In Kenya, which has a large and fast growing population of internet users, there are no specific laws or regulations to protect the privacy of those individuals.
Kenya is not alone in Africa, which as a region has clocked the world’s fastest growth in internet use over the past decade. Unlike in Europe and the United States, where data-privacy laws provide a level of protection to consumers, many Africans have little or no recourse if a data breach occurs because often legal and regulatory safeguards don’t exist.
Recent revelations about British analytics firm Cambridge Analytica, which Facebook says improperly accessed personal data of about 50 million of the social networks users in the 2016 U.S. presidential election, have also touched the African continent.
Cambridge Analytica or its parent company SCL Group worked on the 2013 and 2017 campaigns of Kenya’s President Uhuru Kenyatta. The company was also hired to support the failed re-election bid of then-president Goodluck Jonathan of Nigeria in 2015, according to Britain’s Guardian newspaper.
A spokesman for the Nigerian president said on Monday that the country’s government will investigate allegations of improper involvement by Cambridge Analytica in the 2007 and 2015 elections.
Kenya’s ruling Jubilee party told Reuters that it had hired SCL for “branding” in the 2017 presidential election but did not elaborate on the precise nature of the work.
Cambridge Analytica didn’t respond to a request for comment. The company has suspended its chief executive pending what it said would be a full, independent investigation.
LIMITED PROTECTION
Growth of internet use in Africa, a continent of 1 billion people, has been fueled by rapidly expanding mobile broadband networks and ever more affordable phones.
That presents a major growth opportunity for internet companies such as Facebook, which currently sees some 123 million people across sub-Saharan Africa accessing its social network platform monthly.
While some governments on the continent have responded to these rapid changes – rights campaigners welcomed a data-protection law passed by South Africa 2013 – many have not.
Privacy advocacy groups say that is leaving a lot of Africans, many of whom are accessing the internet for the first time, with little or no protection.
More than half of Africa’s 54 countries have no data protection or privacy laws, according to London-based rights group Article 19. And, of the 14 countries that do, nine have no regulators to enforce them, the group says.
In Kenya, a country of 44 million people with some 8.5 million using Facebook on a monthly basis, specialists say no specific data-protection laws exist. The government has said it is drafting a data protection bill.
But even some data-privacy bills that have been introduced in African parliaments have been held up for years.
In Nigeria, the African country with the most internet users, a data-protection bill that was introduced in 2010 is still making its way through parliament.
The proposed Nigerian legislation, which is being reviewed by the upper house of parliament, would prohibit the processing of data for purposes other than their original intended use and companies could be fined for breaches of personal information.
But digital-rights campaigners question whether law enforcement agencies and the judiciary would be equipped to enforce the Nigerian legislation if it was passed.
A spokesman for Nigeria’s communications ministry declined to comment.
Data privacy groups say that many African governments have a vested interest in not introducing such laws because they use citizens’ data for their own ends – whether for political campaigns, as in Kenya, or for suppressing political dissent, as rights groups allege that the government in Tanzania has done since passing a cyber crime law in 2015.
A spokesman for the Tanzanian government said that authorities issued new regulations last month that, among other things, prevent the national communications regulator from disclosing personal data of web users.
PERSONAL DATA
Privacy advocates say another issue impacting data protection in Africa is that some companies, including Facebook, have introduced stripped-down versions of their own platforms and some other websites for no fee in exchange for users providing some data.
From users of its Free Basics service, Facebook collects certain information such as when the service was accessed, what type of device they are using and the mobile operator used, according to the company’s website. “We may also share such usage information with the providers of third-party services,” Facebook said.
Privacy advocacy groups say some Free Basics users, who may be getting online for the first time, may have little or no understanding of what information is being collected from them.
Facebook, which says its Free Basics service is available in 27 African countries, said users can “choose to delete their information associated with their use of Free Basics, and may do so by contacting us.”
Though some Africans access the internet via a no-fee service like Facebook’s Free Basics, many of those who have the ability to pay for mobile phone data still use the platform more than any other site on the internet, said Nanjira Sambuli, who heads the World Wide Web Foundation’s office in Kenya.
“Facebook is the Internet for many people in Africa,” Sambuli said.
While specialists say public awareness about the importance of data protection in Africa is far less than in the United States and Europe, there are signs of growing concern.
Phumzile van Damme, a South African politician from the opposition Democratic Alliance, has raised concerns about what she termed the “digital dark arts” being used to manipulate voters ahead of the country’s elections scheduled for next year.
Writing on Twitter on March 25, van Damme said she had been studying the lessons of the 2016 U.S. election and reading reports of the involvement of private firms including Cambridge Analytica in “manipulating” voters using their data in recent African elections.
She said that she hoped South Africa’s communications regulator had been doing the same.
“Regulation always lags behind technological developments,” she said.
For some, concerns about the amount of personal information Facebook collects are weighed against the access to others that the social network provides.
“Is it time to say goodbye to Facebook?” asked the headline of a column published last month by The Standard, a Kenyan daily.
The columnist wrote that his concern over Facebook holding the “power” of its users’ data – from what a user does on the platform to his or her activities on linked apps and other sites – had led him to leave Facebook repeatedly over the last two years.
But, he added: “My leaving has however never lasted more than a day.”