Mapping and Analysis of Privacy Laws and Policies in Africa: Summary Report

Author: 
Collaboration on International ICT Policy for East and Southern Africa (CIPESA)

Privacy in the digital age has become a preeminent human rights issue, given its intricate connection with, and its being a foundation for the realisation of other rights such as freedoms of expression, information, assembly, and association. Yet, while privacy has become ever more crucial in the world where digital technologies are key to livelihoods and the promotion of other rights, there are insufficient protections for the right to privacy in many African countries. Indeed, many countries in the region have steadily taken measures to undermine this right.

Over the years, many African countries have enacted laws and adopted policies that impact on privacy, including those that facilitate surveillance and the collection of biometric data, and others that limit the use of encryption. This has facilitated increased state surveillance across the continent that is accelerating interference with various rights and freedoms. In many countries, surveillance is increasingly being used to entrench political control including through spying on activists, journalists, and dissidents. Related phenomena such as the limitation or prohibition of encryption, building of biometric databases, and data localisation requirements, also have a bearing on citizens’ rights to privacy and other digital rights. While prohibition on encryption services undermines citizens’ rights to communicate anonymously – a key necessity for free expression particularly in authoritarian countries – data localisation and biometric databases could, in the absence of robust legal and practical safeguards, further facilitate efforts by state and non-state actors to undermine privacy-related rights.

In many African countries, the advent of the COVID-19 pandemic has exacerbated the privacy concerns, yet in several of them, digital rights were already under steady attack, including via internet shutdowns, criminalisation of “false news”, misinformation and disinformation campaigns by state and non-state actors, harassment and prosecution of social media users, and growing state surveillance. In responding to the pandemic, countries adopted regulations and practices, including deploying surveillance technologies and untested applications, to enable authorities collect and process personal data for purposes of tracing, contacting, and isolating suspected and confirmed cases of the virus. These measures were adopted in haste, often without adequate regulation or independent oversight.

Given the foregoing, it is crucial to map and analyse the laws and policies that impact on privacy, notably those that regulate surveillance, data localisation, biometric databases and encryption. This analysis can inform remedial and mitigatory steps to protect the right to privacy, which may include strategic litigation, capacity building, and advocacy for legislative and policy reforms. Moreover, the results of this analysis are also crucial for monitoring developments and trends on privacy regulation and practice in the region.

Read the full report here.

 

« Volver