To date 36 African countries have adopted Data Protection laws and institutional frameworks, signaling positive efforts towards the continent’s respect for the right to privacy. All data protection legislations create compliance obligations, including penalties for non-compliance.

In order to understand the level of compliance, Unwanted Witness conducts an annual legal compliance assessment for selected countries in Africa. The 2023 Privacy Scorecard report was first launched at the 5th Privacy Symposium Africa in Port Louis, Mauritius. 

 Unwanted Witness has further conducted in-country dissemination event, that commenced in Uganda on Wednesday, 29th February 2024, at Hotel Africana.  The report serves as a critical monitoring tool, shedding light on how various data collectors and processors comply with data protection laws and privacy standards.

The Privacy Scorecard operates as a comprehensive measurement system that evaluates the adherence of both private and public sectors to data protection principles and legal frameworks. By focusing on law, corporate policies, and practices, this tool aims to empower data subjects, providing them with essential information to make informed choices and take control of their personal data.

At the core of the Privacy Scorecard’s mission is the illumination of how corporate policies and practices either advance or hinder the privacy rights of users. This entails recognizing and commending entities – be they companies or government agencies – that actively contribute to and ensure data protection and privacy best practices. The overarching goal is to cultivate transparency and accountability among data collectors and processors regarding the use and disclosure of individuals’ data.

The recently released edition of the Privacy Scorecard Report undertook evaluations of 48 companies across Uganda, Kenya, Mauritius, and Zimbabwe. Disturbingly, the findings revealed persistent hurdles, with overall compliance falling short of the 50% mark in all three evaluations: 35% (2021), 45.5% (2022), and 47.3% (2023). While improvements were noted in areas such as transparent policies and informed consent, the report emphasized disconcerting disparities and inadequate adherence in the domains of data collection and third-party data transfers.

One of the notable observations was the prevalence of a misconception among data subjects – the belief that the mere presence of a privacy policy ensures their data won’t be shared with third parties. The report categorically dispelled this myth, highlighting that some privacy policies are crafted to shield data collectors from liability rather than ensuring privacy for the data subjects. In essence, certain purported privacy policies have metamorphosed into what the report aptly terms “anti-privacy policies.”

The dissemination event, attended by key figures such as Mr. Baker Birikujja, the Manager of Licensing and Compliance at the Personal Data Protection Office, and representatives from assessed companies including MTN, Jumia, Pride Microfinance, Jiji, NIRA-Uganda, and the Directorate of Citizenship and Immigration Control, showcased the importance and significance of the Privacy Scorecard Report.

By providing objective measurements for analyzing the policies and practices of major data collectors, the Privacy Scorecard Report serves as a vital tool in curbing the potential abuse of user data. It not only raises awareness about the current state of data protection but also aims to catalyze widespread changes in the policies of private and public data collectors. Ultimately, the goal is to safeguard citizens’ digital lives, ensuring they are not subject to manipulation and upholding human rights and dignity.