The 4th Privacy Symposium Africa held in Nairobi’s Strathmore University is a wake-up call for the digital community to strive for digital privacy and safety not only as a formality but as a fundamental human right. Unwanted Witness, a privacy watchdog has been on the frontline campaigning for compliance with the Data Protection Act(s), as well as sensitization of the public on the same.
Privacy Symposium Africa 2022 brought together data stakeholders across African nations; Data controllers, Data processors, Data regulators, and Data subjects to benchmark compliance with Data Protection Act(s) across states. And the outcome? It is evident that as data continues to be the new currency, new gold, new oil, and a tangible asset for billion-dollar companies, privacy continues to be a thing that can be bought off despite it being a constitutional right for data subjects.
The event co-organized by the Centre for Intellectual Property and Information Technology Law (CIPIT) brought to light challenges shared by African countries and they all trickle down to Governance. As it is, governments are slowly but surely shunning the importance of watchdogs and regulators to see that they might fall victim to offenses. From the structural implementation of Data Protection Authorities to political interference, the oxymoron is that governments are a significant obstruction to enforcing the Data Protection Act(s).
Most African regulators including in Kenya and Uganda operate under the ministries of Information, Communication, and Technology. This is where the trouble begins because they report to the government, and there is no form of independence, either constitutionally or financially.
Despite having fully established data regulators in African countries, these institutions remain toothless bulldogs, only with aspiration but no might. It, therefore, becomes harder to investigate and bring to book companies with deep pockets as well as institutions allied with government officials.
If a data subject has full evidence of their rights infringed by a data controller or processor, it may take years to compensate due to a clogged system.
Public education is a fundamental part of Data Protection as it results in compliance from a point of knowledge. Being pressed for finances not only affects the enforcement of the Data Protection Act but also denies the public their right to information. Data subjects lack information on what is their right, and what is not, they lack knowledge of when they are victims of a constitutional breach and when they are non-compliant with the law.
During the three-day convention, discussions around such issues forged a way forward to see that enforcement of the Data Protection Act(s) is made possible. Here are some of the Solutions reached; Involvement of Legislators in data privacy conversations, mobilization of data subjects for sensitization, and lastly, harmonization of Data Protection Acts across African states. These could be starting points for a safe and uncensored online environment with all rights observed.