Safeguarding Digital Rights in Africa’s Growing Digital Economy

By Loyce Kyogabirwe |

Increased digitalisation and adoption of technology in Africa has fuelled the continent’s economy, with commerce and transactions increasingly being conducted online. Innovation and use of web and mobile applications have also encouraged the growth of micro, small and medium-sized enterprises, which has advanced financial inclusion and employment, and made the technology sector a key contributor to African countries’ Gross Domestic Product (GDP). For instance, platforms such as Jumia which is operational in 11 African countries have transformed the retail, travel and food markets. Other notable online platforms include Appruve and Esoko (Ghana), mFarm (Kenya) and Novus Agro (Nigeria).

African governments have prioritised the integration of technology into more sectors to drive social and economic transformation. However, the rapid adoption of technology tools and platforms has also been met with growing concerns about the impact on digital rights, including data protection and privacy, the digital divide, freedom of expression and surveillance. Other worrying trends include network disruptions, digital taxation, data localisation requirements, and encryption regulations. There is a growing consensus among digital rights advocates that the adoption of technology tools and policies impacting the digital space should not only advance economic inclusion, but also be carefully assessed and implemented in a way that respects human rights in the digital age. 

According to a GSMA report, in 2020, “mobile technologies and services generated more than USD 130 billion of economic value” while USD 155 billion is projected to be generated by 2025. The report further says that “495 million people subscribed to mobile services in Sub-Saharan Africa” by the end of 2020, representing 46% of the region’s population, and this is expected to increase to around 615 million subscribers by 2025, reaching the mark of 50% of Africa’s population.

In an effort to advance digital rights across Africa’s growing digital economy, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) through the Africa Digital Rights Fund (ADRF) has worked to support advocacy initiatives, skills development, and movement building to effectively influence policy and practice on digital rights and the digital economy. Efforts by the ADRF grantees have engaged with state and non-state actors, providing replicable insights into how governments and the private sector in the region can safeguard digital rights while advancing the digital economy. 

In Ghana, the Financial Inclusion Forum Africa developed a Data Protection and Privacy Policy to serve as an internal guide on how digital financial service providers in the country should collect, store, and process individuals’ data. The policy outlines principles on the management of personal data in compliance with Ghana’s Data Protection Act 2012 and the International Organization for Standardization and International Electrotechnical Commission Standards for Information Security Management – ISO 27001:2013. The policy benefited from reviews and input from leading digital financial service providers such as Appruve, Jumo, Vodaphone Cash, and G Money, alongside industry experts and regulators such as the eCrime Bureau, RegTheory, and CUTS (Consumer Unit and Trust Society) Ghana. This provided insights into the policy’s viability and applicability by tapping on real-life experiences of these service providers. 

Similarly, the Centre for International Trade, Economics and Environment (CUTS) and Mzalendo Trust have worked to advance consumer protection, security and inclusion, and public awareness within the digital economy in Kenya. The two Kenya-based grantees engaged with stakeholders such as the Capital Markets Authority, Kenya ICT Action Network (KICTANet), Association of Freelance Journalists, Open Institute, The Centre for Intellectual Property and Information Technology Law (CIPIT) at Strathmore University, Article 19, County Assemblies Forum, Internews, and the Election Observation Group (ELOG).

In Mozambique, efforts by the Mozambican Disabled Persons’ Organisation Forum (FAMOD) under ADRF focused on accessibility and compliance assessments of online services, including for employment, telecommunications, and revenue collection. These assessments helped identify key areas where advocacy campaigns for digital inclusion of persons with disabilities would be most impactful. Meanwhile, in an effort to promote women’s safety and participation online in Namibia, the local chapter of the Internet Society (ISOC) conducted policy engagements on the protection of women and girls as part of the Data Protection Bill. 

In Somalia, the work of Digital Shelter made significant breakthroughs in stakeholder dialogue and engagement on aspects of digitalisation that previously have not been prioritised or discussed regularly. Engagements, including in partnership with the Institute of Innovation, Technology & Entrepreneurship (IITE), the ICT and e-Governance Department in Ministry Communications and Technology, the private sector and activists, have focused on youth skilling, digital empowerment, data protection and privacy, and an open and inclusive internet. 

Finally, ADRF grantee, Alt Advisory, recently published research on a rights-based assessment of Artificial Intelligence (AI) applications in South Africa. The research involved inputs from 14 leading companies in the country’s financial services, retail and e-commerce sectors and two government bodies – the Home Affairs Department and the Department of Health. The findings of the study indicated human rights gaps in AI profiling and the need to bolster compliance with rights guarantees under relevant laws and policies and enforcement by the country’s data protection watchdog, the Information Regulator, and other regulatory bodies.

The ADRF grantees’ interventions in Ghana, Kenya, Mozambique, Somalia, and South Africa highlight the value of evidence-based advocacy that informs multi-stakeholder deliberations on the digital economy and digital rights. Together with the work of the broader ADRF cohort, it presents key lessons on digitalisation in Africa and the need for operationalisation of supporting frameworks such as for cyber security, data protection and privacy; increased participation of minority and marginalised groups in the design of initiatives; multi-stakeholder collaboration; harmonisation of national and local government plans; and digital literacy skills building. To learn more about the ADRF programme, please visit https://cipesa.org/the-africa-digital-rights-fund-english/

Training webinar on Internet Universality Indicators convened for African Countries

By Juliet Nanfuka |

On 26 October, the International ICT Policy for East and Southern Africa (CIPESA) convened a regional training webinar to raise awareness of the Internet Universality ROAM-X indicators and their potential to promote Internet development to advance media freedom and digital rights in Africa. ), The UNESCO Information for All Programme (IFAP) and International Programme for the Development of Communication (IPDC) jointly supported the training.

Present at the meeting were PROTEGE QV (Cameroon), Youth Net and Counselling, YONECO (Malawi), namTshuwe (Namibia), Digital Shelter (Somalia), and CIPESA (Uganda). Each partner presented the state of digital rights in their respective country as a foundation for discussing the ROAM-X indicators with Malawi and Somalia hosting physical convenings. 

In her opening remarks, Dorothy Gordon, Chair of UNESCO’s IFAP stated: “There is a need to take control of the digitally mediated future and understand the impact of policies on our digital environments: the ROAM-X indicators give stakeholders factual tools to discuss and advocate for the future we want to see in Africa.”  

Xianhong Hu, UNESCO’s Programme Specialist  representing IFAP Secretariat, unpacked the 303 the Internet Universality ROAM-X indicators and elaborated on the eight-step multi-stakeholder methodology of conducting national assessments. She highlighted that the unique value of applying ROAM-X indicators is to improve national digital ecosystems and foster cross-border and cross-jurisdictional digital collaboration. 

UNESCO encouraged more African countries to pursue a ROAM-X assessment as a tool to evaluate the ever-changing developments in technology, reverse the digital divide, and to harness digital transformation. Given the launch of the Namibian national assessment and the follow-up ROAM-X assessment in Kenya, as well as the monitoring of new developments following the Covid-19 pandemic and the 2022 national elections, incorporating ROMA-X assessment is critical.

UNESCO and CIPESA jointly reaffirmed the need for increased mobilization using the multistakeholder approach to ensure an open and inclusive implementation process and to scale up Internet development in African countries over the next two years. 

Participants urged UNESCO to continue its support in organising more capacity-building activities to meet the growing demand to assess ROAM-X indicators in African countries.  

All participants were invited to continue their engagement with UNESCO and attend its events  on the ROAM-X indicators : the Day-0 pre-event and Dynamic Coalition session to be held at the December 2022 Internet Governance Forum (IGF), in  Addis Ababa, Ethiopia.

State of Internet Freedom in Africa 2022: The Rise of Biometric Surveillance

FIFAfrica22 |

Digital biometric data collection programmes are becoming increasingly popular across the African continent. Governments are investing in diverse digital programmes to enable the capture of biometric information of their citizens for various purposes.

A new report by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) documents the emerging and current trends in biometric data collection and processing in Africa. It focuses on the deployment of national biometric technology-based programmes in 16 African countries, namely Angola, Cameroon, Central African Republic, Democratic Republic of Congo, Kenya, Lesotho, Liberia, Mozambique, Nigeria, Senegal, Sierra Leone, Tanzania, Togo, Tunisia, Uganda, and Zambia.

The report published today is the ninth consecutive one issued by CIPESA since 2014 under the State of Internet Freedom in Africa series. It was released at the Forum on Internet Freedom in Africa (FIFAfrica), which is taking place in Lusaka, Zambia.

The biometric data collection programmes reviewed by the report include those related to civil registrations, such as the issuance of National Identity cards, biometric voter registration and identification programmes, government-led CCTV programmes with facial recognition capabilities, national ePassport initiatives, refugees’ registration, and mandatory biometric SIM card registration.

The report highlights the key trends, potential risks, challenges and gaps relating to biometric data collection projects in the continent. These include limited public engagement and awareness campaigns; inadequate legal frameworks that heighten risks to privacy; exclusion from accessing essential services; enhanced surveillance, profiling and targeting; conflicting interests and the wide powers of third parties; and limited capacity and training. 

Consequently, the study notes that these biometric programmes are being implemented in countries with poor digital rights records, declining democracy and rising digital authoritarianism, which casts doubt on the integrity of biometric data collection programmes and the resultant databases. Thus, viewed collectively, the developments, trends and risks outlined in the report heighten concern over the growing threats to the right to privacy of personal data and potential violations of digital rights on the continent. 

Finally, the report presents recommendations to various stakeholders including the government, civil society, the media, the private sector and academia, which, if implemented, will go a long way in addressing data protection and privacy gaps, risks and challenges in the study countries. 

The key recommendations include a call to:

  • Governments to implement the laws and policy frameworks on identity systems and data protection and privacy while paying keen attention to compliance with regionally and internationally recognised principles and minimum standards on data protection and privacy for biometric data collection and require the adoption of human rights-based approaches. 
  • Countries without data protection and privacy laws such as Liberia, Mozambique, Sierra Leone and Tanzania should expedite the process of enacting appropriate data protection laws so as to guarantee the data protection and privacy rights of their citizens. 
  • Governments to ratify the AU Convention on Cyber Security and Personal Data Protection (Malabo Convention) to ensure government commitment to regional data protection and privacy as a means to hold them accountable.
  • Governments to establish independent and robust oversight data protection bodies to regulate data and privacy protection including biometric data.
  • Civil society to engage in advocacy and lobby governments to develop, implement and enforce privacy and data protection policies, laws and institutional frameworks that are in compliance with regional and international minimum human rights standards.
  • Civil society to monitor, document and report on the risks, threats, abuses and violations of privacy and human rights associated with biometric data collection programmes, and propose effective solutions to safeguard rights in line with international human rights standards.
  • The media to progressively document and report on initiatives such as advocacy by civil society and other stakeholders to keep track of developments. 
  • The media to conduct investigative journalism to identify and expose privacy violations arising from the implementation of biometric data collection programmes.
  • The private sector to take deliberate efforts to ensure that all their respective biometric data collection programmes and systems are developed implemented and managed in compliance with best practices prescribed by the national, regional and international human rights standards and practices on privacy and data protection, including the UN Guiding Principles on Business and Human Rights.
  • The private sector to ensure that they progressively adopt and develop comprehensive internal privacy policies to guide the collection, storing and processing of personal data. 
  • The private sector to take deliberate efforts aimed at involving data subjects in the control and management of their personal data by providing timely information on external requests for information. 
  • Academia to conduct evidence-based research on data protection and privacy including biometrics, highlighting the challenges, risks, benefits and trends in biometric data collection programmes. 

The full State of Internet Freedom in Africa 2022 Report can be accessed here.

Litigating Internet Disruptions in Africa: Lessons from Sudan

By CIPESA Writer |

Internet disruptions continue to be registered across Africa, despite efforts by local and international actors to demonstrate to telecommunications regulators and governments that it is counterproductive to human rights, the economy and democracy to disrupt digital communication networks.

In 2021, up to 12 African countries experienced state-ordered internet disruptions. These included Burkina Faso (November), Chad (February), Republic of Congo (March), eSwatini (June), Ethiopia (various), Niger (February), Nigeria (June), Senegal (March), South Sudan (August), Sudan (June and October), Uganda (January), and Zambia (August).

As internet disruptions have become more prevalent on the continent, strategic litigation against governments that order themand intermediaries, such as telecom operators and internet service providers (ISPs), that effect them, has gained recognition as a push back tool. Strategic litigation can lead to significant legal precedents by publicly uncovering inequalities and highlighting human rights violations, raising awareness, and bringing about reforms in legislation, policy, and practice.

However, as this brief argues, there are several obstacles to the successful litigation of internet disruption cases, including weaknesses among groups and individuals that submit applications, and case backlogs that impede timely adjudication of cases. Indeed, few cases of strategic litigation on internet disruptions have succeeded. Cases in Cameroon, Chad, and Uganda have been dismissed. In Zimbabwe, while the court in 2019 declared that an internet shutdown ordered during protests that year was illegal, the case was decided on procedural grounds without addressing the litigants’ grounds, such as rights violations due to the shutdown.

A notable progressive decision was the June 2020 ruling by the court of justice of the Economic Community of West African States (ECOWAS), which held that an internet shutdown ordered by the Togolese government during protests in 2017 was unlawful and violated the applicant’s right to freedom of expression. The court also ordered the Togolese government to pay two million CFA francs (USD 3,400) compensation to the applicants for the violation of their rights.

Litigating against shutdowns in Sudan

Perhaps more than any other African country, Sudan has made legal precedents arising from litigation against disruptions. Of note too, is that Sudan is only perhaps rivalled by Ethiopia in the number of shutdowns it has experienced in the last three years. Since 2019, the north African country has experienced six internet disruptions.

Former president Omar al-Bashir’s regime initiated internet disruptions during public protests calling for his overthrow, but the government that succeeded him has been more prolific in utilising shutdowns in response to criticism and protests. The longest disruption was recorded in 2019 and lasted 37 days, during which the country lost an estimated USD 1.9 billion. Over 100 protesters were reportedly killed during the time the shutdown was initiated. The latest shutdown started on October 25, 2021 and lasted 25 days. It was instituted after the military declared a state of emergency in the country and seized control of the government. The shutdown was ended by a court order.

The 2019 and 2021 disruptions were both challenged in court. In June 2019, Sudanese lawyer Abdelazim Hassan lodged a lawsuit against the internet shutdown that had been instituted earlier that month. Within two weeks of filing the case, court on June 23 ordered his service provider, Zain, to restore his internet service, which the ISP promptly did. However, service was only restored for the litigant’s SIM card, with the block on access maintained for the rest of Zain’s customers. This was because Hassan had filed the case in a personal capacity as a Zain customer.

Hassan then launched a class action suit, and on July 9, 2019 the court ordered MTN, Sudani and Zain to restore services for all their customers. The telecom providers complied promptly. In September 2019, court ordered Sudani and MTN to apologise to customers for disrupting access to their networks at the behest of the military authorities in June of that year.

Another win for litigants against internet disruptions came on November 11, 2021, when the general court of Khartoum ordered ISPs to restore internet services to all subscribers in response to a lawsuit raised by the Sudanese Consumer Protection Organisation. On the same day, the Telecommunication and Post Regulatory Authority (TPRA) insisted on maintaining the shutdown despite the court order, citing “national security” and a “State of Emergency” as justification. The authority argued that it was necessary to maintain the shutdown as ordered by “the higher leadership”, provided the state of emergency and threats to national security persisted.

The TPRA decision declining to restore internet connectivity cited article 6(j) and article 7(1) and article 7(2)(a) of the law of TPRA of 2018. Article 6(j) provides that one of TPRA’s mandate is “protecting the national security and the higher interests of Sudan in the field of Telecommunication, Post and ICT”. Articles 7(1) and 7(2)(a) state that among the powers of the TPRA is to protect the state’s obligations and requirements in the field of national security and defence, and national, regional and international policies, in coordination with the competent authorities and licensees.

The judge dismissed that argument and issued an arrest warrant for the chief executive officers of the telecom companies for not restoring internet access. On November 18, 2021, the telecom companies restored internet access for all subscribers. The various restoration orders and arrest warrants bring to four the key decisions taken by courts in Sudan that held the regulator, ISPs and the government to account. Further, unlike the Togo case which was adjudicated in the aftermath of the disruption, in Sudan the court issued orders during the disruption and brought it to an end.

Lessons from Sudan’s experience

  • Leaders of telecom companies can and should be held individually liable for actions of their companies. In Sudan’s case, an arrest warrant against leaders of telecom companies yielded compliance with a restoration order in spite of the telecom regulator’s directive to maintain the shutdown.
  • Powers of telecom regulators, who often cite vague grounds of national security in ordering disruptions, can be challenged in court even if the regulators cite the law in ordering an internet disruption.
  • It is essential for courts of law to adjudicate swiftly on internet shutdown cases. In Sudan’s case, it took two weeks of filing a case for court to order restoration of service to the litigant. In another two weeks, the court had ordered service providers to restore services to all customers.
  • Litigation’s target actions and actors need to be well-defined. Sudan has lessons on litigation that benefits individuals and others that benefit groups of users. Further, the targets of litigation action are varied, to include the regulator, a particular ISP or all ISPs, and other state bodies.
  • Intermediaries have appeared helpless in the face of government orders and have acquiesced to government orders even when their lawfulness is questionable. Holding them liable for losses to customers, such as the order by the Sudanese court that they apologise to customers, could make them think twice before implementing shutdown directives.

Apply for Data Driven Advocacy Sketchathon at FIFAfrica21

Call for Applications |

Do you want to use data for advocacy but you’re not sure where to start? Would you like to transform statistics into compelling stories? Are you passionate about a digital rights cause, and want to convince others to join your efforts?

In the lead up to the Forum on Internet Freedom in Africa 2021 (FIFAfrica21), the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and Data4Change will host a virtual data sketchathon and series of critical discussions to get you thinking more about how to use data in digital rights advocacy. The sketchathon will take place on Monday 27 September 2021.

The schedule
Starting at 10am East African Time (EAT) and finishing at 5pm EAT, the sketchathon will entail a combination of live Zoom sessions and self-paced activities.

We’ll use the answers in your application forms to set an agenda for the group discussions as we explore themes like: data biases; representation, accessibility and ownership of data; and data inequalities. You’ll also have an opportunity to work in small groups to map your data advocacy aspirations and to tackle some of the data questions you’re grappling with as individuals or organisations.

Participants will also have an opportunity to create a data design using data from the #KeepItOn campaign Shutdown Tracker Optimisation Project.

Who should apply
There are no prerequisites, and literally anybody can apply. We are looking for people who are passionate about uncovering the potential of using numbers to drive forward emotive stories that have the power to advance digital rights preferably in Lesotho, Mozambique, Tanzania, Uganda, Zambia, and Zimbabwe.

A limited number of spaces are available for the workshop. We endeavour to create diverse and collaborative spaces and to foster a sense of community that lasts beyond the event and will strive to create a balanced representation of different geographies, abilities, and approaches among participants.

How to apply
Submit this form before 18.00 East African Time on Wednesday September 22, 2021.

Successful applicants will be notified by Friday September 24, 2021. A modest reimbursement will be provided for participants’ connectivity costs.