IGF 2020 WS #256 Repurposing privacy protections for Africa

Thematic Track

Organizer 1: Gabriella Razzano, Research ICT Africa
Organizer 2: Anri van der Spuy, IGF
Organizer 3: Alison Gillwald, Research ICT Africa/Univeristy of Cape Town

Speaker 1: Linnet Taylor, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Gabriella Razzano, Civil Society, African Group
Speaker 3: Grace Mutung'u, Civil Society, African Group

Moderator

Gabriella Razzano, Civil Society, African Group

Online Moderator

Anri van der Spuy, Intergovernmental Organization, Western European and Others Group (WEOG)

Rapporteur

Alison Gillwald, Civil Society, African Group

Format

Birds of a Feather - Classroom - 60 Min

Policy Question(s)

What options for legal protection are available in countries that lack specific data protection regimes (e.g., administrative law or consumer protection law)? How do we balance the public good benefits of personal data sharing and open data with privacy priorities (for example, in the context of public health data and COVID-19)? What are the particular vulnerabilities of marginal Internet users and low income groups in relation to data privacy?

Challenges to be discussed include: What options for legal protection are available in countries that lack specific data protection regimes (e.g., administrative law or consumer protection law)? How do we balance the public good benefits of personal data sharing and open data with privacy priorities (for example, in the context of public health data and COVID-19)? What are the particular vulnerabilities of marginal Internet users and low income groups in relation to data privacy? Opportunities to be discussed include: Privacy and equality by design; Data trusts and other forms of custodian models; and Class action suits and alternative remedies for contraventions.

SDGs

GOAL 9: Industry, Innovation and Infrastructure
GOAL 10: Reduced Inequalities
GOAL 16: Peace, Justice and Strong Institutions

Description:

As access to the Internet grows (albeit slowly in some regions), the amount of data that is produced and transferred is also growing. As we work on bridging digital divides and connecting more people, we therefore also have to work on putting the right governance frameworks in place to protect them and uphold their rights once they are able to connect. In most African contexts, however, the ways in which we opt to govern data extraction processes tend to neglect lived African experiences, whilst prioritising governance frameworks developed elsewhere. Domesticated data protection regimes are spreading across the African continent, many of which are significantly influenced by the EU General Data Protection Regulations (currently, 32 African countries have data protection laws, with an additional 5 currently being drafted). The efficacy of standard data protection laws have been questioned, as they focus on individualised forms of protection such as notice and consent (which extends to recourse opportunities, too). In addition, these protections are even more strained in their utility amongst vulnerable groups, which include marginal Internet users. In Africa, strong regional frameworks exist in relation to human rights more broadly, for instance the African Charter on Human and People’s Rights, and the African Declaration of Principles on Freedom of Expression and Access to Information in Africa. These have contributed significantly to the third generation of human rights discussions on collective rights. And it is the nature of communal rights, which also contributed to public and communal benefits of both data access and data protection, that could be extended to consider more context-specific solutions to data privacy. These frameworks provide a useful basis for underscoring governance regimes of data, but can also be used as a normative foundation for exploring alternative solutions to current data protection regimes within the region. This is necessary as the regional context offers some unique lived realities for citizen data protection that did not inform European and American data protection design. In Africa, public sector collection of citizen data is significant (especially in the context of growing calls around Digital ID and other citizen identity programmes). And in relations between the state and citizens, particularly where social provision is at stake, marked incentives are visible that render the ability to consent superfluous (not least of all because many state-centred data collection activities can be outside data protection regimes, or might occur in regional contexts without specific data protection laws). In this session, we adopt a collaborative, multi stakeholder approach and aim to first set the scene by discussing prevailing conditions, before evaluating possible practical solutions to some of these challenges. The proposed Agenda is thus: a) Introductory discussion of context by speakers (10 minutes), b) Define regional singularities (20 minutes), c) Ideate practical interventions on data protection for vulnerable groups (20 minutes), and d) Discussing practical next steps for action (10 minutes).

Expected Outcomes

In addition to a workshop report, blog (to be published by Research ICT Africa), and the creation of a Google Group to facilitate future discussions, the discussions will feed into a process to develop a model law on data governance for the Southern African Development Community (SADC) (a process being facilitated by Research ICT Africa in conjunction with the SADC Parliamentary Forum).

Borrowing techniques from unconferencing, the ‘agenda outline’ for each agenda item will be sourced from pre-registered attendees (but prior to the session). Speakers will each be given a two-minute spot talk introduction to inspire discussions, which precedes the rest of the agenda items. While the management for online participation will be designed once confirmation is received about whether or not the IGF will be hosted online, it will continue to occur onsite in Poland the organisers will train an online moderator who will assume responsibility for giving attendees online a specific and designated form of participation.

Relevance to Internet Governance: As access to the Internet grows (albeit slowly in some regions), the amount of data that is produced also grows. As we work on bridging digital divides and connecting more people (a fundamental Internet governance issue), we therefore also have to work on putting the right governance frameworks in place to protect them and uphold their rights once they are able to connect. Privacy and data protection are significant Internet governance issues. Especially given cross-border data flows, collaborative and cohesive Internet governance regimes become necessary components for ensuring actual data protection domestically.

Relevance to Theme: This workshop will deal with governance dimensions of data in considering what models can work effectively in different African contexts, with a strong focus on practical applications of governance solutions. The session will contribute to creating African-centred discourses on data protection - a conversation traditionally dominated by either European or American perspectives currently. It will therefore play a significant role in supporting more equal participation in evolving discussions about the governance of the Internet and its critical resources, outputs and products (e.g., data and its governance).

Online Participation

 

Usage of IGF Official Tool. Additional Tools proposed: Social Tools: We plan on posing the policy questions on Twitter, Facebook and other social media (if appropriate) to encourage a Twitter debate at the same time as the session, using the official IGF hashtag for 2020.