26/11/21

Companies struggling with consumer data protection

Data protection
Companies working in Africa score poorly in consumer data protection. Copyright: Image by Pete Linforth from Pixabay

Speed read

  • Report analysed 32 companies operating in Uganda and other nations for consumer data protection
  • The companies performed poorly, with those in the health sector being worst offenders
  • African governments need vibrant tools to counter consumer data breaches, says an expert

Send to a friend

The details you provide on this page will not be used to send unsolicited email, and will not be sold to a 3rd party. See privacy policy.

[NAIROBI] Many companies operating in Uganda and other African countries are not adequately keeping data safe, putting consumers at risk of identity theft and social harm, a report says.

The report, which is based on the analysis of 32 organisations that work in Uganda and operate in other African countries including Burkina Faso, Ghana, Kenya, Malawi, Nigeria and South Africa, identifies the lack of consistency across the countries and in accountability in collecting consumers’ data.

“All companies scored poorly on transparency when it comes to disclosing information about sharing data with third parties such as government bodies and law enforcement agencies,” says Allan Sempala Kigozi, head of programmes for Unwanted Witness, a civil society organisation that released the report earlier this month. “Health services and social security recorded the lowest performance for robust data security, risking the lives of users.”

“All companies scored poorly on transparency when it comes to disclosing information about sharing data with third parties.”

Allan Sempala Kigozi, Unwanted Witness

Researchers analysed data safeguard issues of 32 organisations working in Uganda in seven sectors —social security, e-commerce, finance, insurance, telecommunications, government and health — and compared their practices in other African countries.

According to the Privacy Scorecard report, the overall performance index score was just 35 per cent, with 66 per cent of the organisations practicing robust data security, 54 per cent complying with privacy best practices, and only 19 per cent mentioning third parties with whom personal data is shared.

“Social security, and companies within the retailing or e-commerce sectors uphold the highest data protection standards. Financial and telecoms have fair data protection practice, though the scale of practice is below expectations,” the report explains. “Government agencies and insurance companies are on the tipping edge to vulnerability, while health facilities exhibit worst levels of vulnerability in compliance to data protection standards.”

The study found privacy policy inconsistences across African countries, Kigozi adds. For instance, MTN South Africa has a detailed privacy policy, mentioning seven data subject rights but the same company has a privacy policy in Uganda with only two rights mentioned.

Many of the organisations assessed have trackers on their websites that send data to companies involved in online advertising.

“Privacy standards and best practices that protect consumers’ personal data are important and companies and organisations must state the reasons they are using the consumers’ personal data,” says Kigozi.

Kigozi calls on companies and organisations to seek consent from consumers before collecting, storing and processing of personal data, adding that if there is a personal data breach, consumers need to be notified without undue delay.

“Consumer protection does not only safeguard the data privacy rights and dignity of users but build trust which is critical for the growth of any business,” Kigozi tells SciDev.Net.

According to the report, most African countries with data protection legislations lack independent data protection authorities meant to enforce legal compliance. This, coupled with low data privacy awareness among the African citizens, is exploited by private companies for benefits and governments for power and control, Kigozi says.

“The Privacy Scorecard report provides a basis for citizens and privacy advocates in Africa to demand for legal safeguards from different data collectors, ensuring that the continent is not a testing ground for surveillance technologies and data brokers.” Kigozi explains.

Data protection regulators across Africa need to pay critical attention to the findings of the report because of their key role of enforcing compliance and protecting people.

Joshua Patrick Ogembo, chief executive officer, Mirror Ethics East Africa, say that weak regulatory authorities fuel data breaches in Africa.

“The technical know-how of the developers of such data gathering tools outweighs most citizens’ literacy level to question any breaches,” Ogembo tells SciDev.Net.

The cost of maintenance of such all-round data seems unmanageable for most struggling nations that also have weak monitoring systems, creating opportunities for hackers and cyber security breaches, he explains.

“Data protection laws are well framed.  However, challenge comes with implementation in the event of data abuse,” says Ogembo. “The dynamic around technology advancement by the tech giant companies will require equally vibrant monitoring tools by governments to counter data abuse.”

This piece was produced by SciDev.Net’s Sub-Saharan Africa English desk.