Digital Surveillance: Should Rwandans be worried?

By:  Leonce Muvunyi & Louis Gitinywa for Paradigm Initiative 


Collection, handling and sharing of data public information continue to dividing opinions as government embark on tapping into ICT solutions to ensuring safety.

Starting from May this year, the government of Rwanda has embarked on putting up the Closed-Circuit Television (CCTV) cameras all around the main roads of the city of Kigali.

According to the Rwanda Information Society Authority (RISA) and Rwanda National Police which are in charge of implementing this policy claim that use of CCTVs will significantly boost security by establishing a robust mechanism of deterring, preventing and detecting crime.

The Inspector General of Police Dan Munyuza indicates that the enforcement of cameras networks across the country, which is anchored into the special presidential directives,  is in line with ensuring the general public security.

“They are well advanced to the extent they don’t only capture the traffic speed, there those which monitor the violations of road traffic regulations, and there those that could run number plate recognition of vehicles, and we can see them from the commanding post here at the police headquarters,” said IGP Munyuza, during a recent interaction session with the media.

Online sources define a closed-circuit television (CCTV) as video surveillance type of cameras network system that enables surveillance by transmitting its signals only to the screens that are directly connected to it.

Apart from the CCTV Networks in Kigali City, the government has started enforcing the “traffic radars” on the highways connecting capital city Kigali with neighbouring countries since earlier in May this year, which will be over hundreds of traffic radars devices installed.

These include Kigali- Kagitumba as you connect to Kagitumba border with Uganda, Kigali- Rusumo on your way to Tanzania, Kigali-Nyamata-Nemba connecting with Burundi, Kigali-Muhanga-Huye- Rusizi going in the south-west border with Democratic Republic of Congo and Kigali-Musanze as you connect with DR Congo in the north-west.

In addition, the government has adopted a new policy along with a number of measures; the use of technology that would significantly improve road safety and security of its users. Government officials emphasize that all these measures add up on the Law Governing Information and Communication Technologies of 2018, which provides for prevention and punishment against cybercrime offences.

“We are going to roll out the installation of the radar countrywide with much emphasis made on the accidents spots. Some of them will be static whereas others will be mobile and placed on a certain area for a different purpose.”  Munyuza revealed that a survey that had been carried out on the roads had indicated several places, and it had suggested where all these cameras would be installed.

According to the head of Rwanda’s national Police IGP Munyuza, which is now under the docket of the newly reintroduced Ministry of Internal Security, CCTV data is collected through a dedicated private network which cannot be accessible over the Internet. The storage of this data is regulated by internal standard operating procedures of the Rwanda national police and the use of relevant tools to secure the IT environment.

However, there are some concerns about the process of collection, handling and sharing of personal data and risks of illegal surveillance through the use of CCTVs which continues to divide the public opinion.

In this context of the introduction of digital surveillance’s cutting-edge technological capacity, coupled with the massive development of the digital economy in both public and private sector requires the need to have a comprehensive data protection legal framework in place, to protect and promote the right to privacy.

Data collection in the wake of data scandals such as Cambridge Analytica and the 2018 Google data breach have culminated to public scepticism in ways of data in which data is collected and processed.

A great responsibility is placed on the state to protecting the privacy of citizens by implementing more comprehensive guidelines preventing government and corporations from overstepping their boundaries by articulating the rights and freedoms of people in digital spaces, meaning data subjects can request information about why and how their data is processed.

This is considering that today Rwanda is striving for the digital era with the proliferation use of biometrics and digitized public services. Furthermore, as the digital economy and cashless transactions are becoming increasingly common in the country. While these systems promote certain benefits, there is however insufficient focus on the potential consequences of the technology such as the collection and use of personal data for commercial purposes, and how this practice leads to algorithmic manipulation of human behaviour on the decision we make and the services we receive.

In the meantime, this recent development links up with the global debate about the ability of Silicon Valley’s GAFA to freely collect consumers personal data in developing countries without any regulations has raised questions and public concerns about the lack of a clear comprehensive legislation and a regulatory framework on personal data privacy and data protection in the country.

Although,  article 23 of the constitution of Rwanda of 2003 (revised in 2015), reaffirms the respect for privacy. Besides the constitution, other relevant laws like the penal code, the 2010 law relating to electronic transactions and the 2001 law governing telecommunications recognize and provides for some guidelines regarding the protection of privacy and personal data.

However, the right to privacy enshrined in the Rwandan constitution has yet to be operationalized, the existing ICT laws and regulations only recognize so far the user consent and opt-in mechanisms.

Moving through the Region, Kenya is so far the only country that has recently enacted a comprehensive data protection law. the Kenyan Act determines the need for any subject company to create a privacy policy that outlines why and how data is collected, its handling and sharing of personal information or data; among the groundbreaking statutes written into the law is the provision for a data protection commissioner; a mechanism that enables citizens and data subjects to ascertain whether their personal information is being processed in accordance with the applicable data protection legislation.

With regard to Analyticaprotection of privacy and personal data information, it is important to note that according to the recent figures published in 2019 by Rwanda Investigation Bureau it has been revealed that there were at least 113 cases of cybercrime particularly targeting personal data related to financial transactions. A figure that has doubled compared to the previous year of 2018.

Furthermore, based on the recent 2018 Africa Cybersecurity Report by Serianu Limited, the cost of theft of personal data in Africa was estimated at $3.5 Billion, a rise from 2016.

Experts indicate that the use of technology in public life should be centred around transparency and the rule of law. In particular, privacy and security as the pillars of trustworthy services that enhance the overall well-being of citizens.

The development and the implementation of smart cities and the safety and security policies must be done responsibly, with full understanding and mitigation of their impact on the citizens right to privacy and other constitutional rights.

While the rights to privacy and personal data are not absolute, they must be rigorously safeguarded, the right to privacy may only be limited through a law which regulates infringement. Although some databases can be used for legitimates purposes. However, there are many risks associated with collecting and storing the very information that constitutes an individual’s identity.

The Cambridge Analytica scandal shows us how damaging technologies can have a corrosive effect on privacy, the misappropriation of personal information can deny individuals their identity especially when data is collected without proper control or oversight. In many countries around the world, national privacy laws are increasingly being revised to strengthen the protection of personal data privacy and impose penalties for data breaches.

As Rwanda today is striving for the digital era with digitized public services with an open online portal like “Irembo”, cashless transactions, digitized citizens’ identity cards and passports.  Thus as the scale and the scope of digital economy development accelerates the demand for data is increasing.  Furthermore, in the context of the current vacuum of a comprehensive data framework, there is a heightened risk of data misuse.

Therefore it is imperative for the government to respond to public concerns around privacy with a robust legal framework for data protection that will enforce accountability towards the citizens over the use of their personal information by bodies or corporations that collect them.

The Authors:

Louis Gitinywa is Rwandan Lawyer. Before  joining the private practice in 2018,  he served as public Prosecutor at the Rwanda National Prosecution Authority for 6 years. He has been involved in many cases related to prosecution of economic crimes, and other criminal cases before domestic courts in Rwanda.

Muvunyi Leonce is Rwandan Journalist based in Kigali, he works at Nation Media Group as an Editorialist for Rwanda Today Newspaper and as a correspondent for the AFP covering the Great lakes region.