CIPESA Submits Comments On The Uganda Data Protection and Privacy Bill, 2015

Official Submission |
Article 27 of Uganda’s constitution provides for citizens’ right to privacy, however, there is no law to protect an individual’s data privacy despite the large amounts of citizen data collected by government departments and private entities on a regular basis. More concerning, is that this data is collected with no guarantee of its protection and privacy.
Some existing legislation, for instance the Computer Misuse Act, 2011 (section 18); Access to Information Act, 2005 (section 26); Uganda Communications Act, 2013 (section 79); Electronic Signatures Act, 2011 (section 81); and the Regulation of Interception of Communications Act, 2010 (section 2) prohibit unauthorised access and disclosure of information. However, the provisions in these laws are not elaborate and do not adequately protect personal data.
The publication of the draft Data Protection and Privacy Bill 2014 was therefore a milestone. Accordingly, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) submitted comments to that version of the bill. Various concerns were raised including vague wording which left the bill open to misinterpretation, unclear procedural processes for collection and retention, as well as the costs associated with accessing personal data.
More recently on , CIPESA welcomes the Parliament of Uganda’s call for submissions on the Draft Data Protection and Privacy Bill, 2015. It once again gives opportunity for stakeholders to provide input to ensure that the law, when enacted, measures up to internationally acceptable standards of data protection.
In our latest submission, we highlight some of the positive principles and provisions of the Bill. Furthermore, we indicate areas of concern and suggest amendments to ensure that if the bill is passed into law, there are sufficient safeguards to regulate the collection, storage and use of data towards upholding citizens’ right to privacy.
See the full submission made on the Uganda Data Protection and Privacy Bill, 2015 presented to the Committee on Information and Communication Technologies (ICT) in the Parliament of the Republic of Uganda

Harnessing the Data Revolution for National Development: The Case of Uganda

By Loyce Kyogabirwe|
The United Nations (UN) has recognised data as a key factor for achieving and monitoring sustainable development. Indeed, the push for open data that contributes to government transparency and accountability and promotes citizens’ right to information and innovation through the Information and Communication Technology (ICT) sector continues to gain prominence globally, including in Africa.
In Uganda, the government is geared towards contributing to the emerging data revolution for sustainable development. Since 2016, the country has been party to the African Charter of Statistics and is also working to implement the UN Fundamental Principles of National Official Statistics as well as the Cape Town Action Plan. Uganda has also developed the National Development Plan and is party to regional development agendas such as Agenda 2063 and the East African Community’s Vision 2050.
In tandem with the above commitments and recognition of the need for quality data that responds to the demands of development agendas, the Uganda Bureau of Statistics (UBOS) together with other development agencies hosted the country’s first High Level National Data Forum from November 14 to 17, 2017 in Kampala to reflect on how to harness the data revolution for national development.
While presenting the National Standards Indicator Framework (NSIF) at the Forum, Imelda Musana, Deputy Director of Statistical Production and Development at UBOS underscored the importance of data and statistics for actualising the NSIF as an effective tool for measuring progress and performance, informing planning and resource allocation in all government Ministries, Departments and Agencies (MDAs).
Further, Bill Anderson, Data and Information Architect at Development Initiatives (DI) reiterated the need to build sustainable and inclusive data ecosystems. “To meet national development plans and the Sustainable Development Goals (SDGs), we need to build sustainable systems that are sustainably funded to tell the story of everyone in every village” he said.
During the discussion, it was recognised that due to decentralised statistical systems and fragmented data sets, official statistics did not reflect data generated by non-state data producers including the private sector, academia, civil society and the citizens. Participants therefore called for frameworks that can allow these sources of data, who are also motivated by the data revolution, to feed into the national statistics.
Coordination, collaboration and partnerships was also pointed out as essential for a functional and inclusive data ecosystem. According to Norah Madaya, Director of Statistical Coordination Services at UBOS, partnerships are inevitable in order to minimise duplication of efforts and increase efficiency and harmonisation of programmes. However, she noted existing challenges that hinder coordination and partnerships within the data ecosystem, such as lack of institutionalised statistical structures in government agencies, inadequate commitment to factors driving coordination such as harmonised ICT platforms and resistance to joint survey undertakings.
Meanwhile, usability as a driver for the national data ecosystem was also discussed, with widespread calls for data released by government to be in easily accessible digital formats. Currently, most public information/data released by government agencies is in PDF format and does not meet open data principles as prescribed in the Open Data Charter which calls for data to be released in a format that easily accessible, reusable and allows for manipulation, among others.
On the ICT front, Kenneth Bagarukayo, from the Ministry of ICT and National Guidance noted that Uganda’s readiness for open data is hindered by lack of common data standards as well as inadequate infrastructure. As such, in 2015, the government embarked on the process of developing the Open Data Policy that will help address these challenges. A draft of the policy has been developed with priority areas focusing on open data working groups, the development of an open data portal and high value data sets. According to Bagarukayo, policy consultations have been completed and the draft policy will be presented to cabinet for approval in December 2017.
Meanwhile, efforts are also underway to build Communities of Practice (CoP) on data among civil society, private sector and public-sector organisations. One such initiative is the East Africa Community of Practice for Data Revolution and SGDs which is working to enable actors meet frequently and deliberate on best practices, challenges and experiences of their engagements on data and community at the subnational level. Development Initiatives is leading efforts in Uganda towards agreeing on a general action plan for the country’s CoP and recently held a meeting with various actors including CIPESA to discuss gaps and needs that the CoP might address to increase collaboration across the East African region.
Ultimately, the National Data Forum was a ground-breaking event which will hopefully bring the data revolution to the forefront of national debates and support awareness of the evolving data demands for measuring national, regional and international development initiatives. Discussions over the three day event rallied stakeholders to come together and support more investment in data production, analysis and use, for evidence based planning.

Access to Public Information in Uganda: Rhetoric or Reality?

By Loyce Kyogabirwe |
Norah Owaraga, a Ugandan researcher, recently narrated her experience on accessing government-held information in the country. She recounted a trip to Tororo district in eastern Uganda where she sought information on Tuberculosis prevalence in prisons. “I was told to go back to the prisons headquarters in Kampala (the capital) to get authorisation yet I had already received clearance from Uganda National Council for Science and Technology (UNCST) and the President’s Office to access government information. Why did I have to travel back to Kampala when I had all the clearance?” asked Owaraga.
Her question was directed at Frank Baine, the spokesperson of Uganda Prisons, during a dialogue held in Kampala to commemorate the International Day for Universal Access to Information, which falls on September 28.
In his response, Baine quoted section 4.8.1(i) of the Code of Conduct and Ethics for Uganda Public Service, 2006 and the Official Secrets Act 1964, stating that public officials are custodians of information that comes into their possession during the course of duty. “Without due permission from an authorising officer, such information cannot be communicated,” explained Baine. In Owaraga’s case, he said the authorising officer was not within the UNCST or the President’s office. Rather, it was the head of Uganda Prisons who had the mandate to authorise the release of the information.
Owaraga’s experience mirrors the challenges faced by Ugandan citizens in realising the right to access information. The right of access to information is enshrined in article 41 of the Constitution of the Republic of Uganda, 1995 which provides that, “Every citizen has a right of access to information in the possession of the state or any other organ of the state except where the release of the information is likely to interfere with the security of the state or the right to the privacy of any other person”. Uganda was among the first African countries to enact a right to information law, the Access to Information Act (ATIA), 2005 and later the Access to Information Regulations, 2011.
The ATIA is aimed at promoting transparency and accountability in all organs of the state by providing the public with timely, accessible and accurate information. Baine’s response instead highlights that a culture of secrecy still persists, with limited proactive release of information by public agencies and denial of citizens’ requests for information.
Other challenges that were raised during the dialogue include the high costs of accessing information, lack of knowledge of the provisions of ATIA among citizens and public officials, and the tedious procedures of requesting for information – all of which impact on the level of citizens’ information requests.
Despite the challenges, the government has taken some steps to promote access to public information. Speaking at the dialogue, Moses Watasa, Commissioner of Information Dissemination at the Ministry of ICT and National Guidance, explained that the Ministry is working to sensitise all government ministries, departments and agencies (MDAs) on ATIA as well as strengthening communication departments within MDAs and local governments with the aim of improving information gathering and dissemination.
Furthermore, the ministry has developed a centralised government information web portal (www.gov.go.ug), which functions as a gateway to all other government websites. The portal is reinforced by the ministry’s requirement for all MDAs to have a communications officer, functional website, a presence on social media and email addresses for officials to ensure public accessibility.
Watasa acknowledged that there has been a culture of secrecy among public officials further compounded by internal bureaucracies. He stated that the government was working to review archaic guidelines that restrict responsiveness or proactive disclosure by public officers.
Meanwhile, according to Watasa the government is also due to launch Open Government Sessions aimed at bridging the information gap between citizens and duty bearers. The sessions, which will be hosted monthly, will involve different MDAs interfacing with the public on functions, ongoing activities, budget allocations and expenditure and feedback. It is expected that the sessions will be broadcast live on TV and leverage social media platforms to allow remote participation.
However, it remains unclear when the archaic laws and guidelines will be reviewed and implemented to ease citizens’ access of public information. It is only through improved access to information that there can be increased social accountability and government transparency towards improved service delivery and greater citizen participation in governance and democratic processes.
The dialogue on access to information in Uganda was organised by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in partnership with the Ministry of ICT and National Guidance in the context of the ICT4Democracy in East Africa initiative’s objective to engage stakeholders on supportive policies and practices for human rights and democratic governance in East Africa. It brought together 50 participants including public officials, policy makers, civil society, media, and scholars to reflect on the role of information in improving service delivery and accountability in Uganda.

CIPESA Engages Ugandan Members of Parliament on Implementation of Access to Information Law

By Loyce Kyogabirwe |
It is 12 years since Uganda passed an access to information law with the purpose of promoting transparency and accountability in all organs of the state by providing the public with timely, accessible and accurate information. The law also empowers the public to scrutinise and to participate in government decisions. However, the law has remained largely unimplemented as many Ministries, Departments and Agencies (MDAs) ignore citizens’ requests for information and rarely release information pro-actively, which contravenes the law.
“I have sent several information requests to the Ask Your Government (AYG) Uganda portal. It is now three months and I have never received any feedback,” said Cuthbert Abigaba, Member of Parliament (MP) for Kibaale county in Kamwenge district, while speaking at an engagement of Uganda’s MPs on implementing the Access to Information Act 2005. Organised by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) on July 13, 2017, the convening was a follow up on an earlier engagement with the MPs on their duties and responsibilities in enforcing the access to information law.
Section 43 of the Access to Information Act requires parliament to receive annual reports from each minister detailing all requests received from citizens for access to records or information, and indicating whether access was granted or not, and where access was not given, the reasons for the denial.
However, Parliament has never received any such reports, nor has it asked ministries to comply with this provision of the law. This issue was also raised earlier in April 2017 when CIPESA presented a position paper on the State of Access to Information in Uganda to MPs on the ICT Committee. The paper highlights some government initiatives to promote access to information, identifies gaps in the law, and makes recommendations for amendments to the law in order to enhance citizens’ access to information.
At the this month’s meeting, CIPESA presented to 16 MPs a comparative analysis of access to information legislation in East Africa and urged the lawmakers to pursue the proposed amendments so as to align Uganda’s law with progressive provisions in some of the East African Community (EAC) Member States’ laws, as well as to international human rights instruments.

 “While it is recognised that the EAC region is progressing in promoting the right to information, there are a number of issues that have bottlenecked citizens’ right to information. These include: lack of access to information by non-citizens in Uganda, Kenya and South Sudan; lack of ATI regulations in Rwanda, Kenya, Tanzania and South Sudan; lack of a clear definition of security information by Uganda; lack of provision for transferability of requests in South Sudan; limited scope of bodies the law applies to in Uganda; prohibitive access fees in Uganda, as well as the lack of clear complaints mechanisms in Uganda.” Comparative Analysis of Access to Information Legislation in Africa, June 2017.

During the meeting, the MPs expressed concern over insufficient knowledge among legislators about their duties and responsibilities under the law. They also noted that citizens were not sufficiently aware of their rights and the obligations of public officials. The legislators called for wider awareness raising to increase citizens’ demand for information. “If a Member of Parliament like me did not know the access to information law, what about the citizens who are not even educated?” said Rose Mutonyi, MP for Bubulo West, Manafwa district.
On the other hand, the MPs appreciated the recommendations and proposed amendments contained in the two position papers and suggested an action plan for meaningfully implementing the access to information law. Among the strategies put forward was to engage the Office of the Speaker of Parliament, sensitise more MPs to demand for annual reports from ministers, and engage ministers to submit the annual reports.
Nonetheless, the MPs cited the need for more capacity building on access to information for the majority of legislators to inform their discussions in parliament. As noted by Majegere Kyewalabye, MP for Bunya East, Mayuge district, “We need to be prepared more before we can go on the floor of parliament to present these issues.”
The engagement with MPs was organised by CIPESA in partnership with the Greater Parliamentary North Forum in the context of the ICT4Democracy in East Africa initiative’s objective to engage stakeholders on supportive policies and practices for human rights and democratic governance in East Africa.
 

Safeguarding Civil Society: Assessing Internet Freedom and the Digital Resilience of Civil Society in East Africa

By Small Media |
Over the past decade, East Africa has seen a tremendous boom in connectivity and online participation that is beginning to transform the way that citizens across the region communicate, express themselves, and establish communities. In a similar manner, the growth of internet access in the region is beginning to empower civil society organisations (CSOs) to engage with the public, share information, and advocate for citizens’ rights in sometimes challenging and closed political environments. Although the internet offers opportunities to advocates, it also offers the possibility for regional state and non-state actors to interfere with their work, surveil them, and censor their voices.
In this report Small Media, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), DefendDefenders, and Strathmore University’s Centre for Intellectual Property and Information Technology Law have sought to map out the state of internet freedom in East Africa, and assess the extent to which ongoing challenges have impacted negatively upon the work of civil society actors in the region. Although we were not able to map out the state of internet freedom across the entire region, we were able to focus our efforts on some of the lesser-studied digital landscapes – Burundi, Rwanda, South Sudan, Tanzania and Uganda.
To measure the state of internet controls in the region, we have taken the African Declaration of Internet Rights and Freedoms (ADIRF) as our key point of reference. This declaration – drafted and signed by a large array of African civil society organisations in collaboration with global internet freedom organisations – establishes a set of rigorous principles by which governments and other stakeholders must abide in order to guarantee the online rights and freedoms of citizens across Africa.
Over the course of this research, we have found that there is an urgent need for East African civil society to be given support to improve their digital resilience in the face of growing threats of surveillance and censorship across the region. In all of the countries surveyed in this report, CSOs failed to demonstrate a baseline of digital security knowledge, or else failed to implement practices effectively.
DigRes_1 DigRes_2
 
 
 
 
 
 
At the same time, we found that governments across the region require support to bring their policies into compliance with the principles of the African Declaration on Internet Rights and Freedoms – a set of principles developed by African internet freedom stakeholders to guarantee a free and open internet in Africa.
ADIRF_Grid
Small Media, CIPESA, Defend Defenders and CIPIT hope that this research can help to support the security of civil society actors, empower activists to support the principles of the African Declaration, and press their governments to adopt it.
Read the full report here.