Common adages in our information and knowledge-based society are that data is the “new currency” and “new oil”, powering every human endeavour. African countries have leapfrogged into the global digital economy, with data as the enabler for transactions. But what are the policy, legal and regulatory implications of the rise of digital data as the “currency” and “oil” in Africa?
These issues are important to consider because the mass migration of populaces to online platforms has come with concerns about data privacy and security concerns, which are all tied to individual rights. A shared perception throughout the continent is that policies, regulations, and regulations governing ICTs exist, but they either lack the political will to enforce them, or corruption enables manipulation.
A recent report on Kenya and South Africa argues that “one of the biggest constraints to effective legal safeguards in the technology sphere is the disconnect between the pace of innovation and the legal and regulatory process”.
Similarly, a World Bank report recommends the “need to address the perennial race between fast-moving innovation and the slower pace of regulation”. The reality of policies and regulations trailing ICT innovations can be seen in the fact that African countries are only beginning to implement data protection laws long after digital practices. South Africa, for instance, launched its Protection of Personal Information Act (POPIA) in July 2021 following the Nigeria Data Protection Regulation (NDPR), which went into effect in 2019 and Kenya’s Data Protection Act, also launched in 2019.
The rise in the importance of data privacy and security arises out of the rapid development of information and communication technology (ICT) infrastructure in Africa over the past two decades. Although there are gaps in ICT infrastructure needs, today the continent is nearly on par with the rest of the world in terms of mobile telecommunication towers, terrestrial and undersea fibre optic cables, and cross-border internet connections. In a very short period, these infrastructures have facilitated the rapid uptake of ICT services in virtually all facets of society.
The continent has witnessed a massive shift towards new ICTs, particularly fintech and surveillance software, which operate on the same infrastructure built by PRC entities. While the uptake of ICT services is to be lauded, concerns arise out of the fact that criminally minded individuals and organisations are hacking systems to collect data on governments, businesses, and citizens.
Digital companies, most of them foreign, build surveillance technologies such as malware and other bugs into infrastructure, which infect ICT systems, thus enabling data mining. Devices such as computers and smartphone handsets now come with pre-installed software as often reported by anti-fraud firm Upstream.
In some instances, devices are installed with apps that illegally subscribe users to services. The resultant data harvesting raises the spectre of cyber fraud, thus infringing on the privacy and security of African users.
Financial technology (fintech), electronic commerce (e-commerce), and music and video streaming, which are heavily dependent on consumer data for operations and online payments, have witnessed a meteoric rise.
Information from the data-crunching organisation, Statista, for example, shows that Kenya, South Africa, and Nigeria have become major markets for fintech startups. These transactional fields ride on convergence technologies, essentially, the bundling of services and products via super apps, thus posing danger to personal and institutional data. The transparency and accountability of ICT firms offering multiple services is not always assured, as often reported by the UK-based charity, Privacy International.
Many ICT service providers are involved in multiple fields. An ICT company can be at once an e-commerce and financial technology company, as in the case of the Chinese firm, Alibaba. A social media company is also an online payment system as in the case of Facebook’s WhatsApp Pay. A telecommunications company may be registered according to telecommunications regulations, but at the same time engage in financial services, without being registered in line with financial services regulations. This is the case with nearly all African mobile companies offering mobile banking services. The blurring of regulation lines presents opportunities for irregularities, as regulators are not fully conversant with what the companies are doing in their digital markets.
An even more current dynamic revolves around digital currencies, better known as cryptocurrencies or bitcoins. On the positive side, digital currencies help in advancing payments and serve as avenues for redressing the challenge of the lack of common currencies on the continent. But these data-co-option technologies are deployed without the requisite policy and regulatory mechanisms, posing threats to the data and privacy rights of citizens.
Many of the digital currency activity is led by relatively new ICT start-ups that exploit loopholes in regulatory frameworks such as the difficulty in transparency and accountability reporting to central banks. A case in point is the directive by the Nigerian Central Bank in June 2021 for banks to stop dealing with cryptocurrency entities, as reported by the United Nation’s magazine, African Renewal. Commenting on the situation in Nigeria, Francis Ololuo, a Nigerian lawyer, points out that regulations governing privacy protections for people using fintech and e-commerce platforms are weak because of a multiplicity of issues – among them outdated regulations, lack of expertise and resources in enforcing even the outdates.
In an even more direct affront to citizens’ rights, surveillance technologies have been widely embraced on the continent. These technologies include biometrics (biological metrics) such as facial recognition, video monitoring, close circuit TV (CCTV), and other technologies that potentially threaten civil and political rights. They provide hardware and software for robotics, 5G technologies, and Artificial Intelligence (AI).
Positive sentiments towards surveillance technologies are promoted by government officials and leaders, particularly in autocratic countries such as Zimbabwe, Rwanda, and Ethiopia, as explained by Iginio Gagliardone, a scholar on African technology and politics. Generally, the narrative is that surveillance technologies are “smart solutions” for combating cybercrime, terrorism, corruption, and data management. Surveillance technologies have particularly become popular under the concept of smart and safe cities, which is endorsed by the United Nation’s International Telecommunication Union.
Nearly all African countries have implemented smart city technologies. In some cases, new cities are being built from the ground, complete with digital infrastructure. Some examples are the Konza Technopolis near Nairobi and the Eko Atlantic City and Ocean City in Lagos. In other countries, the smart city concept has involved revamping existing city infrastructures by installing digital technologies, particularly those dealing with crime prevention and the management of crowds. Examples include the digitisation of sections of Mutare in Zimbabwe, Lusaka in Zambia, Kampala in Uganda, and Ekurhuleni in South Africa.
On the downside, however, there is a multiplicity of examples of the negative consequences of surveillance technologies for democracy, human rights and governance in Africa. As the internet monitoring organisation, NetBlocks, reports show, government and private sector entities have been known to hack systems, engage in cybercrime, intercept internet-based communications, use them for cyber espionage and censorship, and in extreme cases, institute internet restrictions and shutdowns.
These technologies are deployed in and out of elections and periods of political contestation and are used for nefarious activities such as monitoring the opponents of African leaders, including journalists and civil society activists. Internet restrictions, censorship and shutdowns directly subvert democracy and human rights, and entrench autocrats in power. NetBlocks shows that there were internet disruptions and shutdowns in 12 African countries between January 2021 and February 2022. These disruptions were reported in Uganda, Chad, Senegal, Democratic Republic of Congo, Nigeria, Zambia, South Sudan, Sudan, Ethiopia, Burkina Faso, Malawi, and Zimbabwe.
For African countries to protect citizens’ and institutional data, policies and regulations have to be followed by robust enforcement, coupled with enhanced advocacy by civil society organisations.
Dr Bob Wekesa is acting director and research and communications coordinator at the African Centre for the Study of the United States based at the University of the Witwatersrand, South Africa. He holds a Bachelor’s degree from the University of Nairobi and Master’s and doctoral degrees from the Communication University of China, Beijing. His area of teaching, research and public engagement is the intersection of journalism, media, and communications on the one hand and geopolitics, diplomacy and foreign policy on the other. He supervises post-graduate projects in these fields. His current research work includes international communication; diplomacy with a focus digital and public diplomacy; African diaspora; the internationalisation of African cities; the geopolitics of Africa and established and emerging powers. Prof Wekesa is well published in academic and popular platforms.