With New Promise Comes New Perils: ICTs And The Right To Privacy In Africa
One of the first things that strikes you about the chaotic East African metropolises of Kenya, Uganda and Zimbabwe is the blanket of adverts for mobile phone companies that covers them, from the walls of the immigration hall at Harare airport, to the rickety shacks that line the dusty streets of Kampala. Where official signage is unavailable, DIY versions are painted onto the roofs and walls of houses and small businesses. Stores selling mobile phones are rarely more than a few short steps away, as are the clumps of cell towers that stand tall above throngs of people talking, texting and transferring money on their mobile devices. The message is clear: mobile telephony has arrived in Africa, and everyone wants - and can have - a piece of it. But at what price?
A team from Privacy International has spent the past few weeks travelling in the region, hearing many stories of the significant advances achieved through the use of new technologies, particularly mobile ones. The most famous of these is undoubtedly Kenya's M-PESA mobile money system, which allows individuals to bypass traditional financial infrastructure and access and transfer money by SMS. In the first three months of M-PESA's operation, 111,000 people registered for the service, and nearly US $6 million was transferred; today it is used by a quarter of the of the population, some of whom had not previously used mobile phones or owned bank accounts. Many people we spoke to told us of the importance of M-PESA to regular Kenyans, particularly those living in poverty, who for the first time have access to the financial system and the ability to save money and accumulate assets.
We also witnessed how communications technologies more generally are enabling greater connectivity, facilitating the flow of information, and engaging and empowering communities. We met with some amazing civil society groups that are using technologies to advance the effectiveness of their advocacy. The Human Rights Network for Journalists in Kampala uses podcasts and livecasts to get their message out, while the Zimbabwe-based Kubatana disseminates information through a SMS and email newsletter service. Organisations such as the Media Institute for Southern Africa, headquartered in Namibia, and the Kenyan Ethical and Legal Issues Network make savvy use of Twitter, Facebook, YouTube and email to reach their constituencies and make sure their voices are widely heard.
Of course, the enormous potential and promise of new technologies to revolutionise development, education, health care, governance, and communications across Africa is well traversed terrain.1 It is a premise that drives development initiatives throughout the continent. What is less frequently acknowledged are the implications of a rapid conversion to mobile and online life for the right to privacy in developing countries. As the tide of technology sweeps across Africa, its manifestations - biometric databases, digitised border systems, electronic voting, communications surveillance, e-Health systems, mobile money - are being designed and implemented with little consideration for how such systems will protect the personal information of individuals and respect their private lives and decisions. Even more worryingly, these "advances" are being adopted without accompanying legal protections and safeguards to ensure that individuals' basic rights are protected. Such safeguards include data protection legislation, which is absent from all but 10 of Africa’s 54 countries.2
The result is that many Africans are required to had over extraordinary amounts of information about their private lives everywhere they go, and to every service they interact with. Checking into a hotel, seeing a doctor, voting, filing a form and withdrawing money all involve the forfeiture of information to authorities that have no intention of properly securing the information. Governments have easy access to databases, and user data is frequently sold to and exchanged between corporate entities. Everywhere we travelled we were told stories of unsolicited phone calls and text messages from enterprises that had acquired users' contact details, either lawfully or unlawfully. Many people we spoke to were surprised to hear that such experiences were not equally commonplace in Europe and North America.
One of the most concerning privacy-infringing practices that has accompanied Africa's rapid adoption of mobile technology is the compulsory registration of SIM cards. In 48 countries in Africa,3 laws requiring that individuals register their personal information with their network provider prior to activation of pre-paid SIM cards are facilitating the establishment of extensive databases of user information, eradicating the potential for anonymity of communications, enabling location-tracking, and simplifying communications surveillance and interception. Putting aside the discriminatory effects of the system - the poorest individuals (many of whom already find themselves disadvantaged by or excluded from the spread of mobile technology)4 are often unable to buy or register SIM cards because they don't have identification documents - there are grave concerns about the potential implications for the right to privacy. In the absence of data protection legislation, SIM users' information can be shared with government departments and matched with other private and public databases, enabling the State to create comprehensive profiles of individual citizens. An individual's phone number could potentially be matched with their voting preferences or health data, enabling governments to identify and target political opposition, for example, or people living with HIV/AIDs. The potential for misuse of such information, particularly in countries with traditions of ethnic conflict and in situations of political instability and unrest, is enormous.
Speaking with civil society actors and activists throughout our travels gave us an opportunity to explore the complex and competing factors that underscore the discourse around privacy and technology in Africa. Most people we spoke to, particularly civil society actors and human rights defenders, were aware of abusive or unlawful state surveillance practices, but they tended to accept them as permanent and unassailable facts of life, adapting their security practices to this framework rather than questioning its existence. And few thought twice about handing over extensive information to government bodies, so ingrained is the practice within these societies. SIM registration was viewed as inevitable, with some people we spoke to expressing that they thought it was a worldwide practice, and others referring to the government's justification of necessity for law enforcement and fraud prevention.
Importantly, everyone we spoke to believed firmly in the right to privacy, and confirmed our expectation that privacy is as important to individuals and communities in East Africa as it is to those in Europe or North America. While our travels left us feeling daunted about the considerable challenges to the right to privacy across Africa, we were also heartened to see that privacy issues are increasingly on the agenda there. The key to ensuring that those issues are given priority in national discourses will be putting local perspectives and contexts at the heart of research and advocacy initiatives. To this end, we’re excited to be working with local partners across Africa, Asia and Latin America in the next phase of our Privacy in the Developing World project, in collaboration with the International Development Research Centre, to identify, understand and bring down the barriers to protecting the right to privacy. We believe that human rights are not only universal, they are local. Advancing the privacy protections in developing countries must begin with the communities there, to ensure that individuals can enjoy both the benefits of technological innovation and their right to privacy.
