By Linda Gichohi
The landscape of data protection is evolving rapidly, and the telecommunications sector sits at the heart of this transformation.
On 23rd December 2023, the Office of the Data Protection Commissioner (ODPC) released a guidance note tailored for the telecommunications industry, addressing key privacy concerns such as surveillance, encryption, data collection, and tracking.
This document aims to align sector practices with the Data Protection Act of 2019, providing clear recommendations and checklists for compliance.
On 5th June 2024, Article 19 Eastern Africa and KICTANet hosted a stakeholder engagement to discuss the challenges, opportunities, and the path forward for businesses in safeguarding the right to privacy.
The discussions were a rejoinder to the NADPA-RAPDP (Network of African Data Protection Authorities) conference, where KICTANet released a five-year reflection data protection policy brief on the Data Protection Act of 2019.
Data Protection Commissioner Immaculate Kassait emphasised the need to adhere to data protection principles and the importance of data protection and privacy across all sectors, including finance, healthcare, and telecommunications. She highlighted her office’s concerns regarding privacy in the telecommunications sector: data collection and tracking, misuse of personal data, surveillance, encryption and decryption, and cybersecurity breaches.
Kassait said her office had developed tailored guidance to address the unique data security and privacy concerns within sectors including finance, health, telecom and private security. In addition, she highlighted the importance of equipping personnel with the knowledge and skills to handle data responsibly.
Kassait also acknowledged the importance of fostering partnerships between regulators and the private sector to develop and implement effective data protection strategies.
Moderated by Bridget Andere from Access Now, the panel featured insights from industry experts, who discussed the impact of the Data Protection Act and the Guidance Note.
Some of the takeaways and points of discussion included:
Impact of New Laws: The Guidance Note has crystallized data protection issues into actionable laws, fostering compliance and awareness. However, more targeted awareness campaigns are needed, especially for vulnerable populations.
Consent Initiatives: There is a need for a shift from legal jargon to design thinking in terms and conditions agreements, making them user-friendly and ensuring they are intelligible to all users.
Unequal Bargaining Power: The ODPC must ensure that large organizations do not exploit consumers, advocating for a multi-stakeholder approach and political goodwill for effective compliance.
Exemptions and Balancing Act: While exemptions in the Act aim to balance innovation with privacy, human rights should remain paramount. Organizations must notify users if their data is repurposed from its original intent.
The discussions highlighted several continental issues and action points crucial for enhancing data protection:
Development of Sector-Specific Guidance Notes: Continuing to create guidance notes for various sectors, including finance, healthcare, education, and postal/e-commerce, is essential. This approach ensures that all sectors have clear compliance frameworks tailored to their unique challenges.
Extraterritorial Powers: Exploring the assertion of extraterritorial powers in regulating data privacy, as seen in regions like Asia, can help safeguard data across borders. This is particularly relevant in the context of international e-commerce platforms.
Emphasis on Data Privacy: Maintaining a strong focus on data privacy is crucial for protecting users’ rights and preventing misuse, discrimination, and targeted attacks. Historical instances, such as the Rwanda Genocide and the Holocaust, highlight the dire consequences of data misuse.
Multi-Stakeholder Approach: Encouraging collaboration among stakeholders, including policymakers, regulators, and technology companies, is vital for effective compliance and enforcement of data protection laws.
Emerging Issues and AI: Investigating and developing guidance notes on emerging digital issues, particularly Artificial Intelligence, is necessary to address new privacy challenges.
User Education and Consent: Educating users on their data rights and the importance of consent is critical. Ensuring that consent is unambiguous and fully informed will enhance trust and compliance.
The Stakeholder Engagement on the ODPC Guidance Note for the Communications Sector marked a significant step towards strengthening data protection in the telecommunications industry.
By addressing continental issues and setting clear action points, the engagement paved the way for more robust and comprehensive data protection practices.
As we move forward, continued collaboration, education, and the development of adequate sector-specific guidance will be key to safeguarding the privacy rights of individuals across Africa and beyond.
Linda Gichohi is a lawyer, a KICTANet Legal Fellow, and a Gender Program Assistant. She has an interest in women’s digital rights and access to justice for technology-facilitated violence
