East and Central Africa: More Advocacy Needed for Progressive ICT Laws and Regulations

Statement |
Civil society representatives, lawyers, and journalists from East and Central Africa have called upon their governments to develop policies that protect citizens’ digital rights and promote the use of the internet for free expression and for pursuing economic and education opportunities. The call was made amidst growing concerns that an increasing number of African countries are taking measures that restrict rather than promote the use of the internet. These measures include introduction of taxes that hinder access and use of  Information and Communications Technology (ICT) and laws that hamper freedom of expression through ICT.
The call was made following a workshop on ICT Policy and Advocacy for actors from East and Central Africa, which took place in Goma, Democratic Republic of Congo. Hosted by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and Rudi International on November 4–6, 2018, alongside the Haki Conference, the workshop drew 29 participants from Burundi, Kenya, DR Congo, Rwanda and Uganda.
Participants noted that the region faces similar challenges such as a lack of data protection laws, mass data collection efforts by governments and business entities, rising self-censorship by individuals and groups who fear reprisals for their online activities, gender-based cyber violence, and high perceptions of undue government surveillance on citizens’ communications. Moreover, some countries in the region have registered blockage of critical websites at the instigation of state authorities, while intimidation and harassment of independent bloggers and activists remain rampant, which affects freedom of expression and the free flow of information online.
In particular, participants urged the Rwanda government to amend its law on interception of communications to strictly define officers who can apply for warrants for monitoring of communications, to strengthen judicial oversight over interceptions activity, and to strictly guard the possibility for mass electronic surveillance.
Burundi was urged to enact a strong access to information law that requires state agencies to pro-actively release information, protects whistleblowers, and effectively advances citizens’ access to information online and offline.
Meanwhile, Burundi, DR Congo, Rwanda and Uganda, were urged to speed up the enactment of comprehensive privacy and data protection laws that strongly protect the integrity of users’ data and severely punish those who misuse such data. None of the countries in the region has a data protection law, although all require mandatory registration of SIM cards and are undertaking various exercises to collect massive amounts of citizens’ data.
In DR Congo, the lack of up-to-date laws to govern the telecommunications sector was noted with concern. Participants called on the National Assembly to expedite the enactment of the bill to update the outdated 2002 law on telecommunications, which is currently before the legislature. However, the parliament should widely consult civil society and the private sector and meaningfully integrate their inputs into the law to be adopted. Moreover, the DR Congo government should enact other ICT-related laws, such as on cyber crime and data protection; and take decisive measures to increase access to affordable fibre around the country, particularly in rural and under-served areas, and meaningfully invest Universal Service Funds in improving broadband access.
The region has this year seen the introduction of online content regulations that undermine the use of ICT. Tanzania and Uganda have started licensing online content producers at a fee, while in July, Uganda set a precedent by introducing taxes to access social media sites including Facebook, Whatsapp and Twitter. The DR Congo, which has ordered various internet disruptions in the last two years, also issued regulations in 2018 that require online publishers to register. .
Indeed, in the wake of these developments, participants called on states to develop laws that robustly stimulate the affordability and usage of the internet and related technologies as opposed to curtailing access to digital communications and stifling freed expression and access to information. The participants also shared their views at DR Congo’s first digital rights conference that concluded with the issuance of the Goma Declaration (French). The training in DR Congo was part of the CIPESA-run OpenNet Africa project (www.opennetafrica.org) which is working to grow the network of individuals and groups that work on advancing internet freedom and building their capacity to engage in digital rights advocacy.

DR Congo Parliament Urged to Pass Laws That Support Citizens’ Rights Online

Statement |
Civil society actors in the Congolese town of Goma have urged the Government of the Democratic Republic of Congo (DRC) to make amendments to its current laws governing Information and Communication Technologies (ICT) to make them favourable to the growth of internet usage, as well as online privacy, access to information and freedom of expression.
The civil society actors, including journalists, digital rights activists and bloggers, also urged the country’s Parliament and the Ministry for ICT to offer meaningful avenues for citizens to provide inputs to proposed new laws related to the telecommunications industry.
The Government has recently sent to the Parliament the Telecommunications and ICT Bill which is aimed at updating the Framework Law 013/2002 on Telecommunications, as well as the e-Transactions Bill, and a law amending the Act that set up the regulator – the Authority of the Post and Telecommunications of Congo (ARPTC). However, neither the Parliament, nor the Ministry, have announced opportunities for other stakeholders to make comments or submissions on these draft laws.
The importance of stakeholder consultations in Congo’s policy-making processes was among the issues that emerged during a two-day ICT policy and advocacy training workshop hosted in Goma on June 10- 11, 2017, by Rudi International and the Collaboration on International ICT Policy for East and Southern Africa (CIPESA). Participants noted that the exclusion of private sector and civil society actors from the law-making process could lead to the passing of laws that are detrimental to internet access and usage in the central African country.
Presently, ICT adoption in DRC faces several challenges including unreasonably high data costs which have largely contributed to the low internet penetration rate of 4.2% as of 2016. The Framework Law 013/2002 on Telecommunications and the Law 14/2002 on the Regulator are the primary laws governing online communication but they do not adequately provide for citizens’ rights to privacy, nor do they provide a conducive environment for citizens to enjoy the right to free expression.
Further, these laws contain vague clauses such as ‘public interest’, ‘disruption of public order’, ‘ultimate truth’, and ‘national security’ which create the latitude for unwarranted abuse of the laws including through censorship and surveillance. Meanwhile, internet and telecommunications services providers lack protection from undue state interference as has been evidenced by the evolution of communications shutdowns in recent years.
The proposed new laws are welcome because they present an opportunity to expunge retrogressive articles from the existing laws and to address the current gaps. However, the current drafts neither reflect sufficient protections for citizens’ rights to privacy and freedom of expression, nor do they adequately support the free flow of information online. For instance, the Telecommunications and ICT Bill contains several problematic clauses, including granting the minister excessive powers over the interception of communications and interruptions to communications. The minister and the regulator also maintain strong over the operations of service providers. Furthermore, there are weak provisions related to data protection, with the bill lacking independent oversight mechanisms particularly with regards to the state making user information requests to service providers.
The lack of independent oversight mechanisms to safeguard against the abuse of the excessive power by the minister fails to ensure that citizens are protected against unwarranted interception of communication.
While article 175 of the proposed ICT and Telecommunications law recognises the right of a citizen to demand for information on their personal data from the state or another entity, there are no clear provisions on how this information can be requested or whether the holders of this information are obliged to respond to an information request within a specified timeframe.
Secure online communication is prioritised in articles 116–117. However, clauses which permit the state to intercept private communication with limited safeguards are also included. Further, article 119 includes a provision for the General Prosecutor to designate a chief magistrate who can instruct any qualified agent from the Ministry of ICT or a telecommunications company to put in place mechanisms that allow for interception of citizens’ online communication.
During the training workshop, the civil society actors noted that these clauses contravene international human rights standards as set out in a number of instruments including the Universal Declaration of Human Rights, African Charter on Human and Peoples’ Rights and the African Declaration on Internet Rights and Freedoms. As such, they recommended that:

  • There should be increased participation by more stakeholders in the law development process, as well as regular multi-stakeholder engagements between government, service providers and civil society;
  • Government, particularly the Ministry of ICT and Parliament, should widely circulate the three bills, create awareness about their objectives and invite comments on the draft laws from various stakeholders;
  • The legislature should ensure that  vague terminologies in the bills, including “national security”, “illicit” and “public order interference”, are defined before they are passed;
  • Since in its current form the Telecommunications and ICT bill creates room for abuse by giving excessive powers to the regulator and the Ministers of Interior, Defence and Security Affairs, the judiciary and Parliament should be granted wider oversight mandate over the regulator and the minister.
  • A specific law on data protection should be enacted to  ensure that citizens’ personal data and privacy are safeguarded;
  • The ICT and telecommunications bill should specify the procedures for citizens to request for information from the state, and the release of such information by the state;
  • The three laws under consideration by Parliament should include clauses that protect the right to freedom of expression and the free flow of information.
  • Clauses on non-discrimination and equality should be introduced in the proposed law on Telecommunications and ICT specifically through criminalising actions that promote cyber bullying, cyber stalking, revenge pornography, and other acts that constitute online violence against women and other minority and vulnerable groups.

These recommendations echo those made by CIPESA in the State of Internet Freedom in DR Congo 2016 report, which also called for the Parliament to work with more stakeholders including civil society, internet users, private sector, academics and the media to review laws and amend those that limit and restrict citizens’ rights to privacy, assembly, expression and access to information. The report also stated that the drafting and amendment of laws should meet acceptable international human rights standards.