Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: surveillance

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  surveillance
06Oct

The G20 Should Challenge the Power Dynamics in Digital Public Infrastructure

Author CIPESA Posted on

Juliet Nanfuka |

Data plays a crucial role in T20 discussions at the G20, influencing online interaction and civic engagement. The G20 should use its influence to create a multi-stakeholder agenda for Digital Public Infrastructure design.

Data is at the heart of T20 discussions around the G20, as it informs the architecture of online interaction, civic participation (and exclusion) and the governance of digital society. As such, it is also central to digital public infrastructure (DPI), serving as a foundational requirement and an enabler of new data generation and data mobility. Data drives the three key pillars of DPI – digital identification, digital payments and data exchange – in addition to other emerging features such as geospatial data and data aggregation. However, the expanding role of DPI raises questions about its alignment with constitutional guarantees, data protection frameworks and the lived realities of end users across Africa.

In 2023, India’s G20 presidency laid the foundation for discourse on DPI with great precision. A year later, the 2024 G20 Rio de Janeiro Leaders’ Declaration acknowledged ‘the contribution of digital public infrastructure to an equitable digital transformation’. It went on to note ‘the transformative power of digital technologies to bridge existing divides and empower societies and individuals including all women and girls and people in vulnerable situations. 

Consequently, DPI has been positioned as a necessary tool for international trade facilitation and industrialisation in developing countries. In Africa, this momentum has been supported by strategies such as the AU’s Digital Transformation Strategy for Africa (2020–2030), the African Continental Free Trade Area (AfCFTA) and the 2024 adoption of the Continental AI Strategy. Various countries across the continent have integrated DPI into their national strategies.

The pace of DPI integration is mirrored by growing financial investment in DPI. Examples include the $200 million Ghana Digital Acceleration Project by the World Bank in 2022 to expand broadband access and strengthen digital innovation ecosystems. In June 2025, the AfCFTA Adjustment Fund Credit Facility funded $10 million to support private sector adaptation to AfCFTA frameworks, with initial commitments to Telecel Global Services to enhance connectivity and regional integration. The company provides wholesale voice and SMS services and enterprise connectivity solutions to more than 250 telecom operators across Africa and globally.

While the expansion of DPI is often framed as a progressive step, it also carries significant governance trade-offs. The expansion of DPI in countries with weak democratic safeguards heightens the risk of state overreach, mass surveillance and reduced civic freedoms, making it essential to set clear limits on state access to citizens’ data to safeguard participation and accountability. Further, concerns over data sovereignty also loom.

Other T20 commentaries have stressed the urgent need for multi-stakeholder engagement to align DPI with the realities of developing countries. Without this alignment, DPI could increase existing regulatory gaps that compromise civic rights and consumer protection, fraud prevention and privacy. Meanwhile, the current wave of DPI design could exclude smaller economies that lack the capacity to engage in complex cross-border arrangements, such as those established between India’s Unified Payments Interface and Singapore’s PayNow. However, efforts such as the East African Community’s Cross-Border Payment System Masterplan aimed at inclusive, secure, efficient and interoperable cross-border payments in the region are underway.

If DPI is deployed without further interrogation, especially within the contexts of lower-income and developing countries that are often still navigating authoritarian systems, there is a risk of introducing yet another form or layer of digital exclusion from the global ecosystem. This could amplify existing national exclusions emerging from lack of access to the basics promised by DPI, such as national identity documents as keys to financial inclusion or access to basic services and civic rights.

When governments replace human interaction with automated systems, they risk ignoring the real-life experiences and needs of people who use – or could use – DPI. Thus, while DPI is being positioned as a solution to the challenges many developing countries are facing, it is important to keep in mind that infrastructure is not neutral. Its built-in biases, risks and design choices will ultimately impact citizens. Thus, for the real impact of DPI to be realised, it is necessary for the G20 to address concerns on:

  • The power affordances embedded in DPI design. The architecture of DPI prioritises the interests of those who design and fund it. The G20 should require that DPI initiatives undergo power mapping to identify who holds decision-making authority, how data flows are controlled and which actors stand to benefit or be marginalised by the design and deployment of DPI.
  • The institutionalisation of regulatory sandboxing. Regulatory sandboxes offer a controlled, transparent environment where DPI tools and policies can be tested for fairness, legality, inclusivity and public interest alignment before full-scale implementation. The G20 should promote the use of regulatory sandboxes as a mechanism to scrutinise DPI systems and their governance frameworks.
  • Strengthen multi-stakeholder inclusion. DPI needs to be built with the participation of more stakeholders – including civil society, private sector actors, academia and marginalised communities – in decision-making. The G20 should use its convening power to set the multi-stakeholder agenda in the design of DPI interventions. 
  • Safeguard data sovereignty. African countries developing data governance frameworks need to balance sovereignty with interoperability, and prevent a dependency on foreign-controlled systems.
  • Enhance public awareness interventions. Despite significant DPI developments, many citizens remain unaware of their implications. The media plays a critical role in bridging this gap. There should be more integration with media partners in furthering public awareness of DPI, its functions and consequences. The G20 should not negate the role of the media in driving public awareness on DPI interventions.

This commentary was first published on the T20 website on October 06, 2025.

22Sep

FIFAfrica25 Invites YOU to “Be The Experience”!

Author CIPESA Posted on

FIFAfrica25 |

This year, we invite participants of the Forum on Internet Freedom in Africa (FIFAfrica25) to “Be the experience!” The Forum will encourage attendees, onsite or participating remotely to engage in various interactions that bring digital rights issues to life.  These experiences aim to break down barriers between complex digital rights policy concepts and real-world lived experiences. Ultimately, whether you are a policymaker, activist, journalist, academic, technologist, or artist, FIFAfrica25 will have a space for you to contribute.

Here is what we have lined up: 

  • An online community of attendees already meeting and engaging with each other on various topics. Be sure to be registered on the event platform to join in. 
  • An immersive exhibition where various organisations and individuals will share their work and artworks.
  • A biker doing a round trip across 10 countries (more details below) to advance the call for the #RoadToDigitalSafety 

A Run for #InternetFreedomAfrica that aims to bring together participants to jog, or walk in solidarity with the call for a free, fair and open internet. More details below.

“Be The Experience” and Win!

We have some goodies lined up to reward those who have lived up to the FIFAfrica’s Be The Experience experience, this could be through vibrant engagement that gets you high scores on the event leader board, sharing compelling post online – and tagging us, through to active engagement in sessions and with the different exhibitors at the Forum.  Use the hashtags #InternetFreedomAfrica and #FIFAfrica25 to join a vibrant community working to shape a more open, inclusive, and rights-respecting digital future for the continent. Be sure to also follow CIPESA (@cipesaug) on XFacebook and LinkedIn.

The Journey To FIFAfrica25 Already Begun

A week ago, Andrew Gole set off on an extraordinary solo motorbike journey that will span over 13,000 km across 10 African countries. His mission is to ride from Uganda all the way to Windhoek, Namibia – arriving just in time for the Forum on Internet Freedom in Africa (FIFAfrica25) where he will also be part of the Digital Security Hub. Here are some pictures of Gole at the Kenya – Uganda border alongside members of the bikers club the accompanied him from Kampala to the border.

Andrew Gole set off from Kampala, Uganda on September 12, 2025 and as of today, has traversed five of the ten countries he is expected to journey through on hos #RoadToDigitalSafey.

Join the Run for #InternetFreedomAfrica Is Heading to Windhoek


We are taking the movement for digital rights beyond the conference halls and onto the streets. On September 24, 2025, join a community of attendees and everyday internet users for a run and walk that celebrates our collective call for a free, open and secure internet across Africa.

The run is set to coincide with the arrival of Andrew Gole who is riding from Uganda to Namibia. By being a part of the run – and several other morning runs that will be part of the Forum (look out for updates in the event platform).  Whether you’re jogging, walking, or cheering from the sidelines, the Run for Internet Freedom is a moment to be part of a movement that builds digital resilience. digital inclusion and pushes back against digital repression.

More details will be shared about the run soon.

06Aug

Ayele Addis Ambelu

Author CIPESA Posted on

Ayele Addis Ambelu is an award-winning journalist, investigative reporter, and digital rights advocate with over five years of experience in public interest journalism. He works with Africa News Channel and Ethiopian Mass Media Action (EMMA NEWS), producing in-depth stories on digital
governance, human rights, technology, and environmental justice. Ayele’s reporting focuses on the impact of digital public infrastructure—such as digital ID systems, open data, and internet access—on marginalized communities in Ethiopia and across Africa. He holds an MA in Media and
Communication and has published over 100 investigative pieces spanning radio, online, and academic platforms. As a media literacy trainer and program editor, Ayele also mentors emerging journalists on fact-checking, digital safety, and AI in the newsroom. His work has been recognised by the Nile Media Awards, the Festove investigative Media Award in Switzerland, the African Continental Re media award in South Africa, and WHO Africa. He is passionate about using journalism to expose inequality and drive inclusive digital transformation.

Below articles published include,

Digital Ethiopia or Digital Mirage? Who Pays When E-Government Fails

Behind Fayda: The Hidden Costs, Winners, and Losers of Ethiopia’s Digital ID Revolution

What is the digital ID that is supposed to be issued to all legal residents of Ethiopia?

Challenges and solutions of the Digital Ethiopia 2025 journey

Digital Ethiopia or Digital Mirage? Who Pays When E-Government Fails

Digital Ethiopia 2030: A Bold National Vision at the Crossroads of Promise and Peril

800 types of government services converted to digital

Audio Recordings

By Ayele Addis Ambelu

African Woman on Social Media
22May

Africa’s Digital Dilemma: Platform Regulation Vs Internet Freedom

Author Brian Posted on

By Brian Byaruhanga |

Imagine waking up to find Facebook and Instagram inaccessible on your phone – not due to a network disruption, but because the platforms pulled their services out of your country. This scenario now looms over Nigeria, as Meta, the parent company of Facebook and Instagram, may shut down its services in Nigeria over nearly USD 290 million in regulatory fines. The fines stem from allegations of anti-competitive practices, data privacy violations, and unregulated advertising content contrary to the national laws. Nigerian authorities insist the company must comply with national laws, especially those governing user data and competition. 

While this standoff centres on Nigeria, it signals a deeper struggle across Africa as governments assert digital sovereignty over global tech platforms. At the same time, millions of citizens rely on these platforms for communication, activism, access to health and education, economic livelihood, and self-expression. Striking a balance between regulation and rights in Africa’s evolving digital landscape has never been more urgent.

Meta versus Nigeria: Not Just One Country’s Battle

The tension between Meta and Nigeria is not new, nor is it unique. Similar dynamics have played out elsewhere on the continent:

  • Uganda (2021–Present): The Ugandan government blocked Facebook after the platform removed accounts linked to state actors during the 2021 elections. The block remains in place, effectively cutting off millions from a critical social media service unless they use Virtual Private Networks (VPNs) to circumvent the blockage.
  • Senegal (2023): TikTok was suspended amid political unrest, with authorities citing the app’s use for spreading misinformation and hate speech.
  • Ethiopia (2022): Facebook and Twitter were accused of amplifying hate speech during internal conflicts, prompting pressure for tighter oversight.
  • South Africa (2025): In a February 2025 report, the Competition Commission found that freedom of expression, plurality and diversity of media in South Africa had been severely infringed upon by platforms including Google and Facebook. 

The Double-Edged Sword of Regulation

Governments have legitimate reasons to demand transparency, data protection, and content moderation. Today, over two-thirds of African countries have legislation to protect personal data, and regulators are becoming more assertive. Nigeria’s Data Protection Commission (NDPC), created by a 2023 law, wasted little time in taking on a behemoth like Meta. Kenya also has an active Office of the Data Protection Commissioner, which has investigated and fined companies for data breaches. 

South Africa’s Information Regulator has been especially bold, issuing an enforcement notice to WhatsApp to comply with privacy standards after finding that the messaging service’s privacy policy in South Africa was different to that in the European Union. These actions send a clear message that privacy is a universal right, and Africans should not have weaker safeguards.

These regulatory institutions aim to ensure that citizens’ data is not exploited and that tech companies operate responsibly. Yet, in practice, digital regulation in Africa often walks a thin line between protecting rights and suppressing them.

While governments deserve scrutiny, platforms like Meta, TikTok, and X are not blameless. They often delay to respond to harmful content that fuels violence or division. Their algorithms can amplify hate, misinformation, and sensationalism, while opaque data harvesting practices continue to exploit users. For instance, Branch, a San Francisco-based microlending app operating in Kenya and Nigeria, collects extensive personal data such as handset details, SMS logs, GPS data, call records, and contact lists in exchange for small loans, sometimes for as little as USD 2. This exploitative business model capitalises on vulnerable socio-economic conditions, effectively forcing users to trade sensitive personal data for minimal financial relief.

Many African regulators are pushing back by demanding localisation of data, adherence to national laws, and greater responsiveness, but platform threats to exit rather than comply raise concerns of digital neo-colonialism where African countries are expected to accept second-tier treatment or risk exclusion.

Beyond privacy, African regulators are increasingly addressing monopolistic behaviour and unfair practices by Big Tech as part of a broader push for digital sovereignty. Nigeria’s USD 290 million fine against Meta is not just about data protection and privacy, but also fair competition, consumer rights, and the country’s authority to govern its digital space. Countries like Nigeria, South Africa and Kenya are asserting their right to regulate digital platforms within their borders, challenging the long-standing dominance of global tech firms. The actions taken against Meta highlight the growing complexity of balancing national interests with the transnational influence of tech giants. 

While Meta’s threat to exit may signal its discomfort with what it views as restrictive regulation, it also exposes the real struggle governments face in asserting control over digital infrastructure that often operates beyond state jurisdiction. Similarly, in other parts of Africa, there are inquiries and new policies targeting the market power of tech giants. For instance, South Africa’s competition authorities have looked at requiring Google and Facebook to compensate news publishers  (similar to the News Media and Digital Platforms Mandatory Bargaining Code in Australia). These moves reflect a broader global concern that a few platforms have too much control over markets and need checks to ensure fairness.

The Cost of Disruption: Economic and Social Impacts

When platforms go dark, the consequences are swift:

  • Businesses and entrepreneurs lose access to vital marketing and sales tools.
  • Creators and influencers face income loss and audience disconnection.
  • Activists and journalists find their voices limited, especially during politically charged periods.
  • Citizens are excluded from conversations and accessing information that could help them make critical decisions that affect their livelihoods.
  • Students and educators experience setbacks in remote learning, particularly in under-resourced communities that rely on social media or messaging apps to coordinate learning.
  • Access to public services is disrupted, from health services to government updates and emergency communications.

A 2023 GSMA report showed that more than 50% of small businesses in Sub-Saharan Africa use social media for customer engagement. In countries such as Nigeria, Uganda, Kenya or South Africa, Facebook and Instagram are lifelines. Losing access even temporarily sets back innovation, erodes trust, and impacts livelihoods.

A Call for Continental Solutions

Africa’s digital future must not hinge on the whims of a single government or a foreign tech giant. Both states and companies should be accountable for protecting rights in digital contexts, ensuring that development and digitisation do not trample on dignity and equity. This requires:

  • Harmonised continental policies on data protection, content regulation, and digital trade.
  • Regional norm-setting mechanisms (like the African Union) to enforce accountability for both governments and corporations.
  • Investments in African tech platforms to offer resilient alternatives.
  • Public education on digital rights to empower users against abuse from both state and corporate actors.
  • Pan-African contextualised business and human rights frameworks to ensure that digital governance aligns with both local realities and global human rights standards. This includes the operationalisation of the UN Guiding Principles on Business and Human Rights, following the examples of countries like Kenya, South Africa and Uganda, which have developed national action plans to embed human rights in corporate practice.

The stakes are high in the confrontation between Nigeria and Meta. If mismanaged, this tension could lead to fragmentation, exclusion, and setbacks for internet freedom, with ordinary users across the continent paying the price. To avoid this, the way forward must be grounded in the multistakeholder model of internet governance which aims for governments to regulate wisely and transparently, and for tech companies to respect local laws and communities, and for civil society to be actively engaged and vigilant. This will contribute to a future where the internet is open, secure, and inclusive and where innovation and justice thrive. 

Surveillance
12Mar

The Surveillance Footprint in Africa Threatens Privacy and Data Protection

Author CIPESA Posted on

By Edrine Wanyama 

Digital and physical surveillance by states, private companies that develop technology or supply governments and unscrupulous individuals globally and across Africa is a major threat to the digital civic space and operations of civil society organisations (CSOs), human rights defenders (HRDs), activists, political opposition, government critics and the media. The highly intrusive technology, which is often facilitated by biometric data collection systems such as for processing of national identification documents, voter cards, travel documents, mandatory SIM card registration and the installation of CCTV cameras for “smart cities”, adversely impacts the digital civic space. 

Given these developments, the Digital Rights Alliance Africa (DRAA), a network of CSOs, media, lawyers and tech specialists from across Africa that seeks to champion digital civic space and counter threats to digital rights on the continent, recently held a learning session on “Understanding Surveillance Trends, Threats and Challenges for Civil Society.” The Alliance was created by the International Center for Not-for-Profit Law (ICNL) and the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in response to rising digital authoritarianism. It currently has members from more than 12 countries, who collectively conduct research and advocacy and share experiences around navigating digital threats and influencing strategic digital policy reforms in line with the alliance’s outcome declaration

The virtual learning session built capacity among the Alliance members to better understand digital surveillance and the related threats facing democracy actors. Discussions delved into the nature of surveillance, the regulatory environment, and strategies to navigate and counter surveillance risks and threats. The threats and risks include harassment, arbitrary arrests, persecution and prosecution on trumped up charges. 

While emphasising the need to understand emerging surveillance technologies, ecosystem and deployment tactics, Richard Ngamita, the Team Leader at Thraets, highlighted the huge investment (estimated at USD 1 billion annually) which African governments have made in acquiring surveillance technologies from China, Israel, the United States of America and Europe. Ngamita urged CSOs, HRDs and other actors to build digital security capacity to protect against illegal surveillance.

Victoria Ibezim-Ohaeri, the Executive Director of Spaces for Change, while referencing the  Proliferation of Dual-Use Surveillance Technologies in Nigeria: Deployment, Risks & Accountability – Spaces for Change report, highlighted weak regulation and unaccountable practices by states that facilitate unlawful surveillance across the continent and their implications on rights. According to the report,

“The greatest concern around surveillance technologies is their potential misuse for political repression and human rights abuses. Surveillance practices also undermine the citizens’ dignity, autonomy, and security, translating to significant reductions in citizens’ agency. Agency reductions are magnified by the state’s power to punish dissent. This creates a chilling effect as citizens self-censor or avoid public engagement for fear of being surveilled or punished. The citizens have little agency to challenge or resist the state’s surveillance because of low digital literacy, poverty and broader limitations in access to justice.”

Michaela Shapiro, the Global Engagement and Advocacy Officer at Article 19, United Kingdom, discussed the governing norms of surveillance globally while paying particular attention to the common gaps that need policy action at the country level in Africa. Recalling the intensification of digital and physical surveillance as part of state responses to curb the spread of Covid-19 in the absence of clear oversight mechanisms, Michaela emphasised the role of CSOs in advocating for data and privacy protection. 

To-date, the leading instrument of data protection on the continent, the African Union Convention on Cyber Security and Personal Data Protection has only 16 ratifications out of 55 states, while only 36 states have enacted specific laws on privacy and data protection rights.

Surveillance in Africa generally poses a major threat to individuals’ data and privacy rights since governments exercise wide access over the data subjects’ rights. National security and the loopholes in the laws are usually exploited to abuse and violate data rights. While there are regional and international standards, these are often overlooked with governments taking measures that are not provided for by the law, rendering them unlawful, arbitrary and disproportionate under human rights law. 

By way of progressive actions, speakers noted and made recommendations to States and non-state actors to the effect that:

States and Governments 

  • Address surveillance and bolster personal data and privacy protections through adopting robust legal and regulatory frameworks and repealing restrictive digital laws and policies.
  • Promote and enhance transparency and accountability through the establishment of independent surveillance oversight boards.
  • Strictly regulate the use of surveillance technologies by law enforcement and intelligence agencies to ensure accountability.
  • Collaborate with other countries to develop harmonised privacy standards within the established regional and international standards to have settled positions on cross-border controls on surveillance.

Civil Society Organisations

  • Build and enhance capacities of HRDs and other players in data governance and accountability to equip them with knowledge to counter common data privacy threats by governments and corporate entities.
  • Push for ethical and responsible use of technology to prevent and minimise technology-related violations. 
  • Challenge all forms of unlawful use of surveillance practices through legal action by, among others, taking legal actions.

Tech Sector

  • Conduct regular audits and impact assessments to address potential privacy breaches and enhance accountability and transparency. 
  • Prioritise privacy and integrate privacy protections into their products and services including data collection minimisation and establish strong security measures for privacy.
  • Prioritise ethical considerations in the development and deployment of new technologies to guarantee strong protections against potential violations.

1 3 4 5 6 7 17