Artificial Intelligence Governance and What It Means for Privacy and e-Health in Africa

By Raymond Amumpaire |

Artificial Intelligence (AI) involves using computers to classify, analyse, and draw predictions from data sets, using a set of rules called algorithms, is fundamentally transforming human life. It increases innovation, efficiency, and productivity, while also enhancing decision-making, reducing human error, reducing costs for providers and improving health outcomes. In relation to this, the World Health Organization (WHO) posits that AI presents great potential, especially in regard to health services, medical care interventions, and research and development.

However, AI has also raised several concerns, including privacy and security issues, bias, authoritative errors, misinformation, job market disruption, and intellectual property infringement. World-renowned scholars warn that AI could pose greater risks to society. The WHO reaffirms the potential harm that could be inflicted on millions with the use of AI if human rights-oriented ethical AI governance, especially within the health sector, is absent. 

On the African continent, our AI watershed moment has been characterised by a disruptive interplay where sporadic regulatory frameworks have been struggling to meet the non-linear tech adoption, culminating in numerous enforcement challenges. Not to mention the fragmentation of AI and related laws within the continent, particularly in the  e-health sector.

This piece examines how AI policy developments are addressing emerging e-health rights concerns across the continent, from privacy to gender. It proposes some recommendations to shape Africa’s digital future towards the realisation of digital rights for all.

(more…)

An Overview of Ethiopia’s Cybersecurity Space: Progresses, Challenges, and Way Forward

By the DRAA Team |

The world moves towards unprecedented digital transformation, this is creating remarkable gains  as  a great equalizer, that is also transforming human life globally. Yet, it also poses some serious risks and threats by perpetuating biases, cyberattacks, and digital divides especially amongst the most vulnerable communities.

Cyberattacks are an intentional ‘attempt to gain unauthorized access to a computer network, computer system, or digital device’ aimed ‘to steal, expose, alter, disable, or destroy data, applications, or other assets.’ Attackers are propelled by varied motives to inflict the attacks such as malware, social engineering, man-in-the-middle (MITM), and denial of service (DoS) attacks. The implications of these attacks are diverse and detrimental, and among others include financial losses, human rights breaches , as well as erosion of peaceand security.

The African digital landscape is experiencing a remarkable transformation despite the increasing risks of cyberthreats and attacks.  In 2022, Statista reported that there were about 570 million internet users.  This, inter alia, is catalysed by increasing mobile technology and investment in internet infrastructure.

Despite this, Statista noted a staggering  internet penetration rate which in 2022 stood at 43 % as compared to the global average levels at 68%. Moreover, INTERPOL’s 2023 report identified cyberthreats in the continent such as business email compromise, ransomware, phishing, banking trojans and stealers, online scams, cyber extortion, and crimeware-as-a-service (CaaS).

In 2023, the Information Network Security Administration (INSA) reported to have thwarted almost all of the cyberattacks (more than 6, 700) attempted during the 2022/2023 fiscal year.  The most critical forms of attacks included website attacks, DDOS, and malware. The International Telecommunication Union’s (ITU) 2024 Global Cybersecurity Index (GCI) rated the country’s commitment towards cybersecurity at Tier 3 in light of its legal, technical, organizational, capacity development, and cooperation pillars labeled  as ‘Establishing.’

According to Data Reportal, the country hosts an estimated total population of 134 million, out of which 49.9% are female, 76.1% dwell in rural areas, and 28.6 million are internet users representing an internet penetration of 21.3% in the country. With this statistical characterisation, there is a need for deliberate resource based arrangements by the government to ensure that local laws, institutional and infrastructural measures adequately, effectively and equitably promote inclusive, universal and secure access to digital services by citizens.

Notwithstanding the cyber-attacks, Ethiopia has several legal and policy frameworks that seek to address cybersecurity related matters.  The country has a Personal Data Proclamation (Pro No. 1321/2024)  which seeks to realise a robust data protection framework to prevent violations, ensure need-based services for users, while building effective responses to data breaches, and the culture of responsible data processing. The Digital Identification Proclamation (Pro No. 1284/ 2023)  aims to ensure ‘resident’s right to be identified, enhances the ability to exercise other rights, improves trust between service providers and residents, [and] creates a nationwide enabling environment to ensure transparency, accountability and efficiency.’ The Electronic Transactions  Proclamation (Pro No. 1205/ 2020) provides a framework for ‘a more secure legal environment’ for electronic transactions by citizens, private entities, and public actors. The Computer Crime Proclamation (Pro No. 958/2016) incorporates legal mechanisms aimed to ‘prevent, control, investigate and prosecute the suspects of computer crimes.’  Additionally, the Telecom Fraud Offense Proclamation (Pro No. 761/2012), recognizing the increase and wide-spread of telecom fraud, and its dire implications, establishes legal provisions to prevent and control the crime. Lastly, the Media Proclamation (Pro 1238/2021) establishes the obligation of online media on safeguarding content from encouraging prohibited acts such as cyberbullying, protecting the data of users, and obtaining their explicit consent for third party use, as well as abiding by electronic transaction laws.

In addition, the country also has a National Cybersecurity Policy (2024) which is premised on identifying national cybersecurity resilience and the protection of citizen’s human and democratic rights and freedoms in cybersecurity schemes. It also provides a framework for robust partnerships and collaboration, promotion of local technological capabilities, and public awareness. The recently concluded Digital Ethiopia 2025 Strategy,on the other hand, highlights the vitality of cybersecurity for  safe and secure digital services for citizens. Most recently, the Ethiopian Government adopted the Digital Ethiopia 2030 Strategy.  The Strategy, among other things, aims to empower people and institutions via digital literacy, data-driven decision-making and innovative public institutions, accelerate inclusive digital economic growth, achieve universal digital access, and advance the country’s competitiveness vis-a-vis digital foreign direct investment (FDI). Ethiopia has also recently launched the National Digital Payments Strategy (2026-2030) which envisions an ‘…inclusive, trusted, integrated, and responsibly innovative…’ digital ecosystem in the country.

These legal and policy framework developments are complemented by, among others, the Ethiopian Cyber Emergency Response Team (ETHIO-CERT) which, under the INSA, undertakes the mission of ensuring cybersecurity vis-a-vis local digital infrastructures and deliberation on key stakeholders collaboration for the realisation of a robust and resilient digital ecosystem in the country.  Ethiopia and INTERPOL have further restated their joint commitments towards combating transnational crimes, including cybercrimes. Ethiopia is also involved in the Eastern Africa Standby Force (EASF).

These legal and institutional progresses, ought to, address concerns regarding legal loopholes, digital infrastructure, and literacy, as well as Technology-facilitated gender-based violence (TFGBV)  which is leading to dire consequences against women and girls in the country. The adversities of the latter are particularly worsened in cases of women human rights advocates who, inter alia, face harassment when they advocate against TFGBV and other forms of GBV.

The spike in cyber threats and attacks calls for robust state preparedness and multi-stakeholder collaboration in efforts to counter the vices. As part of these, there is also need for African member states to expedite the integration of the African Union (AU) Digital Transformation Strategy for Africa (2020-2030), (Malabo) Convention on Cyber Security and Personal Data Protection (2014),  AU Data Policy Framework (2022), African Digital Compact (2024), and the Common African Position (CAP) on the Application of International Law in Cyberspace in their national cybersecurity laws. These key legal frameworks, read together, affirm commitments towards legal harmonization and adherence to key global international legal standards on data governance and digital transformation such as those laid in the Budapest Convention on Cybercrime (2001).

While recognizing the immense opportunities which come along with digital advancements, the realization of the strategic initiatives as well as a robust cybersecurity governance in Ethiopia thus calls for a human right- centered, coherent, and well-synchronized approach in the implementation of laws. The laws should also be aligned with regional and international standards with a backing of effective institutional and inter-institutional coordination, multi-stakeholder collaboration at all levels, digital literacy and capacity building. There is also the need to embed the gender-transformative approach to cybersecurity programming to effectively capture, counter, and transform deeply rooted norms and values which continue to perpetuate gender inequality. Such should be the basis for the promotion of the digital rights and freedoms of all Ethiopian citizens and redress of common challenges faced by the most vulnerable groups in the country.

Online Spaces in Uganda are for Journalists too and Must be Protected and Respected

By Diana Nandudu |

Online platforms have become essential for journalists across the globe. The digital era has provided journalists with unprecedented tools to gather, produce, and disseminate information in real time across borders. Social media, news websites, blogs, and data repositories are now key components of journalistic work, offering avenues for civic engagement, investigative reporting, and audience interaction. However, as online spaces become essential to the journalistic profession, threats such as restrictive laws, state and non-state harassment, surveillance and spyware and technology facilitated gender based violence are eroding journalists’ safety. They are shrinking safe space for reporting and have a chilling effect on press freedoms across the region.

The Legal and Policy Frameworks

The legal framework on press freedom in Uganda is embedded in numerous laws and regulations. Article 29 (a) of the Constitution of Uganda provides for freedom of speech and expression which shall include freedom of the press and other media Article 41 (1) guarantees every citizen’s right of access to information in the possession of the State or any other organ or agency except in cases of national security or state sovereignty and interference with the right to the privacy of any other person.

Uganda is also party to several international and regional instruments that guarantee freedom of expression. Notable of these is Article 19 of the Universal Declaration of Human Rights (UDHR), Article 19 of the International Covenant on Civil and Political Rights (ICCPR) and Article 9 of the African Charter on Human and Peoples Rights (ACHPR). Although both the Constitution and international instruments protect and promote press freedom, they also prescribe limitations to their exercise in matters of national security or public morals. 

Contrary to the constitution, and the obligations set under the numerous treaties that it is party to, Uganda has severally enacted laws and regulations that undermine the enjoyment of press freedoms. These laws have been used to weaken as opposed to promoting and protecting press freedom in Uganda. 

How the Laws Affect Digital Space for Journalists

The Penal Code, Cap 128 in section 162  and 38 criminalizes libel and the promotion of sectarianism, which are punishable with lengthy prison terms. While these provisions do not specifically refer to online expression, they could be applied to digital communications. 

In 2017, Parliament passed the much-criticized Uganda Communications (Amendment) Act Cap. 1282016 The Act amended Section 89(1) of the Uganda Communications Act Cap.103, removing the requirement that Parliament approve regulations proposed by the Ministry for Information and Communication Technology and National Guidance (ICT ministry). The change effectively eliminated the system of checks and balances that regulated the ICT minister’s supervision of the communications sector

In October 2022, the parliament passed the Computer Misuse (Amendment) Act 2022, despite criticism that the Act violates numerous rights, including free expression and access to informationThe Act under section 27 prescribes a penalty of up to a fine of UGX 15,000,000 (USD4220)  or seven years’ imprisonment for sending or sharing unsolicited information, sharing unsolicited information. In 2022, the Human Rights Network for Journalists-Uganda and 13  others in a matter which is still before the courts challenged the law arguing that it violates free speech and expression. Furthermore, CIPESA, a civil society organization focused on ICT policy in East and Southern Africa, voiced concerns that provisions related to the spread of unsolicited or malicious information could be used by the government to limit free speech and impose heavy penalties on government critics.

Section 25 (now repealed) of the Computer Misuse Act, was contentious and was used by the state to curtail free speech among journalists in Uganda. Section 25 criminalized “offensive communication,” stating that “any person who willfully and repeatedly uses electronic communication to disturb or attempt to disturb the peace, quiet, or privacy of another person…commits a misdemeanor.” Fortunately, the section was annulled in Andrew Karamagi and Another vs. Attorney General of Ugandaon grounds that it was overly broad, vague, and in violation of constitutional freedoms of speech.

In the lead judgment of Kenneth Kakuru JA (as he then was) he held that: 

“I find that the impugned section is unjustifiable as it curtails the freedom of speech in a free and democratic society. Secondly, Section 25 of the Computer Misuse Act does not specify what conduct constitutes offensive communication. To that extent, it does not afford sufficient guidance for legal debate. Thirdly, it is vague, overly broad, and ambiguous. Therefore, I find that the impugned section is inconsistent with and/or in contravention of Article 29 of the Constitution, Article 19(2) of the International Covenant on Civil and Political Rights and Article 9(2) of the African Charter on Human and People’s Rights…The enforcement of Section 25 of the Computer Misuse Act No. 2 of 2011 is hereby stayed”.

This judgment was seen as a victory for journalists and advocates of free speech, as the law had previously been employed to silence critics and political opponents. Despite this ruling, the Computer Misuse Act continues to impose restrictions on press freedom, particularly following amendments made in 2022 that remain in force.

According to the Human Rights Network for Journalists-Uganda, by the time the section was annulled, seven journalists had been charged in court. All the cases were however dismissed for want of prosecution.

That said, regional human-rights bodies and pan-African instruments have reaffirmed protection for media freedom. The African Commission and other regional actors continue to emphasise that freedom of expression and access to information are fundamental to democracy and must be protected online as well as offline. These instruments provide an important normative basis for challenging abusive laws and practices at national level.

Online violations by the state and individuals

In Uganda, journalists are subjected to online rights violations by both state actors and individuals, threatening their safety and undermining press freedom. The state has employed measures such as internet shutdowns, digital surveillance, and the enforcement of restrictive laws like the Computer Misuse Act to target journalists who publish critical content. Individuals perpetuate abuses including cyberbullying, hacking of social media accounts, doxxing, and tech-facilitated gender-based violence, with female journalists disproportionately targeted. These actions create a hostile online environment that fosters fear, promotes self-censorship, and limits the ability of journalists to operate freely and independently in digital spaces.

In the backdrop of the COVID-19 pandemic and the 2021 general elections, the Ugandan government implemented stringent surveillance protocols while intensifying existing restrictions on free expression. This crackdown became particularly conspicuous after a cohort of Ugandan investigative journalists received notifications that their devices had been compromised by Pegasus, a spy software enabling operators to extract messages, photos, emails, record calls, and clandestinely activate microphones and cameras. This software is attributed to the Israeli spyware firm, NSO Group, which officially supplies the Pegasus software to military, law enforcement, and government intelligence agencies for the purpose of targeting criminals and terrorists. However, multiple reports surfaced indicating the use of the software against politicians, journalists, and activists. Investigative journalist Canary Mugume was among the few who received an alert from Apple, signaling that state-sponsored attackers may be targeting his phone

There is also technology-facilitated gender-based violence (TFGBV) among women journalists.TFGBV is “an act of violence perpetrated by one or more individuals that is committed, assisted, aggravated and amplified in part or fully by the use of information and communication technologies or digital media, against a person on the basis of their gender.”

Female journalists, particularly those working in television are increasingly subjected to online gender-based violence (OGBV). This includes stalking, trolling, defamation, gender-based disinformation, hacking, cyberbullying, and even the dissemination of pornography. In Uganda, a study conducted by researchers Gerald Walulya and Florence Namasinga Selnes titled “I Thought You Are Beautiful: Uganda Women Journalists’ Tales of Mob Violence on Social Media”, revealed that online attacks on women journalists are largely centered on their gender and sexuality. This relentless harassment erodes the confidence of women in the media, deterring them from engaging in critical reporting, particularly on politically sensitive issues.

Mildred Tuhaire, an NBS TV journalist in Uganda was attacked online after conveying results of the 2021 General Elections relayed by the Electoral Commission. She said,

 “…I received some abusive comments on twitter and Facebook and ignored them. Shortly thereafter, I started seeing many more comments directed at my personality. I saw memes of myself, and in some cases my pictures were edited to make me look beastly. I saw people directly attacking me and alleging different kinds of things about me. At one point they alleged that I was involved in an accident in Kamwokya area and that I had been beaten by a mob following the incident. All this did not move me, but I got extremely worried and concerned when the comments descended into character assassination. People were alleging that I slept with my boss to get favors at work. At this point it got personal for while it is okay to criticize the way I execute my job, it’s extremely unfair to make such false and baseless allegations just because I read a news item that you don’t like.”

This incident illustrates how online violations against journalists in Uganda can escalate from professional critique to personal harassment and defamation, with female journalists particularly vulnerable to gendered attacks. It underscores the need for stronger legal protections, digital security measures, and public awareness to safeguard journalists and enable them to work without fear of harassment or reputational harm. Some of the measures aimed at addressing the root causes and gaps include: 

  • Amendment of laws by Parliament to expunge all provisions that unjustifiably criminalize legitimate online expression such as those in the Computer Misuse Act, Penal Code Act and Uganda Communications Act.
  • State, government and private actors’ compliance with Constitutional and International standards on freedom of expression.
  • Civil society organisations should provide training, tools and support for journalists to protect their devices, accounts and data against state and non-state surveillance, hacking and spyware attacks like Pegasus.
  • The government in partnership with the media houses and civil society organisations should implement targeted policies, reporting mechanisms and protective measures for female journalists who face online harassment, cyberbullying and gendered attacks.
  • The Government, media and civil society organisations should educate citizens about responsible online behavior, the consequences of online harassment and the importance of protecting journalists’ online spaces.
  • The government and all other sector players should use regional instruments (ACHPR, Declaration of Principles on Freedom of Expression in Africa) and international standards (UDHR, ICCPR, UNESCO Guidelines) as normative frameworks to challenge abusive laws and promote press freedom online.

Internet Shutdowns During Protests: The Growing Face of Digital Repression

By Beatrice Kayaga |

The internet has become an indispensable cornerstone of modern democracy because it serves as the primary platform where citizens can freely access diverse information, express their opinions without barriers, and actively engage in meaningful political discourse. However, governments are increasingly using internet shutdowns to silence dissenting voices, which poses a significant threat to democratic rights and principles. The shutdowns take several forms, including total blackouts, throttling of bandwidth, network filtering, Domain Name System (DNS) blocking and targeted restrictions on specific social media platforms, among others. These measures are often implemented during periods of political unrest, elections, or civil protests.

A study by the Digital Rights Alliance Africa (DRAA), a consortium hosted by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), underscores how internet shutdowns and disruptions are undermining democracy in Africa. The report which highlights the key issues, trends, practices and consequences of internet shutdowns. It shows that the internet is critical for providing access to information, voter education and electoral campaigns, expression, and improving accountability and transparency.

Governments justify these actions arguing that they are necessary for curbing hate speech, preventing examination malpractices, and maintaining national security and public order. However, the reality is that such shutdowns hinder the full enjoyment of a wide range of fundamental rights and freedoms, particularly the right to freedom of expression and opinion, access to information, and freedom of assembly and association among others.

Over the years, numerous instances of internet shutdowns often triggered by political tensions and unrest have been registered. Unfortunately, the trend continues. In 2025, there have been several restrictions on internet access for political, security, or social reasons. For example, in late January the National Communication Authority of South Sudan directed all internet service providers to block access to social media for a maximum of 90 days in response to unrest sparked by the circulation of graphic videos showing the killings of its nationals. In May 2025, Tanzania blocked access to the social media platform X (formerly Twitter) after hackers breached official accounts of the Tanzania Police Force and spread false information about President Samia Suluhu’s death.

This blockage coincided with a crackdown on human rights activists, including the detention and deportation of Kenyan and Ugandan activists who had gone to monitor the treason trial of the opposition leader Tundu Lissu. The government officially justified the ban on June 4, citing X’s hosting of pornographic material that violated Tanzanian laws and moral values. Later the same year, Tanzania shut down the internet during the presidential elections in October 2025.

Kenya also effectively imposed a media shutdown by ordering all television and radio stations to stop any live coverage of the June 25, 2025, demonstrations, which curtailed media freedom and transparency. Togo in June 2025 also shut down the internet for a period of 43 days due to political unrest, with the government blocking access to key social media and messaging platforms such as Facebook, Signal, and Telegram.

Internet shutdowns not only undermine democracy but also violate fundamental human rights such as freedom of expression, assembly and access to information. By restricting access to information and communication, shutdowns limit civic engagement. The repercussions of internet shutdowns extend beyond the immediate political implications, and have far-reaching impacts on other human rights such as the right to health,and right to education which is disrupted when online learning platforms become inaccessible. This was seen in Algeria’s 2024 internet shutdown.

Internet shutdowns also impact economic rights, as they inflict substantial damage on the economy. They disrupt businesses, stifle innovation, and halt critical services, leading to lost revenue and diminished productivity. They also contribute to the escalation of  human rights abuses by creating an environment where violations can occur without accountability. When citizens are unable to document events or share their experiences, impunity flourishes.

States have a fundamental obligation under international and regional human rights law to respect, protect, and fulfil the right to freedom of expression and access to information, including during times of political tension or unrest. The African Commission on Human and Peoples’ Rights affirms in its Resolution 362 that the rights to freedom of expression and access to information under Article 9 of the African Charter on Human and Peoples’ Rights, apply equally online, condemning state-imposed internet disruptions, particularly during elections. Building on this, Resolution 580 urges States to ensure unimpeded internet access before, during, and after elections by enacting laws and measures to prevent shutdowns. Together, they denounce such disruptions as violations of democratic rights and call for legal safeguards to protect online freedoms.

Similarly, Article 4(1) of the African Charter on Democracy, Elections and Governance requires State Parties to actively promote democracy, the rule of law, and human rights. This obligation extends to creating an enabling environment where citizens can freely seek, receive, and impart information without undue interference. Internet service providers, on the other hand, under the United Nations Guiding Principles on Business and Human Rights, have a responsibility to ensure access to the internet in the areas where they operate and to prevent adverse human rights impacts linked to their activities. Therefore, when service providers choose to implement a government-ordered internet shutdown instead of adhering to international human rights standards, they risk being complicit in violations of fundamental rights.

Beyond the established legal frameworks governing freedom of expression in online spaces, regional courts are increasingly playing a critical role in holding states accountable for internet shutdowns. In May 2025, the ECOWAS Court of Justice found Senegal’s June–July 2023 internet shutdown unlawful, concluding that blocking mobile data and social media after Ousmane Sonko’s conviction violated citizens’ rights to free expression, information and the right to work.

Civil society organizations and coalitions such as the Digital Rights Alliance are equally playing a crucial role in holding states accountable for internet shutdowns by monitoring and documenting incidents of internet disruptions and raising public awareness about internet shutdowns. Despite these affirmations of human rights, the challenge remains for many African countries to align their practices with these resolutions. The disconnect between policy and practice is evident in the alarming trend of governments justifying internet shutdowns through vague notions of security while disregarding their legal obligations to uphold human rights. Such actions not only threaten democracy but also deter foreign investment and economic development, as the unpredictability of a country’s political landscape becomes a disincentive for business

Uganda’s Digital ID Barrier Worsens as Court Delivers Blow to Access

By Michael Aboneka |

The High Court of Uganda on 10th June 2025 dismissed the case of Initiative for Social and Economic Rights (ISER) & 2 Others v Attorney General & NIRA (HCT-00-CV-MC-0066-2022). In this case, theapplicants challenged the mandatory requirement of a National Identification Number (NIN) or National ID card (Ndaga Muntu) under the Registration of Persons Act and other policies to access services such as healthcare and social protection, arguing that this system disproportionately excludes vulnerable populations, including older persons and women. The court’s dismissal of the case has been met withwidespread concerns over the role of digital identity in enabling or obstructing access to essential public services. Despite compelling guidance including expert opinions by Prof. Tom Fisher, Dr. Reetika Khera, Professor Phillip Alston presented in the Amicus Curiae by CIPESA, ARTICLE 19 and Access Now, the Court decided that “Uganda’s ID system is not “digital” because it operates primarily offline. A person cannot be denied access simply because of lack of internet connectivity, among other features of a digital ID system,” ignoring its biometric backbone, centralized database, and digital interfaces. This narrow interpretation failed to account for the structural risks embedded in the system, such as exclusion, surveillance, and data misuse and its wide implication on access to services. The decision of the court has far-reaching effects on the human rights of Ugandans as highlighted below.

Access to services

Uganda’s digital ID system is increasingly integrating into e-governance platforms, given the Government’s approach of digital public infrastructure including digital identity and mobile payments among others for pension schemes, social grants and education services. The Court’s decision effectively legitimizes a system that:

Denies access to services for those without a National ID, who are estimated at 18 Million (about 40%) of the population. Recently, the Ministry of Education mandated all schools to register their learners on a portal under the Education Management Information system (EMIS). The is an education census aimed at facilitating planning, budgeting and decision making. One of the requirements under this census is that the learners, teaching and no teaching staff must possess a NIN. This therefore means that those without a NIN and subsequently a national ID will miss out on being enumerated by the government as learners and hence excluded from the planning and budgeting.

Further, as noted in the application that was before court, the Social Assistance Grants for Empowerment (SAGE) , a government initiative that offers financial assistance to vulnerable elderly individuals and households to help sustain their livelihood, only benefits those on the national Identification Register and, in possession of a national ID. This is ultimately exclusionary of those without an ID. The Court fails to consider that the introduction of the National Identification (NID) system as the primary data source and mandatory means of identification denies access by older persons to the life-saving program, leading to violation of their right to social security.

The Court sadly noted that “the deponents appear to me to be few and isolated cases that could be handled through proper follow up, guidance and assistance rather than as constituting evidence of a failed national ID system.” In furthering this absurdity, the court further goes on to state that “the applicants have not adduced sufficient evidence to prove on a balance of probabilities that there has been actual and systemic exclusion of eligible persons from SAGE benefits on account of use of the national ID system as the primary data source and mandatory means of identification.” This analogy under-looks the fact that the deponents were jeopardized from benefiting from the SAGE because of the challenges of the national ID system. The court also treats these mishappenings as isolated cases not worth consideration.

Undermining Digital Transformation.

Social and economic services across global systems are shifting online, requiring digital authentication. The government of Uganda on 17 August  2023 launched a 5-year Digital Transformation Road Map and is shifting to provision of services using digital platforms through its Digital Public Infrastructure which includes the National ID System, mobile money, Electronic Fiscal Receipting and Invoicing System (EFRIS), Express Penalty Scheme, Digital Tax Stamps and Payment Registration Numbers among others. All these systems require authentication, integrity of data among others. It is therefore not correct for the court to decide that Uganda’s ID system is offline and non-digital.

These ruling highlights deeper concerns about Uganda’s approach to digital public infrastructure (DPI) where there are no strong legal safeguards such as comprehensive and robust data protection laws and independent oversight, these systems risk enabling surveillance, discrimination, and misuse of personal data.

Further, these barriers to accessing essential services (healthcare, education, social protection) due to lack of National ID without alternatives directly challenges Uganda’s compliance with the World Bank’s ID4D inclusion on ensuring universal coverage from birth to death, free from discrimination.

Failure to provide alternatives

The court, in reaching its decision, heavily relied on the respondents’ submissions. The Respondents defended Uganda’s National ID system as a lawful and essential tool for accurate identification in public service delivery. They argued that requiring a National ID to access services like healthcare and social protection is a legitimate administrative practice, not discriminatory. Additionally, they emphasized that the system is primarily offline and does not qualify as a digital ID, countering concerns raised by the Applicants about human rights implications. By accepting these submissions, the court fails to give alternatives albeit the existing failures of the current system. Although the court did not delve into the operational issues of the SAGE, it could have guided and provided alternatives to proof of identification for purposes of promoting access to social services with a goal of promoting the right to life.

The fact that beneficiaries are locked out of a government programme for lack of a national ID which is partly attributed to errors arising from NIRA, the Court should have provided a remedy for the deponents. Use of other alternatives to ascertain identity such as baptism cards, voters’ cards and residence identity cards among others can remedy exclusion and promote access rather than delineating the citizens. 

Aggravating Digital Exclusion

The ruling risks deepening digital exclusion of marginalized groups especially rural communities, older persons, and women, the digitally illiterate, and those without access to information and communication technologies like smartphones. Additionally, barriers to enrollment due to distance, documentation gaps, lack of connectivity and bureaucratic inefficiencies legitimizes a system that amplifies digital exclusion and entrenches inequality.

By not demanding stronger legal safeguards or alternative access pathways, the ruling contributes to a digital landscape where essential services become inaccessible to many. Further Biometric failures and data corruption which are synonymous with Uganda’s national identification infrastructure.can render individuals invisible to the system. This potentially exacerbates vulnerability which further undermines Uganda’s commitments under African Union Convention on Cybersecurity and Personal Data Protection which prohibits discriminative data practices against vulnerable groups and the Sustainable Development Goals which in SDG 16.9 provides for legal identity for all.

Recommendations for Reform

To ensure digital identity becomes a tool for inclusion rather than exclusion,

CSOs and Lawyers should consider:

  • Appealing against the decision in the Court of Appeal with the hope that the Court will agree with the Applicants and provide more guidance and declarations on the issues pertaining digital rights and access to social services.
  • Lawyers must strengthen the evidence before the Court such as disaggregated data not just anecdotal or generalized claims to show  clear causal links between the digital ID system and denial of services.
  • The case could also have been tested  as a constitutional issue that the inaction of the state and denial of the services to the Ugandans such as health services violates their right to life among others.

Uganda should consider:

  • Amending the Registration of Persons Act to allow for alternative forms of identification other than the sole reliance on the National ID so as to allow those without it access services using an alternative identification.
  • Ensuring that DPI empowers rather than excludes by adopting a human-centered design approach, providing alternative offline pathways to access services, and prioritising legal frameworks that protect individual rights and foster public trust.
  • Ensuring community-based enrollment and mobile registration units to ease access by those that cannot access the digital services and also enhancing registrations such as the Education Management Information System.

Providing non-biometric fallback options for authentication, like PIN-based or one-time password (OTP) verification via SMS, physical ID cards embedded with QR codes that link to a person’s profile without requiring biometric input, Local Council identity verification and call-in verification hotlines that authenticate individuals through personal questions or secure codes.

Navigating Digital Transformation: Key Insights from the ECOWAS Data Governance Knowledge Exchange

By Emile Aminti |

West Africa is at a crucial point in its journey towards digital transformation, with strong momentum for effective and unified data governance policies. At the ECOWAS Data Governance Knowledge Exchange held from July 29 to 31, 2025, leaders and experts from civil society, the private sector, and public institutions across the region joined discussions on legal and institutional data governance developments and potential reforms.

The Knowledge Exchange highlighted legal and institutional developments and proposed reforms in response to Africa’s changing data and digital landscape.  Presentations reviewed the progress and shortcomings of the 2010 ECOWAS Supplementary Act on Data Protection, emphasizing that rapid technological advancements, particularly in artificial intelligence and cross-border commerce, have outpaced existing regulations. Experts from initiatives like the Data Governance in Africa Initiative stressed the importance of people-centered regulations and the establishment of strong data protection authorities.

Representatives from private companies such as Paystack and Flutterwave shared the real challenges businesses face in navigating outdated and fragmented legal environments. Additionally, international partners such as D4D Hub and GIZ  presented practical examples, including open banking, digital health, and agricultural innovation, which rely on secure cross-border data flows. Among the key challenges identified were inconsistent national regulations, lengthy approval processes for data transfers, lack of harmonized legal frameworks, and limited capacity within data protection authorities.

A key theme was the need for legal harmonization and updated data protection laws across all ECOWAS. ECOWAS was urged to expedite the adoption of the revised Supplementary Act to ensure that the region’s standards align with both international and continental data governance frameworks. Harmonizing laws is essential for facilitating digital trade, reducing compliance complexities, and protecting citizens’ rights, regardless of where their data is processed. Participants also called on ECOWAS to create regional dashboards and metrics to openly track progress and accountability across the region.

Building capacity of regulatory agencies and government ministries was identified as another priority. Regulatory agencies, especially national Data Protection Authorities, need ongoing investment in staff, technical resources, and specialized training to enforce data protection laws, address emerging digital risks, and keep pace with rapid technological and policy developments across the region. 

At the national level, the forum stressed the need for governments to urgently review and update their legal frameworks, especially in countries that still lack comprehensive data protection laws like Sierra Leone and Guinea-Bissau. Simplifying regulatory processes, increasing institutional transparency, and adopting dashboards for project approval tracking can streamline processes and foster digital innovation. There was also strong support for creating national professional development and certification programs to build a pipeline of data governance expertise within each country.

Innovation was also a major focus. Participants encouraged both governments and ECOWAS to support regulatory sandboxes (controlled environments where new digital solutions can be safely tested under relaxed regulations before wider rollout) and pilot projects that showcase responsible and value-driven uses of data, particularly in sectors like agriculture and health. These initiatives can serve as valuable learning opportunities and demonstrate the benefits of harmonizing national data protection laws and regulations to a common ECOWAS standard.

It is important to note that, despite invitations extended to all ECOWAS countries, officials from Togo and Benin were unfortunately absent. For the region to truly progress, the active involvement of every member state is essential.

The ECOWAS Data Governance Knowledge Exchange concluded with a collective call for ambitious and actionable reforms at both national and regional levels. The digital future of West Africa relies on collaboration, innovation, and ongoing advocacy. Amongst the recommendations fronted include:

  • Establishment of a regional fund and technical assistance programs by states , CSOs and other stakeholders aimed at enhancing the skills of data governance professionals, ensuring that every country, regardless of its size or resources, keeps pace with rapid policy, legal, and technological changes.
  • Taking strategic measures and undertaking efforts by member states aimed at harmonizing national data protection laws with the regional and international data protection standards
  • Collaboratively undertaking efforts by government, CSOs, tech sector, media and academia to invest in building capacity of the key players including parliamentarians and the public in data governance and digital transformation.
  • Establishing robust monitoring and accountability mechanisms to enhance transparency and accountability in data governance and digital transformation. 

The Digital Alliance Africa condemns the Ongoing Internet Shutdown in Cameroon

FOR IMMEDIATE RELEASE

Thursday, September 11, 2025 

The Digital Rights Alliance Africa (DRAA) – a network of non-government organisations that champions the digital civic space and counters threats to digital rights on the continent – is deeply concerned by the most recent internet disruptions by the Cameroonian government.

We express deep concern over, and strongly condemn, the ongoing internet disruptions in Cameroon, particularly in the Northwest and Southwest regions. These disruptions have compounded the hardships faced by citizens, who are already struggling with insecurity and restrictions on movement, association, and expression due to the prolonged crisis in these regions.

Shutting down or restricting access to the internet is never a legitimate response to social or political challenges. On the contrary, such measures further isolate communities, disrupt access to critical information, and erode trust between citizens and the state. The consequences are far-reaching: businesses are losing vital income, students are unable to continue their education, healthcare services are hampered, and journalists cannot effectively report on developments that concern public safety and governance.

At a time when the people of the Northwest and Southwest are already burdened by lockdowns imposed by separatist groups and in preparation for the upcoming elections in October this year, cutting them off from digital lifelines only worsens economic decline and deepens human suffering. Internet disruptions deny citizens their fundamental rights to freedom of expression, access to information, association, and peaceful assembly rights enshrined in the Cameroonian Constitution and protected under regional and international human rights instruments to which Cameroon is a party.

We therefore call on the Government of Cameroon to:

  1. Immediately restore full and unrestricted internet access across all affected regions.
  2. Refrain from using internet disruptions as a tool of control during political or security crises.
  3. Uphold its obligations under regional and international human rights law, including the African Charter on Human and Peoples’ Rights and the International Covenant on Civil and Political Rights.
  4. Commit to ending the use of internet disruptions as a tool of control or censorship and democratic participation.
  5. Prioritise dialogue and rights-respecting approaches in addressing the ongoing conflict and governance challenges.
  6. Engage in meaningful dialogue with civil society, media, and other stakeholders to address grievances without resorting to repressive measures.
  7. Ensure accountability and transparency in the management of telecommunication infrastructure and services.

We stand in solidarity with the people of Cameroon whose lives, work, and rights are being interrupted by these internet disruptions. The people of Cameroon deserve an open, secure, and accessible internet that allows them to learn, work, communicate, and participate in democratic life. Governments must recognise that access to the internet is a lifeline, not a lever of repression. Denying this access does not solve problems; it only deepens them.

Signed by the Digital Rights Alliance Africa (DRAA)

About Digital Rights Alliance Africa (DRAA) 

The Digital Rights Alliance Africa is a network of traditional NGOs, media, lawyers and tech specialists from across Africa that seeks to champion digital civic space and counter threats to digital rights on the continent. The Alliance was created by the International Center for Not-for-Profit Law (ICNL) and the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in response to the rising digital authoritarianism in the region. It currently has members from 11 countries, who collectively monitor, engage in research, advocacy, share strategies for navigating digital threats and promote digital policy reforms in line with their shared vision outlined in the outcome declaration endorsed in 2023.For more information about DRAA’s work and digital rights advocacy in Africa, visit their website

African Commission Begins Human Rights Promotion Mission to Eswatini

The African Commission on Human and Peoples’ Rights has commenced its Promotion Mission to the Kingdom of Eswatini, running from July 15 to 19, 2025. Authorized by Eswatini’s government, the mission aims to promote the African Charter and other human rights instruments, engage stakeholders on Eswatini’s human rights situation, and exchange best practices to advance rights and protection. The delegation, led by Commissioners Rémy Ngoy Lumbu, Dr. Litha Musyimi-Ogana, and Marie Louise Abomo, will meet government officials, members of parliament, the judiciary, law enforcement, civil society, and national institutions. The findings and recommendations will be shared publicly at a press conference at the conclusion of the mission.

Source:
African Commission on Human and Peoples’ Rights, Press Release, July 11, 2025

A Grim Milestone: One Year of Internet Shutdown in Annobón

This week marks a year since the government of Equatorial Guinea enforced a digital blackout on Annobón, its smallest province, leaving over 5,300 residents disconnected from the world. The ongoing internet shutdown continues to isolate the island’s population even as reports of human rights abuses persist. Advocacy groups, including Access Now, urge authorities to restore full internet access immediately, highlighting the shutdown’s damaging impact on communication, access to information, and fundamental rights. The situation in Annobón is a stark reminder of the broader fight against digital repression recent weeks have also seen renewed internet blockages in Togo coupled with violent crackdowns on dissent, drawing global condemnation and calls for digital rights protections.

Source:
“A grim milestone for Annobón,” Access Now Express, July 18, 2025.

Malawi Constitutional Court Overturns Criminal Defamation Law

Malawi’s Constitutional Court has declared Section 200 of the Penal Code unconstitutional, ending the criminalization of defamation for violating freedom of expression. The historic ruling followed a legal challenge by activist Joshua Chisa Mbele, who faced prosecution under the provision, while the State defended its necessity for protecting reputation and order. Justices Chifundo Kachale, Mzonde Mvula, and Fiona Mwale held that civil remedies suffice for reputational harm and that criminal penalties unjustly restrict democratic discourse. Effective immediately, no further prosecutions under Section 200 are permitted, marking a major victory for free speech, press freedom, and civil society in Malawi. Civil society organizations, including MISA Malawi and the Digital Rights Coalition, have hailed the decision as transformative for democracy and digital rights.

Source:
Joint CSOs-Media Statement on Malawi Constitutional Court Ruling, July 17, 2025

Subscribe to Newsletter

Soubscribe to our newsletter to get the latest news and updates.