AfriSIG2015: Policy and regulation that impacts internet-related human rights

Sandra Kambo, from AS&K Digital Communications, is a software and test engineer. She has practiced this role for the past five years in the decade she has been involved in ICT. One of the day to day challenges is managing the developers she works with for purposeful issue resolution.  Exciting bits of her career include self- tutoring on test automation as well as being selected as an emerging leader from Kenya to attend the US State department Techwomen program in 2014 to benefit from a professional mentorship in Silicon Valley. Sandra is interested in the quality assurance framework to help implementers of e-governance understand the processes required. She hopes AfriSIG2015 will help learn how this governance can be supported as well as better understand the processes required and issues involved. She plans to impart her learnings both at work and via STEM mentorship programs that she actively
participates in.

This blog is based on AfriSIG’s breakout session on Session 14: Policy and regulation that impacts on internet-related human rights.

On Day 3 of AfriSIG, Dr. David Souter delivered a lecture on policy and regulation that impacts internet-related human rights. The lecture highlighted the fact that the internet has in fact impacted rights widely and in particular freedom of expression, freedom of assembly as it is now, online as well as offline, and the sensitive right to privacy issue.

The lecture was followed by a break out session where participants were divided into groups based on their regional background. The East Africa region comprised of participants from the host country Ethiopia and from Kenya. The task was, define the terms data retention, internet intermediary liability, filtering and blocking, surveillance, interception and personal data protection. Based on our definitions, we were then required to identify human rights implications around each term and give examples of how the processes around these terms enable or limit rights in our country.

We defined data retention as archiving of information. In Kenya, there are laws around data retention  which according to the data protection bill 2013, the data is kept for the minimum duration that is required. In Ethiopia on the other hand, there is no data protection bill.

On internet intermediary liability, this refers to holding Internet Service Providers (ISPs) responsible for the content delivered via their infrastructure and enforce law online. In Kenya, there are several ISPs and the regulator can ask the providers to produce content on their network during a specific period. This is not a mandatory requirement  in Kenya .

In contrast, Ethiopia has one ISP and the responsibility of the ISP to regulate the content is not clearly defined.

Filtering and blocking is the blocking of identified internet services. It is done for various reasons. In Kenya, filtering is more so at an organizational and personal level such as a company blocking sites that take up too much bandwidth or reduce productivity in the workplace and a such no internet filtering/blocking framework for the government. In regards to Ethiopia, the information provided is not sufficient to relay how it works.

Surveillance and interception is the monitoring of digital content and ability to persecute if one is caught in possession of what is considered illegal material or information. In both countries, surveillance is carried out, again at different levels based on capacity and the law. In Kenya, the country’s information regulator, Communications Authority of Kenya, has publicly declared that it is indeed carrying out surveillance and this is in light to the heightened terror threat that the country has recently been exposed to. On the other hand as per the draft cyber crime law of the country, in Ethiopia, interception of data is allowed with the prior authorization of the court.

Finally, personal data protection is the right of an individual to keep their online data personal with no one else having wrong access to it. In both countries there are no distinct laws to protect personal data. It was noted that public rights pervade personal rights in this regard. There is a difficult line to draw in this regard and much of personal data protection is mostly seen on third party sites like social media sites.