If You Collect it, You must Protect it!
Data collection and processing has been a major concern for the information age where a lot of data is being generated and processed by state and non-state actors. Our interconnected world has become even more pervasive, ubiquitous and prominent. As personal data has taken an increasing role in all of our lives and our lives translate ever more into electronic media and data, the questions of who collects that data, what it is used for, who it is shared with and what rights we have over that data are as fundamental to us as any other human right.
In 2019, Uganda enacted the Data Protection and Privacy Act 2019 to regulate the processing of personal data by both public and private entities with the aim of protecting people and their data from various risks that could result into not only infringements of the right to privacy but also other rights such as property rights with varying consequences.
In this era of unprecedented data collection and digital surveillance, the data retained by state agencies, stored on our cell phones, laptops, and especially our online services is a magnet for government and companies to profile us, exert power and make profits.
Data collectors/processors are required to be transparent about access to and use of personal data, and to respect our right to privacy and dignity at all times as stipulated in the data protection law. And some companies are increasingly meeting those expectations, but there are still many companies that lag behind, fail to enact best practices around transparency, or don’t prioritize user privacy and dignity.
Unwanted Witness in collaboration with Ministry of Information and Communications Technology have therefore introduced the inaugural Privacy Scorecard that seeks to encourage data collectors/processors adopt data protection best practices, as well as empower citizens in Uganda to demand for information pertaining to how their personal data is collected, what it is used for and who it is disclosed to. At the same time recognise data collectors/processors that have complied with data protection laws and best practices.
The Privacy Scorecard is a monitoring tool used to provide Ugandans with critical information on how different data collectors/processors comply with the Data Protection and privacy Act, 2019 as well as the principles and standards of data protection, to empower data subjects to have control over their personal data and make informed choices.
The scorecard focuses on the law, corporate policies and practices. It will turn a spotlight on how the policies of private and public sectors either advance or hinder the privacy rights of users and it will recognize those companies or government agencies that buttress and ensure data protection and privacy best practices. The idea is to protect data privacy rights of individuals by ensuring that data collector/processors bring more transparency and accountability to how they use and divulge people’s data.
The role of The Privacy Scorecard is to provide objective measurements for analysing the policies and practices of major data collectors when it comes to handling data. We focus on a handful of specific, measurable criteria that can act as a vital stopgap against unfettered abuse of user data. Through this scorecard, we hope to galvanize widespread changes in the policies of private and public data collectors to ensure that citizen’s digital lives are not subject to manipulation, hence safeguarding human rights and dignity.
a. Compliant with privacy best practices.
b. Gives information to data subject before collection of data.
c. Disclosure of user’s data.
d. Practice Robust Data Security.
e. Practice Minimal Data Collection.
Categories or Sectors
a. Financial Services
b. Insurance Services
c. Social Security
f. Government Agencies.
g. Recruitment Agencies