Why Parliament should pass the Data Protection and Privacy bill 2015 to end digital exploitation
By Godfrey Mwesigye
The digital era, which has swept across the whole world, is upon us as is evident in the numbers of people who have switched from analog to digital.
Ugandans, especially the youth, have incredibly embraced the scrolling of electronic pages on their smart-phones, tablets, and other electronic gadgets. This dispensation has lured the older generation too with a sizeable number of this demographic going digital.
We have integrated social media platforms into our day-to-day communications and interactions using WhatsApp, Twitter, Facebook, Instagram, and more to share personal information and data.
Because of this, there are unprecedented volumes of personal data that are shared across these platforms, and with telecom companies, banks as well as government. However, the questions we do not pause to ask are; who is in control of our information? Who can access it or how dangerous can it be if our private data falls into wrong hands?
The safety of personal data and privacy has increasingly come under threat. For instance, one of the most trending concerns on social media is the leakage of nudes and revenge porn. Many of the perpetrators go unpunished yet victims are left devastated.
In September last year, Action Aid International offices in Uganda were stormed by unidentified security agencies, searched and some of their private information on their databases was accessed. Most recently, in March this year, the Uganda Revenue Authority asked the commercial banks in Uganda to send all the financial records they hold on all Uganda’s banked population. However, commercial banks under their umbrella body Uganda Bankers Association defied this order.
This brings us to the critical debate on personal data, communication, and the right privacy.
Where is the problem?
Currently, Uganda does not have a comprehensive policy on data protection and privacy. This leaves many; especially internet users, vulnerable. Some potentially could end up being arrested and prosecuted in Courts of Law.
The existing laws in the country are too weak to protect the citizens who use the internet and other forms of electronic data. Whereas, Article 27(2) of Uganda’s Constitution provides that no person shall be subjected to the interference of the privacy of persons home, correspondence or communication, the country has no comprehensive law to safeguard personal data.
There is a lot of room for exploitation of the right to privacy in the absence of proper regulations on how personal information is collected, processed or utilised in an appropriate way which respects the rights and the dignity of the subject from which the data is collected. Worse still, some of the laws on the books, like the Regulation of Interception of Communications Act (RICA) 2010 which provided for interception of communications, can easily be used by the state to curtail people’s right to privacy.
Over the last few years, there have been increased concerns of surveillance on political dissidents, journalists, and the human right defenders without their consent and under no clear regulations.
The weaknesses in the existing legal framework concerning data and privacy prompted the tabling of the Data Protection and Privacy bill 2015 in Parliament, which intends to protect personal data and the right to privacy through its provisions.
Section 4 (1) of the Bill, provides that before anyone accesses personal information, the subject from whom data is collected must consent and Section 6 stipulates that a data collector, data processor, data controller shall collect or process data in a manner which does not infringe the privacy of the person to whom the data relates.
Even in cases involving national security, where personal information may be needed for investigations and prosecutions, those in authority can access the personal information as provided for in Section 7 subsection (2)(e)(i) of the Bill.
Also important to note is that Section 3 (c) of the bill provides that a data collector shall collect adequate and relevant data but prohibits the collection of excessive and unnecessary data. However, how to measure that someone is collecting adequate, relevant and not excessive or unnecessary personal data may be challenging.
Nevertheless, the data collector or processor should handle it in a way that does not cause any harm to the subject from whom it is collected. For exceptions such as collecting personal data in order to ensure national security, I strongly agree that this should be handled still within the limits of the law. For instance, there should be a court order calling for that and the data should serve only that purpose for which it is collected.
In my opinion, if the bill is passed, it will create harmony where personal information is protected and it can only be accessed as stipulated under the law.
Way to go
It’s my humble plea that Parliament passes the Data Protection and Privacy Bill, 2015, considering the rate at which Ugandans are switching to the use electronic media and transactions, to ensure the right to privacy is protected. The International Covenant on Civil and Political Rights categorises privacy as a fundamental human right, ratified by 167 countries Uganda inclusive.
This article was first Published in the Independent Magazine