Kenya and Uganda Told to End ‘Repressive Surveillance Practices’ Against Citizens

Surveillance, Data Protection and Freedom of Expression in Kenya and Uganda During COVID-19, examines how surveillance has increased drastically in Kenya and Uganda during the COVID-19 pandemic, with a detrimental impact on people’s rights to privacy, data protection, freedom of expression and access to information.

ARTICLE 19 Eastern Africa, the Kenya ICT Action Network (KICTANet) and Pollicy on Wednesday slammed Uganda and Kenya for human rights violations and abuses against their citizens in the wake of the coronavirus pandemic in 2020. 

In a joint statement, the rights to privacy, data protection and freedom of expression were interfered with, infringed upon and violated in both countries,

This was in reference to their newly launched report “Surveillance, Data Protection and Freedom of Expression in Kenya and Uganda during COVID-19,” which examines government and private sector surveillance measures and practices during the first year of the coronavirus pandemic (March 2020 – March 2021), and their human rights implications in Kenya and Uganda. 

The organisations also underlined an urgent need for the Kenya and Uganda governments to protect, promote and fulfil their citizens’ rights to privacy, data protection and freedom of expression, especially during the coronavirus pandemic.

“The pandemic must not be used as an excuse to normalise data collection, or for unsupervised intrusion and control over people. Specifically, surveillance measures, even during periods of crisis, must conform to the requirements of legality, legitimacy, necessity and proportionality as provided under international human rights law.”

Key Trends: 

According to the report, the following key trends we observed in Kenya and Uganda:

The surveillance measures and practices adopted to contain the coronavirus pandemic, including coronavirus track and trace applications, do not comply with the requirements of legality, necessity and proportionality under international law and national laws guaranteeing the rights to privacy, data protection, freedom of expression and access to information.  

Data protection authorities are not independent and lack the functional and operational capacity to oversee surveillance measures and practices to contain the coronavirus pandemic.

State actors and private entities have collected, processed and shared personal data, including sensitive health data, in breach of data protection principles and safeguards in national data protection laws. In particular, they failed to integrate data protection principles including the purpose limitation, data minimisation, data retention, and prior and informed consent, in the design, development and deployment of technologies, products and services to tackle the coronavirus pandemic.

Despite reports of close collaboration between state agencies and private actors to deploy digital technologies as part of pandemic measures, there is no transparency about these partnerships. While there have been press reports detailing collaboration on digital contact tracing initiatives, there is no publicly accessible information about public-private contracts, data sharing agreements, the architecture of the technologies, budgetary allocations or procurement processes of these pandemic surveillance technologies.