Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: national security

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  national security
10Mar

Building a Robust Data Protection Regime in Senegal

Author admin Posted on

By Simone Toussi |
Across Africa, there is a push for digitalisation with different countries at various stages of technology adoption and varying levels of legislative regimes that uphold human rights in the digital sphere.
Senegal is among the African countries that remain committed to upgrading legal and institutional frameworks governing the technology sector. Senegal passed a data protection law twelve years ago and was among the  first African states and the first African Francophone country to ratify the Africa Union Convention on Cyber Security and Personal Data Protection in 2016. It has therefore established itself among the pioneers in data governance in Africa.
Given rapid developments related to biometrics, big data, artificial intelligence, and cloud computing, among others, the government of Senegal is in the process of repealing law n° 2008-12 of January 25, 2008 which governs personal data protection. A draft bill published at the tail end of 2019 to replace the preceding law is currently under public consultation.
On February 27 – 28, 2020, Jonction Senegal, in partnership with the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and Facebook hosted a workshop to review the Personal Data Protection Bill, 2019 and make relevant recommendations from a digital rights perspective. The workshop brought together 25 participants including officials from the Personal Data Commission (CDP), the Ministry of Digital Economy and Telecommunications, the Ministry of Women, Family and Gender, the Ministry of Justice, and representatives from the private sector, and civil society organisations including human rights defenders, lawyers, academia, bloggers and journalists.
Opening the workshop, Professor Mamadou Niane, Director of the Legal Department of the CDP justified the draft bill, citing inadequacies in the 2008 law given the dynamic digital environment and emergence of a diversity of players and threats. Furthermore, he noted the need for convergence with regional and international data protection developments and standards such as those laid out in the General Data Protection Regulation (GDPR), the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data signed and ratified by Senegal in 2016, the Budapest Convention, and the African Union Convention on Cyber Security and Personal Data Protection. According to Prof. Niane, other considerations for a new law related to the composition and oversight powers of the CDP and compliance monitoring mechanisms are also to be addressed. He stated that the draft bill provided for data protection principles in the proposed article 7 including the need for processing within the legal requirements, seeking consent, and necessity with exceptions tied to processing for lawful purpose.
Indeed, Diagne El Hadji Daouda, a cybersecurity specialist from the Computech Institute highlighted the importance of data security and commended the draft bill for outlining the principles of identification and authentication, confidentiality, availability and integrity (non-alteration or modification of the data during processing) under Articles 42 and 43. He also commended the proposed obligations for data controllers to put in place encryption measures and regularly review them to ensure data security; and the notification of breaches  to data subjects and authorities (Article 44). However, Daouda noted that despite these provisions, the draft bill did not incorporate the principle of anonymisation, which is crucial for preserving personal data confidentiality and guaranteeing its security.
The draft bill proposes the establishment of the Personal Data Protection Authority (APDP) to replace the CDP – with a diverse member composition including non-governmental representation. Member nomination is by decree of the president (Article 52). However, a number of provisions in the draft bill refer to a Control Authority and a Protection Authority, which seem separate from the APDP.
Dr. Ndiogou Thierno Amadou, Lecturer and Researcher at the Faculty of Legal and Political Sciences of Cheikh Anta Diop University (UCAD), raised concerns about the distinction between the three different authorities mentioned in the draft bill. Participants therefore urged for clarity on the role of the Control Authority (Article 44), as well as a clear definition and distinction between the APDP and the Protection Authority (Article 62) to avoid ambiguities. The  CDP’s Prof. Niane clarified that all mentions of an authority  in the draft bill refer to the APDP and that the necessary revisions would be made in the next draft.
The need to strike a balance between freedom of expression and personal data protection also emerged.  In his presentation, independent journalist and Director of PressAfrik.com Faye Ibrahima Lissa cited the continent-wide trend in legislative restrictions to freedom of expression on grounds of national security and public order. He emphasised that exemptions under the proposed article 105 of the draft bill relating to personal data for the purposes of journalism, research, artistic or literary expression should be precise to avoid them being used to persecute critical voices.
Similarly, Joe Marone, a media trainer and head of online radio Futurs Media noted the fundamental role of journalists in seeking the truth and being the moral conscience of public opinion and civil society. In this regard, journalism ethics and code of conduct pre-empt personal data protection through protection of sources. However, given the advent of data journalism and citizen journalists, the draft bill serves to better guarantee personal data protection within the profession.
Other issues that emerged included age of consent to data collection. Consent is defined as a declaration or clear affirmative action, either orally or in writing that gives permission to process personal data (article 8). The age of consent is not provided for in the draft bill.  Prof. Niane stated that ongoing efforts at the CDP and Ministry of Justice in partnership with the Ministry of Digital Economy and Telecommunications seek to establish a Children’s Code and related strategy dedicated to minors’ protection in the context of data protection and privacy.
The workshop participants made the following formal recommendations for revision in the next draft of the bill:

  • Set a minimum age of consent
  • The president of the ADPD should be appointed through an internal election by members in order to guarantee the authority’s autonomy.
  • Provide for adequate resource allocation to the APDP to facilitate smooth implementation and enforcement of the law
  • Provide for APDP oversight in procurement and contracting of public or government projects involving personal data collection and processing
  • Provide for authority of the APDP to collect and recover financial penalties imposed on offenders and pass them on to the victims of data breaches.
  • Strengthen the financial autonomy of the APDP by granting it 50% of the amounts recovered from any data protection operations
  • Provide for legal personality of the ADPD to give it perpetual succession with capacity to sue and be sued in its name.

Representatives of the CDP and the Ministry of Digital Economy and Telecommunications welcomed the recommendations and committed to including them in the next draft of the bill, before submission to the General Secretariat of the Presidency of Senegal.

30Nov

#KeepitOn: Joint letter on the internet and the election in Gambia

Author admin Posted on
Joint Letter |
President Yahya Jammeh
cc: Gambia Public Utilities Regulatory Authority (PURA)
Gambia Permanent Mission to the United Nations
African Commission on Human and Peoples’ Rights
30 November 2016
Your Excellency,
We are writing to urgently request that you ensure the stability and openness of the internet during the forthcoming elections in Gambia on December 1. Elections represent the most critical moment in a democracy, and the internet enables free expression and the fulfillment of all human rights.
However, we have received unconfirmed reports through a variety of sources that your government intends to shut down the internet. We implore you to keep the internet on.
Research shows that internet shutdowns and state violence go hand in hand. [1] Shutdowns disrupt the free flow of information and create a cover of darkness that allows state repression to occur without scrutiny. Worryingly, Gambia would be joining an alarming global trend of government-mandated shutdowns during elections, a practice that many African Union member governments have recently adopted, including:  Burundi, Congo-Brazzaville, Egypt, Sudan, the Central African Republic, Niger, Democratic Republic of Congo. [2], [3], [4], [5], [6], [7], [8]
Internet shutdowns — with governments ordering the suspension or throttling of entire networks, often during elections or public protests — must never be allowed to become the new normal.
Justified for public safety purposes, shutdowns instead cut off access to vital information, e-financing, and emergency services, plunging whole societies into fear and destabilizing the internet’s power to support small business livelihoods and drive economic development. In addition, a study by the Brookings Institution indicates that shutdowns drained $2.4 billion from the global economy last year. [9]
International Law
A growing body of jurisprudence declares shutdowns to violate international law. The United Nations Human Rights Council has spoken out strongly against internet shutdowns. In its 32nd Session, in July 2016, the Council passed by consensus a resolution on freedom of expression and the internet with operative language on internet shutdowns. The resolution, A/HRC/RES/32/13, “condemns unequivocally measures to intentionally prevent or disrupt access to or dissemination of information online in violation of international human rights law and calls on all States to refrain from and cease such measures.” The Council intended this clear declaration to combat the blocking and throttling of networks, applications, and services that facilitate the freedoms of expression, opinion, and access to information online. In addition, the African Commission on Human and Peoples’ Rights stated in its November 2016  Resolution on the Right to Freedom of Information and Expression on the Internet in Africa that it was “Concerned by the emerging practice of State Parties of interrupting or limiting access to telecommunication services such as the Internet, social media and messaging services, increasingly during elections.” [10]
In 2015, various experts from the United Nations (UN) Organization for Security and Co-operation in Europe (OSCE), Organization of American States (OAS), and the African Commission on Human and Peoples’ Rights (ACHPR), issued an historic statement declaring that internet “kill switches” can never be justified under international human rights law, even in times of conflict. [11] General Comment 34 of the UN Human Rights Committee, the official interpreter of the International Covenant on Civil and Political Rights, emphasizes that restrictions on speech online must be strictly necessary and proportionate to achieve a legitimate purpose. Shutdowns disproportionately impact all users, and unnecessarily restrict access to information and emergency services communications during crucial moments.
The internet has enabled significant advances in health, education, and creativity, and it is now essential to fully realize human rights including participation in elections and access to information.
We humbly request that you use the vital positions of your good offices to:

  • Ensure that the internet, including social media, remains on in Gambia throughout the election and beyond
  • Publicly declare your commitment to keep the internet on, including social media
  • Encourage telecommunications and internet services providers to respect human rights, including through public disclosures and transparency reports.

We are happy to assist you in any of these matters.
Sincerely,
Access Now
Association for Progressive Communications (APC)
CIPESA
Heliopolis Institute
Human Rights Foundation
iFreedom Uganda
Internet Sans Frontières
Media Foundation for West Africa
Paradigm Initiative Nigeria
Social Media Exchange (SMEX)
Strathmore University Centre for IP and It Law (CIPIT)
Unwanted Witness Uganda
 
[1] Sarah Myers West, ‘Research Shows Internet Shutdowns and State Violence Go Hand in Hand in Syria’ (Electronic Frontier Foundation, 1 July 2015)
<https://www.eff.org/deeplinks/2015/06/research-shows-internet-shutdowns-and-state-violence-go-hand-hand-syria> accessed 18 February 2016.
[2] ‘Access urges UN and African Union experts to take action on Burundi internet shutdown’ (Access Now 29 April 2015) <https://www.accessnow.org/access-urges-un-and-african-union-experts-to-take-action-on-burundi-interne/> accessed 18 February 2016.
[3] Deji Olukotun, ‘Government may have ordered internet shutdown in Congo-Brazzaville’ (Access Now 20 October 2015) <https://www.accessnow.org/government-may-have-ordered-internet-shutdown-in-congo-brazzaville/> accessed 18 February 2016.
[4]  Deji Olukotun and Peter Micek, ‘Five years later: the internet shutdown that rocked Egypt’ (Access Now 21 January 2016) <https://www.accessnow.org/five-years-later-the-internet-shutdown-that-rocked-egypt/> accessed 18 February 2016.
[5] Peter Micek, ‘Update: Mass internet shutdown in Sudan follows days of protest’ (Access Now, 15 October 2013) <https://www.accessnow.org/mass-internet-shutdown-in-sudan-follows-days-of-protest/> accessed 18 February 2016.
[6] Peter Micek, ‘Access submits evidence to International Criminal Court on net shutdown in Central African Republic’(Access Now 17 February 2015) <https://www.accessnow.org/evidence-international-criminal-court-net-shutdown-in-central-african-repub/> accessed 18 February 2016.
[7] ‘Niger resorts to blocking in wake of violent protests against Charlie Hebdo cartoons.’ (Access Now Facebook page 26 January 2015) <https://www.facebook.com/accessnow/posts/10153030213288480> accessed 18 February 2016.
[8] Peter Micek, (Access Now 23 January 2015) ‘Violating International Law, DRC Orders Telcos to Cease Communications Services’ <https://www.accessnow.org/violating-international-law-drc-orders-telcos-vodafone-millicon-airtel/> accessed 18 February 2016.
[9] Darrell West, (Brookings Institution, October 2016) “Internet shutdowns cost countries $2.4 billion last year” https://www.brookings.edu/wp-content/uploads/2016/10/intenet-shutdowns-v-3.pdf
[10] African Commission on Human and Peoples’ Rights, (November 2016) ‘362: Resolution on the Right to Freedom of Information and Expression on the Internet in Africa – ACHPR/Res. 362(LIX) 2016’ http://www.achpr.org/sessions/59th/resolutions/362/
[11] Peter Micek, (Access Now 4 May 2015) ‘Internet kill switches are a violation of human rights law, declare major UN and rights experts’ <https://www.accessnow.org/blog/2015/05/04/internet-kill-switches-are-a-violation-of-human-rights-law-declare-major-un> accessed 18 February 2016.

This join letter first appeared on the Access Now website