The unbridled collection and retention of personal data in Uganda’s telecommunication sector began in 2013 with the mandatory SIM Card registration process. Same data was later merged with data that was collected under the National Identity Card system in early 2018. These processes deposited large volumes of subscribers’ personal data in the custody of private telecom companies without clear national data protection mechanisms.

Recent research report by Unwanted Witness Uganda indicates that while all the four telecom giants in the country are retaining personal data for millions of citizens, the companies lack enforceable internal privacy policies and they admit to sharing of personal data with different government agencies whenever requested. The report titled, Your Communication and Personal Data is not Safe Anymore, indicates how the weak policies and terms of service are being exploited to compromise data privacy and curtail freedom of expression of Ugandans.

Data exploitation is being promoted as a way for government to control citizens through technology capsizing the concept of the internet as an engine for human liberation.

The four telecommunication giants MTN, Africell, Airtel and Uganda Telecommunication Limited (UTL) failed to meet the United Nations Guiding Principles on business and human rights.

   “Of the 4 companies assessed, none had neither resisted any government request customers’ data nor informed customers about the requests.”

State’s role in data privacy and freedom of expression.

The government holds the primary responsibility to ensure that telecommunication companies do not exploit their customers but over the years, subsequent legislation has encroached on people’s freedoms of expression such as the Anti-Terrorism Act, 2002 and the Regulation of Interception of Communications Act, 2010 which allow the state access to private data which may be exchanged under the pretext of National security. But what does this mean for privacy of personal data? While these companies operate within the jurisdiction of the law, the question of how they are supposed to protect their customers when the laws are fragmented and not strong enough to keep user’s personal data safe remains unanswered.

Uganda Human Rights Commission speaks out

While launching the report, Uganda Human Rights Commission’s Director regional services Wilfred Asiimwe condemned connivance between internet service providers and the regulator, Uganda Communications Commission (UCC) to shutdown the internet based platforms.

He said authoritarian governments intercept information flow in order to crackdown dissenting views.

A panel discussion comprised of representatives from academia, civil society and legislature raised a number of concerns regarding data safety, privacy and responsibility as data is globally shared and threats to its privacy are increasingly intercontinental. Dr. Amina Zawedde urged the public to see the bigger picture of how data has been used to improve service delivery and to use the internet respectfully. Silver Kayondo, Innovations lawyer, expressed the need for data insurance and more transparent terms of use for telecom services. While data is not constrained to a given geographical area, it is important to determine who is in responsible for roaming data, said Hon. John Lubyayi. While the responsibility for data protection falls on the state and telecom companies, general consensus from the discussion urged users of these services to remain vigilant in exercising safety while transferring data and utilising online services.