Privacy & Protection: Do Ugandans Care What Happens to Their Data?

By Neema Iyer |

Let’s be honest.

When was the last time you read the “Terms and Conditions” before you signed up for a new service online?

We don’t blame you. It’s easy to get lost in the legal jargon.

But do you know what happens to your personal data every time you click on “I have agreed to terms and conditions”? Did you know at the mere click to accept, you could have given a way a portion of your vital information and put your data privacy in absolute jeopardy?

Today, it’s hard to raise the issue of data privacy without putting a thought on the recent Facebook-Cambridge Analytica scandal that made many people realize the power of data. Even with as much information spewed out explaining what the scandal was about, very few took a note to learn from.

A recent allegation from the Cambridge Analytica scandal pins the Uhuru Kenyatta presidential campaign to have employed social media surveillance results to target campaign messages to different profiles of voters. This was possible because Facebook monitors your social media activity and can predict your behavior from that, hence such information is used to target messages that speak to your interests and emotions to sway major decisions such as election outcomes. This isn’t just happening on our doorsteps, allegations claim similar outcomes in the United States and the UK.

The EU revised as much on data privacy and protection in Europe and promised to give users more power over their data. While Europe seems to take quick action, down in Uganda and Africa at large, we continue to grapple with weak data privacy and protection laws, a citizenry that is not well-informed on data privacy, a delay in passing necessary bills and weak implementation processes. Unfortunately, a majority of African countries lack the necessary mechanisms for the inclusive participation of citizens and other stakeholders in the processes of formulating the very laws on internet and digital rights that directly affect them.

Do we care about Data Privacy and Protection?

In December 2017, Unwanted Witness, an activists group petitioned the Uganda Human Rights Commission (UHRC) to compel Parliament to speed up the enactment of privacy and data protection law.

They argued that without a governing law, citizens’ personal data is exposed to abuse without collection and protection safeguards. They further asked UHRC to prioritize privacy and recognize it as a fundamental right under attack in the country. However, to date, we are yet to see significant action taken to build an informed citizenry on their digital rights and to provide appropriate protections.

When talk about data arises, many are not really willing to delve further into the ethics surrounding the topic. This can and will still be attributed to the high illiteracy levels in the country and because many don’t know what data is or how valuable it might be on the long run, they will give it away easily. Funny as it may sound, a majority internet users think ‘data’ is the a term tied to the internet bundles that the ISPs provide and it’s that school of thought that has stuck with them. Whether their data gets in the hands of the wrong or the right people, it’s the least of their concerns.

Data Protection basically means to ensure the right to privacy, respect to confidentiality principles in various relations such as doctor patient, employer-employee and service providers with their clients generally.

Did you know that privacy is your human right?

The right to privacy refers to the concept that one’s personal information is protected from public scrutiny. It is essentially, your right to be left alone. Privacy is a core aspect of human dignity and values such as freedom of association and freedom of speech.

One would wonder, even with the data privacy breaches, are there really laws in place to curb and punish those that are misusing people’s data and evading on their privacy or we are simply looking while our data gets tampered with and is easily handed to the wrong hands.

Are there Laws in Place?

Yes! There is a Ugandan Data Protection and Privacy Bill that was tabled before parliament in 2015 and although the Bill needs to be revised and aligned better with human rights provisions, comments have been raised on the need to balance civil liberties, national security and data protection and privacy.

According to a paper published a couple of years ago by Dr Ronald Kakungulu Mayambala a Senior Lecturer of Human Rights and Peace Centre at Makerere University, Article 27 of the Constitution guarantees the right to privacy of person, home and other property. In particular, article 27(2) of the Constitution provides that a person shall not be subjected to interference with the privacy of that person’s home, correspondence, communication or other property.

Unfortunately there is no comprehensive law giving effect to article 27, yet a lot of data concerning individuals are collected, stored or processed regularly by various institutions in the private and public sector, including banks, hospitals, insurance companies, the Uganda Citizenship and Immigration Control Board, the Uganda Revenue Authority, Uganda Registration Services Bureau, the Electoral Commission, utility service providers and telecommunications companies under the SIM card registration exercise

The Bill seeks to protect the privacy of the individual and personal data by regulating the collection and processing of personal information. It provides for the rights of persons whose data is collected and the obligations of data collectors and data processors; and regulates the use or disclosure of personal information.

However even with these laws and bills in place, further questions continue to be raised on whether they even hold any solid ground in implementation, especially, if there has not been enough sensitization of the bills and data literacy.


What do some people think about data privacy in Uganda?

A chat with a few random Ugandans around town shows you just how long of a way we have to go with the data privacy and protection talk.

“I honestly have nothing to hide with my data and anyone who wants to access it can go ahead and access it. Your data can only be private if you choose to keep it private but if you choose to put it out there and later claim for privacy, then you are playing yourself” — Lisa

“Whatever you put out there is public. I don’t really care who gets my data because once Ipost anything on social media, it’s no longer in any way private. I get a need for data privacy if it comes to my business data like emails. That is when i need some real privacy” — Hans

“Data privacy is not even a topic of debating here in Uganda because people don’t really care what happens with their data. Because we have a huge Internet penetration gap, very many people don’t even know what data is in most parts of africa.” — Emmanuel


World Press Freedom: Ugandan Journalists Convened for Digital Security Training

By Juliet Nanfuka |
On May 2, a total of 27 Ugandan journalists were trained in digital security procedures. The training was held in commemoration of World Press Freedom Day (May 3), which this year was celebrated under the theme “Let Journalism Thrive! Towards Better Reporting, Gender Equality, and Media Safety in the Digital Age”.
The training, which was organised by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) in partnership with Uganda Journalists Union (UJU) and the East and Horn of Africa Human Rights Defenders Project (EHARDP), explored the status of journalism in Uganda as well as the legal and regulatory frameworks affecting freedom of expression in the country. Participants at the training workshop represented print, online and broadcast media houses from across Uganda.
During the training, it emerged that some journalists are not cautious about their online security, similar to those in a previous training hosted by CIPESA. The reuse of one password across different websites and platforms, and overexposure of personal information online were common among the training participants. Email encryption, the use of Virtual private networks (VPNs) and Multi Factor Authentication for passwords, were taught as skills that can aid journalists when investigating sensitive stories that may be prone to surveillance.
Norman Katende, an international award winning journalist, shared his experiences of being threatened while reporting on controversial stories and encouraged journalists to practice caution both online and offline. He questioned how journalism can thrive in the face of police attacks on the media, noting that journalists should not compromise on their security when covering sensitive stories just to earn a living.
According to the Committee to Protect Journalists (CPJ), an international organisation that defends the rights of journalists, over the past two decades, 1125 journalists across the world lost their lives while reporting or investigating stories. The medium increasingly used by journalists to source and disseminate information is the internet.
Last month, Somalia journalist Daud Ali Omar and his wife were murdered. The same month, Kenyan journalist Johan Kituyi, proprietor of the newspaper Mirror Weekly, which has covered controversial national issues, was also murdered.
Increasingly, online publishers and bloggers are also coming under attack in Africa. For instance, a year after their arrest, the Ethiopian Zone9 bloggers remain behind bars and in Burundi, civil unrest related to upcoming elections has led to government restrictions of information flow through various media houses – and radio stations.
Such attacks necessitate digital safety skills for journalists. “When you look at the level of knowledge on ICT that a journalist has – it’s really basic. We have several unsecured email accounts and we visit any website without [considering] security,” noted a journalist at the training in Kampala.
Journalists noted that they do not always exercise their rights and do not request security from their media houses when pursuing sensitive stories. They also indicated a lack of awareness of the laws in place that can aid them in developing stories, such as the Access to Information Act (2005), which compels Ministries, Departments and Agencies to release information.
Following a CIPESA presentation on the legal and regulatory frameworks affecting internet freedom, especially freedom of expression online in Uganda, a Soroti-based journalist said the training had made him re-evaluate how he used his mobile phone and the internet, saying that he had been using these tools “without considering their implications.”
Further to the commemoration of World Press Freedom day, CIPESA participated in the “Digital safety for journalists” plenary session of the global event hosted by UNESCO.  CIPESA and its partners in various countries were also involved in a series of Twitter engagements which explored press freedom, including in the digital world, particularly for African journalists.
The training was conducted in the context of CIPESA’s OpenNet Africa initiative that promotes internet freedom in Africa and is supported by the Open Technology Fund, Hivos and the Association for Progressive Communications (APC).