As I delve into my reflections on the recently concluded Digital Rights and Inclusion Forum (DRIF) 2025 held in Lusaka, Zambia, and convened by Paradigm Initiative. Under the powerful theme, “Promoting Digital Ubuntu in Approaches to Technology,” There is a need to recognise and celebrate our milestone and progress in the digital journey.
This article reflects on data governance and human rights in the African continent with a brief context on Uganda’s data protection progress.
In today’s digital landscape, data governance and protection have become fundamental to establishing trust, preserving privacy, and cultivating inclusive digital economies. I was keen to be part of the discussions that analysed the intersection of data governance and human rights such as freedom of expression, right to privacy, cybersecurity among others.
Africa is experiencing a digital revolution, with services like mobile banking and e-government platforms driving an unprecedented surge in data generation, much of which is personal and sensitive. However, the rapid digital expansion has significantly outpaced the development of comprehensive regulatory frameworks, leaving individuals and institutions vulnerable to potential risks of data misuse, surveillance, and exploitation.
Across the continent, collaborative efforts are emerging to enhance data governance through national legislation and continental frameworks. According to ALT Advisory’s report, out of the 55 countries, there are 36 African states with data protection laws.
In July 2022, the African Union Commission published the African Union’s Data Policy Framework which builds on existing instruments and initiatives such as the Digital Transformation Strategy for Africa 2020-2030. After 9 years from when it was adopted , the Malabo Convention also known as the African Union Convention on Cybersecurity and Personal Data Protection came into force in June 2023 on receiving the required 15 ratifications . These represent significant steps toward creating a consolidated data environment and harmonised digital data governance systems to enable the free and secure flow of data across the continent while safeguarding human rights, upholding security and ensuring equitable access and sharing of benefits. Despite these initiatives, significant challenges remain, such as limited enforcement capabilities, complexities of cross-border data flows, the need for legal harmonization across diverse systems especially where legal protections are often weak or outdated, spyware tools are increasingly used to target journalists, activists, and political opposition. Increased cases of rising trend on digital surveillance by governments across Africa, often under the guise of national security. In the end, strengthening Africa’s data governance ecosystem transcends legal and technical requirements as it represents a critical pathway to digital sovereignty, economic empowerment, and the protection of human rights in the digital era.
Digital independence signifies a region’s ability to develop, manage, and control its own digital systems, data, and technologies without excessive reliance on external actors. For Africa, this is not just a goal but a necessity very critical to securing its digital future, strengthening data sovereignty, and encouraging innovation that is rooted in local realities and cultural values.
While Africa continues to experience rapid digital growth, much of its infrastructure and technological platforms remain under the influence of foreign entities, governed by external data policies. This reliance constrains the continent’s ability to fully protect citizen data, shape its digital policy frameworks, and unlock the full economic potential of its digital ecosystem.
Uganda is among the African states with a legal framework around this. It is called the Uganda’s Data Protection and Privacy Act (DPPA) which was enacted in 2019 to safeguard personal data and uphold individuals’ privacy rights. This Act applies to all entities inclusive of governmental, private, or non-governmental that collect, process, or store personal data within Uganda or outside the country if the data pertains to Ugandan citizens.The Personal Data Protection Office (PDPO) was created to oversee the implementation of the DPPA, the PDPO was established under the National Information Technology Authority – Uganda (NITA-U) which is incharge of implementing and creating public awareness on these laws. It has taken great initiatives through organising workshops and webinars to build capacity and shed light on most of the issues around privacy rights.
Uganda is making strides in enhancing security and traffic management with the rollout of digital number plates through the Intelligent Transport Monitoring System (ITMS). Alongside a growing network of surveillance cameras, these plates feature real-time tracking, enabling authorities to keep an eye on vehicle movements throughout the country. While the government views this initiative as a crime prevention tool, it also raises concerns about potential mass surveillance and privacy infringements. There are issues around it like limited transparency, weak oversight, and inadequate enforcement of Uganda’s Data Protection and Privacy Act of 2019. Striking a balance between effective security measures and strong privacy protections is a significant challenge that needs to be addressed.
From tracking calls and messages to weaponizing telecom infrastructure, surveillance has become a tool for silencing dissent and controlling narrative. There have been several cases of data breaches, for instance recently in Uganda where some journalists and lawyers that represented the opposition political leader and other civilians going through trials in the military court had their audio phone conversations tapped and leaked on X social media which clearly infringes on their privacy rights.
In developing countries where digital ecosystems are still maturing this intrusion disproportionately affects civil society organizations, opposition figures, and marginalized communities. Such practices corrode digital trust, stifle innovation, and discourage civic participation.
I admit that without democratic oversight, the unchecked use of surveillance tech deepens existing inequalities and undermines public trust in institutions. The call to action is clear: nations must urgently adopt transparent and rights-respecting legal frameworks that limit surveillance and ensure accountability.
Conclusion:
Without transparent oversight and strong accountability, the very tools meant to promote data sovereignty could end up being used as instruments of repression. It’s crucial for governments to protect civil liberties by ensuring that surveillance technologies, biometric systems, and public-private data initiatives are guided by ethical standards. These tools should never be misused to stifle dissent or infringe upon the rights of citizens.
To realize true digital independence, African nations must prioritize the development of locally governed digital public infrastructure, invest in regional data storage solutions, enforce robust data protection policies, and support local innovation, including indigenous AI systems. This approach will promote digital self-sufficiency, boost economic resilience, and ensure that Africa’s digital future is designed and led by its own people.
Data sovereignty is pivotal for Africa’s digital future. By establishing robust data governance frameworks, investing in infrastructure, and fostering regional collaboration, African nations can ensure that they not only participate in the global digital economy but do so on their terms. The journey towards data sovereignty is complex, but with strategic planning and collective effort, it is an attainable goal that promises significant rewards.
