Should public worry about privacy of data?

Wednesday January 8 2020


Lobbyists are concerned about the process of collection, handling and sharing of personal data and risks of illegal surveillance through the use of CCTV. PHOTO | FILE  

More by this Author

Government needs to enact a stronger private data protection policy as it embraces more digital solutions that require that it collects more private information.

Currently, collection, handling and sharing of public information continues to divide opinion as government taps ICT solutions in almost every sector.

To ensure public safety, the government earlier this year put up closed-circuit TV cameras all around the main roads of the city of Kigali.

According to the Rwanda Information Society Authority and the national police which are in charge of implementing this policy, the use of CCTVs will significantly boost security by establishing a robust mechanism of deterring, preventing and detecting crime.

Inspector-General of Police, Dan Munyuza, recently told the media that the instalment of cameras networks across the country is a presidential directive to ensure security of the general public.

“They not only capture motorized traffic speed, monitor violations of road traffic regulations and there are those that run number plate recognition and relay the same in real time to the command post at police headquarters,” said Mr Munyuza.


He added that emphasis will be made to identify accident hotspots. Dedicated network Closed-circuit television (CCTV) is a video surveillance-type camera network that enables surveillance by transmitting signals only to the screens that are directly connected to it.

Apart from the CCTV networks in Kigali, the government has started enforcing “traffic radars” on the highways connecting the capital with neighbouring countries since May last year, police say.

These include Kigali-Kagitumba as you connect to the Kagitumba border with Uganda, Kigali-Rusumo on your way to Tanzania, the Kigali-Nyamata- Nemba connecting with Burundi, the Kigali-Muhanga-Huye-Rusizi going in the south-west border with Democratic Republic of Congo and Kigali- Musanze as you connect with DR Congo in the north-west.

Rwanda National Police, which is now under the docket of the newly reintroduced Ministry of Internal Security indicates that the CCTV data is collected through a dedicated private network which cannot be accessible over public Internet sites.

Illegal surveillance

“The storage of this data is regulated by internal standard operating procedures of the Rwanda national police and the use of relevant tools to secure the IT environment,” Jean Bosco Kabera, the Police spokesperson told Rwanda Today in a WhatsApp message.

The collected information is being safeguarded under Rwanda’s law governing information and communication technologies. However, lobbyists are concerned about the process of collection, handling and sharing of personal data and risks of illegal surveillance through the use of CCTV.

In this context of the introduction of cutting-edge digital surveillance technolog, coupled with the massive development of the digital economy in both the public and private sector requires the need to have a comprehensive data protection legal framework in place, to protect and promote the right to privacy.

According to the 2019 State of the Internet Freedom in Africa Report on the “surveillance state” across  the continent, mass surveillance gained notoriety at the turn of the decade, after the infamous Arab Spring that swept across North Africa in 2011, allegedly amplified by dissident voices on social media.

Cambridge Analytica

The report indicates that since then, a number of countries such as Tanzania, Uganda, Ethiopia, Botswana, and Rwanda have started improving their surveillance capabilities through the procurement of advanced spyware.

An analysis of the law governing ICT that was recently carried out by Article 19, a British human rights organisation, found that the new law did not outline restrictions on data handling and sharing by government and corporations rather purporting to provide a regulatory framework, in which it fails to comply with international human rights standards.

“The law grants sweeping search and surveillance powers to regulators without judicial or independent oversight and provides broad authority to shut down communications and Internet use,” the analysis reads apart.

Data collection in the wake of data scandals such as Cambridge Analytica and the 2018 Google data breach have culminated to public scepticism in way of data collected and processed.

"A great responsibility is placed on the state to protecting the privacy of citizens by implementing more comprehensive guidelines preventing government and corporations from overstepping their boundaries by articulating the rights and freedoms of people in digital spaces, meaning data subjects can request information about why and how their data is processed,” a Kigali based-cyber security expert said on condition unanimity.

Experts indicate that although the article 23 of the constitution of Rwanda of 2003 (revised in 2015), reaffirms the respect for privacy, the right has yet to be operationalised. The existing ICT laws and regulations only recognise so far the user consent and opt-in mechanisms.

Cashless transactions

Kenya is so far the only country in East Africa that has enacted a comprehensive data protection law. The Kenyan Act determines the need for any subject company to create a privacy policy that outlines why and how data is collected, its handling and sharing of personal information or data.

Rwanda is striving to benefit from the digital era with digitised public services with an online open portal like “Irembo”, cashless transactions, digitised citizens’ identity cards and passports.

Thus, as the scale and the scope of digital economy development accelerates, the demand for data is increasing. Further, in the context of the dearth of a comprehensive data framework, there is a heightened risk of data misuse.

Financially, figures from Rwanda Investigation Bureau revealed that throughout 2019, there were at least 113 cases of cybercrime particularly targeting personal data related to financial transactions. A figure that has doubled compared to the previous year of 2018.

Furthermore, based on the recent 2018 Africa Cybersecurity Report by Serianu Limited, the cost of theft of personal data in Africa was estimated at $3.5 billion, a rise from 2016.

Damaging technologies Experts indicate that the use of technology in public life should be centred on transparency and the rule of law. In particular, privacy and security as the pillars of trustworthy services that enhance the overall well-being of citizens.

“The development and the implementation of smart cities and the safety and security policies must be done responsibly, with full understanding and mitigation of their impact on the citizens’ right to privacy and other constitutional rights,” experts emphasised.

According to the experts, the Cambridge Analytica scandal has been proven on how damaging technologies can have a corrosive effect on privacy, the misappropriation of personal information can deny individuals their identity especially when data is collected without proper control or oversight.

In many countries, national privacy laws are increasingly being revised to strengthen the protection of personal data privacy and impose penalties for data breaches.

It is imperative for the Rwandan government to respond to public concerns around privacy with a robust legal framework for data protection that will enforce accountability towards the citizens over the use of their personal information by bodies or corporations that collect them.
Article by Leonce Muvunyi and Louis Gitinywa