Skip to navigationSkip to content
Reuters/Mohamed Nureldin Abdallah
Who else is seeing this?

As the continent digitizes rapidly, Africans need a bill of data rights to protect them online

By Ory Okolloh & Sharon Wekwete

This week, hundreds of activists, technologists and policymakers are gathered in Tunis for RightsCon—the world’s leading summit on human rights in the digital age. Among the items on the agenda will be a proposal for a Bill of Data Rights by our colleague Martin Tisné.

Ahead of this, it’s important to explore what this could mean in the African context, and how a Bill of Data Rights could help to prevent governments and corporations from overstepping their boundaries by articulating the rights and freedoms of people in digital spaces. This is vital given the accelerating pace of technology adoption across Africa, from mobile money, the digital economy and online entertainment options, to biometric registrations for digital identity systems and voters’ rolls.

Every time people use a service online, book a flight, sign up for an email newsletter, or engage on social networking sites, data about them is being generated, captured and sometimes shared by companies and government agencies with which they may not have knowingly interacted. Much of this data comprises private and personal information which, when analyzed and collated, can highlight patterns and behaviors of which we might not even be aware. In some cases, this data ends up being used for nefarious purposes including surveillance and commercial exploitation.

It’s high time Africans viewed privacy and protection of the data that pertains to us, as critical to our security, success and progress both individually and collectively.

Consider the following scenarios:

Karabo, a young single mother in Johannesburg struggles to keep her small business afloat—multiple banks have turned down loan application after loan application. The more rejections she gets, the more she’ll keep getting because those rejections are adversely affecting her credit score.

The banks also collect information on her spending habits which determines risk assessments, mortgage evaluations, loan screening and cross selling of financial products. Because of the algorithms used to make automated decisions, others like her, who fit her profile, will face similar challenges in trying to access financing.

These algorithms could systematically deny credit access to certain groups, while also allowing payday lenders and loan sharks to target the most vulnerable consumers and lure them into debt traps. Even if Karabo considers finding a job, employers will judge her application on the basis of her credit score as well. This could potentially create a vicious cycle and lead to unintended outcomes that perpetuate historical exclusion and discrimination.

Lloyd rents a small room in Harare’s densely populated area of Mbare. He was one of many first-time voters in the country’s harmonized elections in July 2018, hoping for a positive change. But he had been reluctant to provide his biometric data to the electoral officials for the highly controversial biometric voter registration process. He didn’t trust the authorities with his information and suspected that it might be misused somehow.

His suspicions were confirmed when voters’ personal information was allegedly leaked following a data breach of the country’s electoral management body, the Zimbabwe Electoral Commission (ZEC). Coincidentally, the country’s ruling political party, ZANU PF, known for using violence, threats and intimidation tactics to maintain its grip on power, started sending him and millions of citizens across the country, personalized text messages urging them to vote for its presidential candidate, Emmerson Mnangagwa, just days before the election.

With no data protection laws to speak of, and with only a compromised Electoral Commission and an ill-equipped Postal and Telecommunications Regulatory Authority to look to, Lloyd and other Zimbabweans had no option but to simply shrug their shoulders and move on. And of course, Mnangagwa did win that election.

Peter in Nairobi scrolls through his WhatsApp messages as he heads to his favorite bar to meet with friends. They introduced him to sports betting as a “side hustle” a few months ago and now, they come to him for tips since he seems to win more than he loses. Little do they know the reverse is true. He has had to borrow money from workmates to keep playing, sinking deeper into debt while leaving an indelible footprint in cyberspace.

Personal information such as credit card number or account information and other unencrypted data can easily be extracted from his profile. Peter has narrowly survived three separate credit card fraud attempts by hackers to clone and use his cards. Unfortunately, his friends have already fallen victim to such hackers. The use of digital platforms for sports betting has only compounded the problems of authentication and verification. With Kenya leading the continent in sports betting and gambling, this problem is set to grow.

Guiding lawmakers

A Bill of Data Rights could help guide lawmakers in enacting appropriate legislation around how online sports betting can be more secure for users like Peter, and encourage betting companies to make ethical decisions about authentication and storage of personally identifiable data.

The bill would give someone like Karabo clearly defined rights regarding how data that pertains to her financial activities is used and shared by her bank and various financial services providers so that she and many others in her situation are not adversely affected by it, particularly without their knowledge.

It might also shield the biometric data of citizens like Lloyd from the excesses and abuse of government power and bring a level of security and confidence to technology-driven electoral systems and democratic processes.

While tackling these specific problems, a Bill of Data Rights encompassing principles drawn from the African Union Convention on Cyber Security and Personal Data Protection of 2014 (the Malabo Convention) for example, could also address some of the broader issues that are arising on the continent. In the private sector, companies are increasingly using big data analytics to inform their strategies and drive profits through monetization of customers’ data.

Public reforms are leading governments to seek more efficient ways of delivering services through e-government, bringing with it a plethora of problems regarding data management. Concerns about high crime rates, terrorism and cybersecurity are being used to justify increasingly expansive and unfettered state surveillance of citizens, for example the massive CCTV surveillance system being rolled out in Johannesburg that will use facial recognition technology to purportedly maintain law and order in the South African city as in Uganda. Yet, there are insufficient measures in place to prevent potential abuse of this data.

There is no denying that the creation and consumption of data is shaping our institutions and our daily lives and we need to understand the implications for this region. The scenarios above show us why data rights and responsibilities are as important in Africa as anywhere else in the world, and why there is much work to be done to protect, not just individuals, but society as a whole.

Sign up to the Quartz Africa Weekly Brief here for news and analysis on African business, tech and innovation in your inbox