As colleagues recently put it in a blog post reflecting on the progress of the #RestoreDataRights project (RDR) project, “there’s no “post-Covid”, just a new normal.” Between us at Open Institute and DataReady, we are currently reflecting not just on what we’ve done to date operationally with RDR – the subject matter of the blog linked above – but also what issues remain unresolved when it comes to data rights in Africa in this ‘new normal’.
What are the lessons that we can draw from our recently published research exploring the steps governments have/have not taken to ensure responsible data governance in Kenya, Nigeria and Ghana? What are the continent-wide trends that require regional cooperation? How do we, as civil society that sits at the nexus of sustainable development and digital rights, contribute to these cooperative efforts at a regional level?
To start to answer these questions, we’ve been reflecting on the #RestoreDataRights Declaration, a manifesto that sets out a vision for what transparent, inclusive/participatory and accountable data governance should look like. We believe that the substantive points of the Declaration are as relevant as they were when first written and still provide a helpful analytical framework to think about African data governance needs in the new normal.
With this in mind, we’ve structured our reflections below around the the Declaration’s three pillars of transparency, inclusion and accountability, backing-up our views with insights from our research, anecdotal evidence compiled from responses to a brief survey that we shared with civil society colleagues in Kenya and also Nigeria with support from Paradigm Initiative towards the end of 2021, and insights from the discussion on data governance that we hosted as part of the Buntwani Open Summit 2021.
Transparency
Across the three countries that we examined in most detail – Kenya, Nigeria and Ghana – our research found that generally speaking, many governments have made sincere attempts to be transparent about much data relating to the pandemic. Kenya, Nigeria and Ghana all did, and do, publicly disclose substantive data and information pertaining to COVID-19.
In particular, data on case numbers, their location and severity, mortality rates and the like were made public.
What is less clear from our research is the level of transparency that governments provide about whether or not things like data sharing agreements have been put in place between stakeholders involved in the collection and use of personal data. If agreements are in place, it does not appear that they have been made public. In the survey that we shared with a select group of civil society partners in Kenya and Nigeria, the effect of the lack of transparency in this regard became evident. Several respondents raised concerns about data collected as part of the COVID-19 response being collected or shared with private sector companies that might use the information in ways that were not envisaged when it was initially collected. Transparency in this regard therefore plays an important role in helping ensure that citizens have trust that information about them will be used responsibly, in line with their rights.
Inclusion/Participation
Across all countries we studied, another trend that emerged was that there appears to have been very little consideration given by governments to how they might include or consult with the voices of civil society in decision-making. This is especially true in decisions about how personal data collected and used as part of the COVID-19 response should be responsibly handled.
Failure to include civil society in decision-making about such sensitive issues can detrimentally impact on how citizens view the government, and by extension it can undermine their trust in the government as a responsible data steward. It can also create or perpetuate policy blind spots, for instance around how data about marginalized or vulnerable groups are collected or used.
Accountability
Concerningly, the largest gaps (in publicly available documentation at least) related to information relating to accountability. Very little, if any, information was publicly available in any country we researched about issues such as whether personal data collected for epidemiological or
medical purposes would be shared with others (and if so under what conditions), what access to due process and redress citizens might have if it transpired that COVID-19 related data about them was unlawfully breached or misused, or what steps would be taken to wind-down and sunset emergency data collection measures at the end of the pandemic.
The absence of accountability over how data are collected, used and shared during a crisis such a pandemic, where governments have a wide remit to collect lots of personal data, has a real and detrimental impact on trust in governments as reliable data stewards. For example, every single civil society respondent to the survey we ran in Kenya and Nigeria believed that the government had not provided adequate information about what data it was collecting about people and how it was using it. Moreover, no respondents thought that there were adequate processes in place to ensure accountability if there did happen to be a data breach or some other abuse of power relating to how personal data were used or shared.
Reflections
So what do these insights tell us about the bigger picture of data governance in Africa in the new normal?
Firstly, they tell us that data governance, now more than ever, is here to stay. In a recent blog, Sarah Lucas, a former Program Officer at the Hewlett Foundation, called data governance “the second wave of the data revolution.” In our experience, thanks to COVID-19, this is very much the case. Throughout the pandemic, we have witnessed the extraordinary power that data can have to drive both scientific and medical breakthroughs, but also enable massive corporate and state-sponsored surveillance. These are issues that will not be resolved overnight, but will require sustained engagement and local solutions to be found.
Secondly, we have learned that several of Africa’s major economies share similar gaps – in inclusion and accountability in particular – when it comes to data governance. In our minds, this points to a need for closer regional cooperation to find African solutions for the African context. As the late Professor Benno Ndulu put it in a blog post together with Pam Dixon of the World Privacy Forum and Michael Pisa from the Center for Global Development, “global debates about data governance standards have primarily reflected the priorities and needs of rich countries, with less wealthy countries left in the role of “standards takers.”” This needs to change.
This point is further strengthened by research undertaken by the Africa Digital Rights Hub (ADRH) in Ghana on the readiness of several African countries as future digital economies within the African Continental Free Trade Area (AfCFTA). Their research echoes our findings and in its Executive Summary states:
“[…] The potential for a transformative digital economic revolution may be held back by limited capacities and gaps in policy and legal frameworks, as well as weaknesses in the regulatory infrastructures. For the opportunity of the AfCFTA to be realized, there is a need for coherence in approaches to legal and policy frameworks, and in regulation.”
“The report further notes that despite the proliferation of ICT-related value chains, data protection is still in its infancy on the continent. There is a real danger that without the requisite measures and legal requirements being in place, cyber security breaches can derail the steady growth of the digital economy, particularly if the already fragile market loses trust in digital tools.”
The AfCFTA offers a huge opportunity for Africa to improve its standing in the world, economically, industrially and even socially. The pillars of the eventual result of its efforts are telling, including free movement across African countries for Africans, a Single Air Transport system, a unified Customs Union, a harmonised labour migration programme and a unified commodities strategy. This grand initiative portends an even more crucial need for a robust and transparent data governance system across the continent.
In our view, the AfCFTA offers an, as yet unrealised, opportunity for civil society coalitions to advocate for more transparent, inclusive/participatory and accountable African data governance.
Finally, we are more convinced than ever that the route to responsible data use in Africa is through collaboration and cooperation. At Open Institute in particular, we pride ourselves in being development ‘insiders’ who work with decision-makers to improve outcomes, while also retaining our independence. Within the field of data governance, we see ourselves as continuing to work at the nexus of the Data Revolution for Sustainable Development and digital rights in Africa. We will continue to primarily work with sub-national and national level decision-makers, institutions, citizens groups, and citizens themselves to improve knowledge and understanding. At a regional level, given the insights from our research above, we hope to deepen our relationship with partner groups in Nigeria and Ghana and continent-wide initiatives with which we have joint objectives.
This blog was jointly written by Al Kags (Open Institute) & Tom Orrell (DataReady)