On January 1, 2020, many new year resolutions made no provision for a disruptive event even though the novel coronavirus, COVID-19, was already making its way through some regions of the world but the onset of the global pandemic forced dramatic changes to everyone’s plans, and as various institutions or nations took on the challenge of flattening the curve, a lot of data gathering was involved. Indeed, if there was ever a time to pay attention to data governance, it was before the pandemic hit, but the next best time is now.
Many digital rights experts warned that some governments and private sector institutions could take advantage of the pandemic to pursue massive data gathering projects, including the collection of biometric information in countries without requisite legal framework. Hence, there is little surprise as we are now learning that a lot of the data gathering efforts that were carried out, including those without adequate legal frameworks, in the name of addressing the pandemic, have not proved to be the silver bullets they were sold as. In fact, there is no evidence that contact tracing apps are helping stop COVID-19 and they have actually been referred to as the biggest tech failure of the COVID-19 pandemic.
Unfortunately, the fact that all stakeholders were working together to solve a problem affecting everyone did not slow data abuse impunity down, and this informed Paradigm Initiative’s interest in the perfectly-timed #RestoreDataRights movement. The movement, through the Restore Data Rights Declaration, calls on governments across Africa to honour citizens’ data rights during, and after, the COVID-19 pandemic, and specifically calls for citizens’ right to know how their data is being used to flatten the pandemic curve and right to say no to data abuse. The fact that the declaration is available in English, French, Kiswahili, Portugese and Spanish speaks to the intent of the movement to be a pan-African rally that is not held back by language barriers.
Paradigm Initiative (PIN) continues to work on data rights by focusing on the need for rights-respecting legal frameworks, redress for victims of data rights violations and the need to strengthen institutions that work on data governance. The African Union Convention on Cyber Security and Personal Data Protection was adopted by the 23rd Ordinary Session of the Assembly held in Malabo, Equatorial Guinea, on June 27, 2014, but as at the end of 2020, only 14 out of 55 countries have signed the Malabo Convention. Worse still is the fact that only 8 countries have ratified and deposited the instrument as legal instruments. The signatories — Angola, Ghana, Guinea, Mozambique, Mauritius, Namibia, Rwanda and Senegal — represent less than 15% of the countries in Africa and this paints the picture of the current state of respect for data rights on the continent. There are, of course, countries like Kenya that have not signed, ratified or deposited the Malabo Convention but have gone on to establish a Data Protection Commission, but the inability of African nations to hold themselves accountable to a Personal Data Protection instrument adopted at a meeting of peers says a lot about why more work is required.
PIN’s annual research reports have documented data rights abuses since 2014 and the trend shows that data abuse impunity exists in many African countries. One reason why many violators, including government institutions, are not punished for violating the data privacy rights of citizens is the lack of strong institutions that can act independently. African countries need truly independent Data Protection Authorities that have the primary responsibility of protecting the data rights of citizens, even if the act of protecting rights goes against the agenda of the current administration in the country. Until we do this, asking many African governments to protect the data rights of citizens will be no different from asking a starving hawk to watch over a flock of baby chicks.
In calling for transparency, inclusivity and accountability from African governments and other actors, the #RestoreDataRights declaration establishes a set of well-defined principles that should guide data governance — including decision making in times of crisis — on the continent.
The best time to restore data rights for Africans was before the COVID-19 pandemic hit but, thankfully, the next best time is now. When we restore and respect data rights, we create a win-win scenario for all, including private sector and government actors who are currently responsible for a climate of data abuse. Respecting data rights helps governments earn the trust of citizens, which is needed right now, more than ever, as we all work to exit the coronavirus pandemic. The same is true for corporations — respecting data rights instead of exploiting weak data laws in various countries will lead to improved consumer trust, which has always helped with product adoption.
Respecting data rights is good for politics, business and citizens, and this moment in our history is a great time for all stakeholders to #RestoreDataRights.