abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb

Covid-19 surveillance in Kenya & Uganda reducing people’s rights to privacy, data protection, freedom of expression & access to information

‘Surveillance, data protection, and freedom of expression in Kenya and Uganda during COVID-19’ April 2021

The latest report by ARTICLE 19 Eastern Africa, the Kenya ICT Action Network and Pollicy (the Consortium), examines how increased Covid-19 surveillance in Kenya and Uganda has reduced people’s rights to privacy, data protection, freedom of expression and access to information. While international human rights law allows governments to have increased powers and to take special measures during health crises, such actions must be temporary, and any measure must pass the three-part test of legality, necessity and proportionality.

The report highlights the following infringements, interferences and violations in 2020, including; Poor oversight over Covid-19 data collection, lack of independent data protection authorities, use of telecommunications data to ‘track and trace’ individuals without regard for due process, surveillance of public spaces using CCTV and biometric technologies, lack of transparency and accountability by state and non-state actors, the use of coronavirus contact tracing applications with limited impact and effectiveness, amongst others. The report provides clear recommendations to governments and private companies in Kenya and Uganda to address these infringements, interferences and violations.

Private companies working on technologies, products and services to address the pandemic should; comply with international human rights standards, including the UN Guiding Principles on Business and Human Rights, and national laws protecting the rights to privacy, data protection, freedom of expression, and access to information, Develop and implement comprehensive data protection measures and practices to regulate their collection, processing, and storage of personal data, Integrate data protection principles, including the purpose limitation, data minimisation, data retention, and prior and informed consent, in the design, development, and deployment of technologies, products, and services to tackle the Covid-19 pandemic, Demand court orders before complying with government requests for individuals’ data, and refuse to comply, or challenge in court, any arbitrary, unlawful, or illegal data requests or orders from government agencies or officials; Proactively publish transparency reports outlining the instances when user data has been requested and shared with state agencies and other private entities, the types of user data (including metadata) requested and shared, how the data was shared (compliance rates), risks to customers’ data, the existing grievance mechanisms, and measures in places to protect customer data.