In April 2021, ARTICLE 19 Eastern Africa, the Kenya ICT Action Network (KICTANet), and Pollicy published this report and documentaries that reviews the national legal frameworks and practices that have enabled an extraordinary surveillance environment during the first year of the coronavirus pandemic in Kenya and Uganda. They document and raises awareness about government and private sector surveillance measures and practices in both countries during this period and their human rights implications.
The report notes that addressing the coronavirus pandemic has required effective responses by governments, private actors, and the international community generally, including tracking the infection rates and preventing the spread of the coronavirus disease. While digital technologies can assist in the delivery of such responses, surveillance technologies raise significant risks for human rights, including the rights to privacy, data protection, freedom of expression, and access to information. It also found that tackling the COVID-19 public health crisis in Kenya and Uganda was not matched with a prioritisation of human rights protections. In both countries, the surveillance environment expanded against a backdrop of weak accountability and transparency and the non- proactive disclosure of information about both governmentsâ€™ responses to the pandemic.
The following key trends were observed in Kenya and Uganda:
- The surveillance measures and practices adopted to contain the COVID-19 pandemic, including coronavirus applications (apps), did not comply with the three-part test under international law and national laws guaranteeing the rights to privacy, data protection, freedom of expression, and access to information.
- Data protection authorities are not independent, and they lack the functional and operational capacity to oversee surveillance measures and practices to contain the COVID-19 pandemic.
- State actors and private entities have collected, processed, and shared personal data, including sensitive health data, in breach of data protection principles and safeguards in national data protection laws. In particular, they failed to integrate data protection principles, including purpose limitation, data minimisation, data retention, and prior and informed consent, into the design, development, and deployment of technologies, products, and services to tackle the COVID-19 pandemic.
- Despite reports of close collaboration between state agencies and private actors to deploy digital technologies as part of pandemic measures, there is no transparency about these partnerships. While there have been press reports detailing collaboration on digital contact tracing initiatives, there is no publicly accessible information about publicâ€“ private contracts, data sharing agreements, architecture of the technologies, budgetary allocations, or procurement processes of these pandemic surveillance technologies.
We hope the report and documentaries will be a useful resource for government policymakers and agencies, the private sector, activists, journalists, and human rights organisations in Kenya and Uganda, in their work towards promoting the rights to privacy, data protection, freedom of expression, and access to information.