversary of the coup, the authorities shut down the internet for eight hours during a public march organised by pro-democracy groups against the coup. Earlier the same month on October 18, 2022, a regional internet shutdown was imposed in Wad Al-Mahi, a governorate in the Blue Nile region. The shutdown was in response to tribal conflict in several villages in the area. It could not be independently verified when access was restored.
Also, on June 11, 2022, the public prosecutor ordered the shutdown of the internet for three hours on a daily basis, over a 12-day period. The reason given was that it was necessary to prevent cheating during the national secondary school exams. Following the 12-day period, the internet was again disrupted for 25 hours on June 30, 2022, during the “Million Man March” to mark the anniversary of the 2019 massacre of protestors by the military.
Catalogue of Internet Disruptions in Sudan Since October 2021
These recent incidents mirror Sudan’s long history of instituting network disruptions, rivalled only by neighbouring Ethiopia. Crucially, the disruptions are indicative of the current regime’s bias and disregard for freedom of association and assembly. Three of the internet disruptions (October 2021, June 2022 and October 2022) were in response to protests against military rule. In contrast, the military did not implement any disruptions on October 29, 2022, when the Sudan People’s Appeal Initiative held protests. The initiative comprises supporters of former president Al-Bashir’s ousted regime, who protested in Khartoum demanding that the United Nations not interfere in Sudanese affairs.
Crackdown on Civil Society
The government has also led an onslaught against civil society organisations. For example, on October 23, 2022, the Human Aid Commission (HAC), which is the regulator of non-governmental organisations in Sudan, notified the director of the Sudanese Consumers Protection Society (SCPS) of its decision to cancel SCPS’s registration, seize its assets and properties and freeze its bank accounts inside and outside Sudan. The SCPS has been at the forefront of advocating against network disruptions by pushing for the enforcement of contractual obligations of Internet Service Providers (ISPs) to provide services to their customers.
Looking Ahead
The affronts by the Sudanese government on internet freedom and civic space go against its obligations under international human rights law. The design and deployment of punitive laws by authorities to target and silence activists, government critics, journalists, human rights defenders (HRDs), and the political opposition create an environment of fear and self-censorship. Equally, responses such as the deregistration of civil society organisations only serve as a threat to other civil society organisations, of possible sanctions. Lastly, these actions together with internet shutdowns and the repression of digital rights through the cybercrime laws constitute unjustifiable limitations of freedom of expression, assembly, association, access to information, rights of the media, and rights to political participation.
In order to chart a democratic path in the coming years, the Sudanese government must show commitment to uphold media and internet freedom. Policy reforms should repeal regressive provisions such as the cybercrimes law. Sudan should also desist from interrupting access to the internet and social media.
+ Khattab Hamad is a journalist and digital rights researcher who has recently co-founded the Digital Rights Lab Sudan.
Increased digitalisation and adoption of technology in Africa has fuelled the continent’s economy, with commerce and transactions increasingly being conducted online. Innovation and use of web and mobile applications have also encouraged the growth of micro, small and medium-sized enterprises, which has advanced financial inclusion and employment, and made the technology sector a key contributor to African countries’ Gross Domestic Product (GDP). For instance, platforms such as Jumia which is operational in 11 African countries have transformed the retail, travel and food markets. Other notable online platforms include Appruve and Esoko (Ghana), mFarm (Kenya) and Novus Agro (Nigeria).
African governments have prioritised the integration of technology into more sectors to drive social and economic transformation. However, the rapid adoption of technology tools and platforms has also been met with growing concerns about the impact on digital rights, including data protection and privacy, the digital divide, freedom of expression and surveillance. Other worrying trends include network disruptions, digital taxation, data localisation requirements, and encryption regulations. There is a growing consensus among digital rights advocates that the adoption of technology tools and policies impacting the digital space should not only advance economic inclusion, but also be carefully assessed and implemented in a way that respects human rights in the digital age.
According to a GSMA report, in 2020, “mobile technologies and services generated more than USD 130 billion of economic value” while USD 155 billion is projected to be generated by 2025. The report further says that “495 million people subscribed to mobile services in Sub-Saharan Africa” by the end of 2020, representing 46% of the region’s population, and this is expected to increase to around 615 million subscribers by 2025, reaching the mark of 50% of Africa’s population.
In an effort to advance digital rights across Africa’s growing digital economy, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) through the Africa Digital Rights Fund (ADRF) has worked to support advocacy initiatives, skills development, and movement building to effectively influence policy and practice on digital rights and the digital economy. Efforts by the ADRF grantees have engaged with state and non-state actors, providing replicable insights into how governments and the private sector in the region can safeguard digital rights while advancing the digital economy.
In Ghana, the Financial Inclusion Forum Africa developed a Data Protection and Privacy Policy to serve as an internal guide on how digital financial service providers in the country should collect, store, and process individuals’ data. The policy outlines principles on the management of personal data in compliance with Ghana’s Data Protection Act 2012 and the International Organization for Standardization and International Electrotechnical Commission Standards for Information Security Management – ISO 27001:2013. The policy benefited from reviews and input from leading digital financial service providers such as Appruve, Jumo, Vodaphone Cash, and G Money, alongside industry experts and regulators such as the eCrime Bureau, RegTheory, and CUTS (Consumer Unit and Trust Society) Ghana. This provided insights into the policy’s viability and applicability by tapping on real-life experiences of these service providers.
Similarly, the Centre for International Trade, Economics and Environment (CUTS) and Mzalendo Trust have worked to advance consumer protection, security and inclusion, and public awareness within the digital economy in Kenya. The two Kenya-based grantees engaged with stakeholders such as the Capital Markets Authority, Kenya ICT Action Network (KICTANet), Association of Freelance Journalists, Open Institute, The Centre for Intellectual Property and Information Technology Law (CIPIT) at Strathmore University, Article 19, County Assemblies Forum, Internews, and the Election Observation Group (ELOG).
In Mozambique, efforts by the Mozambican Disabled Persons’ Organisation Forum (FAMOD) under ADRF focused on accessibility and compliance assessments of online services, including for employment, telecommunications, and revenue collection. These assessments helped identify key areas where advocacy campaigns for digital inclusion of persons with disabilities would be most impactful. Meanwhile, in an effort to promote women’s safety and participation online in Namibia, the local chapter of the Internet Society (ISOC) conducted policy engagements on the protection of women and girls as part of the Data Protection Bill.
In Somalia, the work of Digital Shelter made significant breakthroughs in stakeholder dialogue and engagement on aspects of digitalisation that previously have not been prioritised or discussed regularly. Engagements, including in partnership with the Institute of Innovation, Technology & Entrepreneurship (IITE), the ICT and e-Governance Department in Ministry Communications and Technology, the private sector and activists, have focused on youth skilling, digital empowerment, data protection and privacy, and an open and inclusive internet.
Finally, ADRF grantee, Alt Advisory, recently published research on a rights-based assessment of Artificial Intelligence (AI) applications in South Africa. The research involved inputs from 14 leading companies in the country’s financial services, retail and e-commerce sectors and two government bodies – the Home Affairs Department and the Department of Health. The findings of the study indicated human rights gaps in AI profiling and the need to bolster compliance with rights guarantees under relevant laws and policies and enforcement by the country’s data protection watchdog, the Information Regulator, and other regulatory bodies.
The ADRF grantees’ interventions in Ghana, Kenya, Mozambique, Somalia, and South Africa highlight the value of evidence-based advocacy that informs multi-stakeholder deliberations on the digital economy and digital rights. Together with the work of the broader ADRF cohort, it presents key lessons on digitalisation in Africa and the need for operationalisation of supporting frameworks such as for cyber security, data protection and privacy; increased participation of minority and marginalised groups in the design of initiatives; multi-stakeholder collaboration; harmonisation of national and local government plans; and digital literacy skills building. To learn more about the ADRF programme, please visit https://cipesa.org/the-africa-digital-rights-fund-english/.
Present at the meeting were PROTEGE QV (Cameroon), Youth Net and Counselling, YONECO (Malawi), namTshuwe (Namibia), Digital Shelter (Somalia), and CIPESA (Uganda). Each partner presented the state of digital rights in their respective country as a foundation for discussing the ROAM-X indicators with Malawi and Somalia hosting physical convenings.
In her opening remarks, Dorothy Gordon, Chair of UNESCO’s Internet For All Programme (IFAP) stated: “There is a need to take control of the digitally mediated future and understand the impact of policies on our digital environments: the ROAM-X indicators give stakeholders factual tools to discuss and advocate for the future we want to see in Africa.”
Xianhong Hu, UNESCO’s Programme Specialist representing IFAP Secretariat, unpacked the 303 the Internet Universality ROAM-X indicators and elaborated on the eight-step multi-stakeholder methodology of conducting national assessments. She highlighted that the unique value of applying ROAM-X indicators is to improve national digital ecosystems and foster cross-border and cross-jurisdictional digital collaboration.
UNESCO encouraged more African countries to pursue a ROAM-X assessment as a tool to evaluate the ever-changing developments in technology, reverse the digital divide, and to harness digital transformation. Given the launch of the Namibian national assessment and the follow-up ROAM-X assessment in Kenya, as well as the monitoring of new developments following the Covid-19 pandemic and the 2022 national elections, incorporating ROAM-X assessment is critical.
UNESCO and CIPESA jointly reaffirmed the need for increased mobilisation using the multistakeholder approach to ensure an open and inclusive implementation process, and to scale up Internet development in African countries over the next two years.
Participants urged UNESCO to continue its support in organising more capacity-building activities to meet the growing demand to assess ROAM-X indicators in African countries.
All participants were invited to continue their engagement with UNESCO and attend its events at the December 2022 Internet Governance Forum (IGF), in Addis Ababa, Ethiopia which include sessions on the ROAM-X indicators, a Day-0 pre-event and a Dynamic Coalition session.
Digital biometric data collection programmes are becoming increasingly popular across the African continent. Governments are investing in diverse digital programmesto enable the capture of biometric information of their citizens for various purposes.
A new report by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) documents the emerging and current trends in biometric data collection and processing in Africa. It focuses on the deployment of national biometric technology-based programmes in 16 African countries, namely Angola, Cameroon, Central African Republic, Democratic Republic of Congo, Kenya, Lesotho, Liberia, Mozambique, Nigeria, Senegal, Sierra Leone, Tanzania, Togo, Tunisia, Uganda, and Zambia.
The report published today is the ninth consecutive one issued by CIPESA since 2014 under the State of Internet Freedom in Africa series. It was released at the Forum on Internet Freedom in Africa (FIFAfrica), which is taking place in Lusaka, Zambia.
The biometric data collection programmes reviewed by the report include those related to civil registrations, such as the issuance of National Identity cards, biometric voter registration and identification programmes, government-led CCTV programmes with facial recognition capabilities, national ePassport initiatives, refugees’ registration, and mandatory biometric SIM card registration.
The report highlights the key trends, potential risks, challenges and gaps relating to biometric data collection projects in the continent. These include limited public engagement and awareness campaigns; inadequate legal frameworks that heighten risks to privacy; exclusion from accessing essential services; enhanced surveillance, profiling and targeting; conflicting interests and the wide powers of third parties; and limited capacity and training.
Consequently, the study notes that these biometric programmes are being implemented in countries with poor digital rights records, declining democracy and rising digital authoritarianism, which casts doubt on the integrity of biometric data collection programmes and the resultant databases. Thus, viewed collectively, the developments, trends and risks outlined in the report heighten concern over the growing threats to the right to privacy of personal data and potential violations of digital rights on the continent.
Finally, the report presents recommendations to various stakeholders including the government, civil society, the media, the private sector and academia, which, if implemented, will go a long way in addressing data protection and privacy gaps, risks and challenges in the study countries.
The key recommendations include a call to:
Governments to implement the laws and policy frameworks on identity systems and data protection and privacy while paying keen attention to compliance with regionally and internationally recognised principles and minimum standards on data protection and privacy for biometric data collection and require the adoption of human rights-based approaches.
Countries without data protection and privacy laws such as Liberia, Mozambique, Sierra Leone and Tanzania should expedite the process of enacting appropriate data protection laws so as to guarantee the data protection and privacy rights of their citizens.
Governments to ratify the AU Convention on Cyber Security and Personal Data Protection (Malabo Convention) to ensure government commitment to regional data protection and privacy as a means to hold them accountable.
Governments to establish independent and robust oversight data protection bodies to regulate data and privacy protection including biometric data.
Civil society to engage in advocacy and lobby governments to develop, implement and enforce privacy and data protection policies, laws and institutional frameworks that are in compliance with regional and international minimum human rights standards.
Civil society to monitor, document and report on the risks, threats, abuses and violations of privacy and human rights associated with biometric data collection programmes, and propose effective solutions to safeguard rights in line with international human rights standards.
The media to progressively document and report on initiatives such as advocacy by civil society and other stakeholders to keep track of developments.
The media to conduct investigative journalism to identify and expose privacy violations arising from the implementation of biometric data collection programmes.
The private sector to take deliberate efforts to ensure that all their respective biometric data collection programmes and systems are developed implemented and managed in compliance with best practices prescribed by the national, regional and international human rights standards and practices on privacy and data protection, including the UN Guiding Principles on Business and Human Rights.
The private sector to ensure that they progressively adopt and develop comprehensive internal privacy policies to guide the collection, storing and processing of personal data.
The private sector to take deliberate efforts aimed at involving data subjects in the control and management of their personal data by providing timely information on external requests for information.
Academia to conduct evidence-based research on data protection and privacy including biometrics, highlighting the challenges, risks, benefits and trends in biometric data collection programmes.
The full State of Internet Freedom in Africa 2022 Report can be accessed here.