President Museveni has signed the Data Protection and Privacy Act bill, officially making it law. The bill was tabled and discussed in parliament in December 2018 and assented to on 25th February 2019. The law aims to ‘provide the much-needed protection for personal identifiable information which is key in this digital age. It provides important safeguards that will protect Ugandan citizens as they use online services’, according to the National Information Technology Authority, Uganda (NITA-U).
Kenya is yet to put a data protection law in place, this being one of the contentious issues that led a human rights group to take the Kenya government to court over the controversial Huduma Namba. The Kenya Data Protection Bill 2018 is still under review having been proposed to the Senate in June August 2018. Such a law protects private information held by third parties such as commercial companies and some government agencies. When it comes into effect, it would require the institutions to seek permission first before collecting, processing or storing your personal data.
Internet and telco companies have access to private data from millions of consumers in Uganda. In a report released by the Unwanted Witness lobby group, the Ugandan government would previously access such information on the strength of the Anti-Terrorism Bill (2002), the Interception of Communication Act (2010), and The Uganda Communications Commission Amendment Act 2016. This meant infringement on the privacy rights of citizens.
The Kenyan Data Protection Act, 2018 presented by Senator Gideon Moi is expected to compel anyone collecting private data to reveal the type of data being collected, reasons for collection, and how long the data will be stored.