Received 28 May 2016; accepted 19 August 2016; published 22 August 2016
In autumn 2005 I attended an introductory lecture for new master of law students at the Norwegian Research Centre for Computers and Law in Oslo, Norway. Professor Lee Bygrave asked a question which frequently appears in the data privacy discourse: whether in other cultures (African, Asian, etc.) other than the Western culture the concept or value to privacy exists. This question was my first self-homework and later part of my doctoral research. As time went on I realised that in that introductory lecture Bygrave repeated a stance he had taken in 2004 in an article, “Privacy Protection in a Global Context―A Comparative Overview”.1 Mainly Lee Bygrave was sceptical whether other cultures which are not based on individualism may provide space for individuals to advance claims for privacy. Six years later (i.e. 2010) in “Privacy and Data Protection in an International Perspective”2 Bygrave reiterated his views though with slight modifications.3 Following some recent developments in the adoption of data privacy policies at regional, sub-regional and national level in Africa Bygrave further re-adjusted his ideas in his most recent book “Data Privacy Law: An International Perspective”.4 My further curiosity in reviewing literature in the field revealed that Bygrave was not alone in holding that view. Serge Gutwirth earlier than Bygrave wrote a sub-chapter on “Privacy Across-Cultures”;5 David Baniser in his article “Privacy and Data Protection around the World”;6 Elizabeth Bakibinga in an article “Managing Electronic Privacy in the Telecommunications Sub-Sector: The Ugandan Perspective”;7 Hanno Olinger and others in “Western privacy and/or Ubuntu? Some Critical Comments on the influences in the Forthcoming Data Privacy Bill in South Africa”,8 Jonathan Burchell in “The Legal Protection of Privacy in South Africa: A Transplantable Hybrid”,9 and Dominic Dagbanja in his recent article “Privacy in Context: The Right to Privacy, and Freedom and Independence of the Media under the Constitution of Ghana”10 all share similar view with Bygrave. Importantly Olinger and others as well as Burchuell have extensively dealt with the concept Ubuntu11 and tried to locate the place of privacy in South Africa without success. In contrast, Scorgie argues that in Africa, and more particularly in Ubuntu, there are some forms of privacy.12 These manifest in people’s unique thoughts, ideas, characteristics and accomplishments. A parallel view to Scorgie was advanced by Professor Nwauche in his article, “The Right to Privacy in Nigeria” where he asks: “Is privacy important in Nigeria?” Nwauche argues that privacy is important in Nigeria because there are human beings.
In this article I refute the generalised claim in the privacy discourse that in Africa the value to privacy does not exist. I argue that such a claim is overstated. Moreover, the claim is supported by weak empirical evidence. Part 1 of the article introduces the claim in the privacy discourse. Part 2 gives an overview of the African society and culture. Part 3 outlines various Western understandings of the concept privacy and how it is used in this article. The main arguments and empirical evidence in support of the claim in Part 1 are considered here in details. Part 4 presents the African society in its traditional settings. Furthermore this part considers external influences to the African society and how they constantly shape privacy consciousness. The main point here is that while the traditional African society suffered from privacy myopia, its counterpart modern African society is conscious about privacy and is making efforts to protect it.13 The notion of privacy in the African society and critique to the dominant discourse are offered here. Part 5 provides an overview of privacy policies and regulations in Africa. Part 6 canvasses modern privacy threats and concerns for privacy in Africa. Part 7 concludes the article.
2. African Society and Culture
There is already rich literature about African society and its culture. This section provides only an overview of this literature and gives particular focus on the place of an individual in the African society. This is important because claims for privacy are closely associated to notions of individualism, self determination and autonomy. Putting it differently, does an individual in the African society stand in the same footing as its Western counterpart?
The title of this article―a person is a person through other persons―which is a translation of Xhosa proverb in South Africa umuntu ngumuntu ngabantu partly summarises the African world view about society and culture and more particularly the place of an individual in such a society. African scholars are of the general view that the African society is structured in such a way that an individual has little latitude for self determination outside the context of the traditional African family and community.14 The African society be it a clan, family, etc is predominant over the freedom of the individual. The individual’s existence and identity is relative to the group and is defined by the group. The strong collective thinking of Ubuntu implies that the individual members of the group cannot imagine ordering their lives individualistically without the consent of their family, clan or tribe.15 Thus the core values of the African society are communalism and interdependence. In a typical African society, Ubuntu can be illustrated for example by collective ownership of property as well as labour in a day to day life. People own pieces of lands and farm collectively. Moreover they care about and help each other. In an event of a dispute, the family, clan, etc is involved to resolve it usually through elders. There is no “winner gets all” principle. The family or society resolves disputes amicably so as to promote the social cohesion.
Nonetheless the African society is not static rather it transforms. Elements of individualisms are now commonplace in Africa. For instance, private ownership of property in rural and urban areas is common. Individual labour is also noticeable in both rural and urban areas. In rural areas farming is transforming due to the use of modern machines and technology such as tractors. As a result an individual does no longer need the help of other to cultivate his farm. External contacts are main catalysts of this transformation. Kamwangamalu posits that one must admit, though, that as a result of contacts with Western cultures, communalism is perhaps not as much practised in urban Africa as it is in rural Africa.16 Yet as rural Africa is continually being connected to the urban through modern technologies particularly mobile phones as well as businesses, there is rapid transformation of rural Africa. Ubuntu is no longer an order of the day in Africa as it used to be many years ago. Thus claims for individuality, self autonomy, and related notions are manifesting in Africa. Admittedly, though, the level of individualism in Africa is not the same as in the Western cultures.17
3. Privacy: A Philosophical Overview
Until now privacy discourse is dominated by Western scholars. Because of this, the concept of privacy has been frequently defined in terms of the Western culture. For example, the popular definition of privacy is “the right to be let alone”. This definition was postulated by Warren and Brandeis in their famous article, the Right to Privacy, published in the Harvard Law Review in 1890.18 After the Warren and Brandeis’s concept of privacy, numerous and conflicting definitions of this concept emerged. Most of these definitions were developed by American and European scholars in 1960s and 1970s. This is partly because around this time new privacy threats emerged from the invention of the computer. Nonetheless definitions of privacy after the rise of computer technology and the Internet are built upon the previous ones.
It is noteworthy that although Warren and Brandeis sat the ground for the discourse of privacy in the Right to Privacy, the definition of privacy advanced there has not assumed universality. This is not surprising because in the midst of various privacy definitions postulated by scholars belonging to different disciplines such as law, sociology, political science, medicine, and informatics, it is very difficult to attain a universal definition. Solove summarises this difficulty as underscored by scholars in the following paragraph:
Time and again philosophers, legal theorists and jurists have lamented the great difficulty in reaching a satisfying conception of privacy. Arthur Miller has declared that privacy is difficult to define because it is exasperatingly vague and evanescent. According to Julie Inness, the legal and philosophical discourse of privacy is in a state of chaos. Alan Westin has stated that few values so fundamental to society as privacy have been so undefined in social theory...William Beaney has noted that even the most strenuous advocate of a right to privacy must confess that there are serious problems of defining the essence and scope of this right. Privacy has a protean capacity to be all things to all lawyers. Tom Gerety has observed. According to Robert Post privacy is a value so complex, so entangled in competing and contradictory dimensions, so engorged with various and distinct meanings, that I sometimes despair whether it can be usefully addressed at all.19
Bygrave argues that the lack of a precise definition of the concept of privacy should not necessarily be considered as a weakness in the data protection laws rather as a room for flexibility in their implementation.20 Also the vagueness of the privacy concept (and thereby data protection laws) helps to assimilate and address a range of fears related to increasingly intrusive data-processing practices. Thus attempts to define privacy have been and are still being made. Bygrave groups such definitions into four classes.21 In contrast Solove groups them into six.22 However, Solove’s classification overlaps. This overlapping reduces his classification into four similar classes as Bygrave. Since it is practically impossible in an article like the present one to review all definitions, I adopt the four classifications of definitions of privacy to demonstrate how various schools of thought have attempted to define privacy.23
The first class defines privacy in terms of information control. The most influential definition is the postulation of Alan Westin which states, “privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others”.24 The second class defines privacy in terms of non-interference. The non-interference definition gained prominence largely in the wake of the famous Harvard Law Review article by Samuel Warren and Louis Brandeis, who argued that the right to privacy in Anglo-American common law is part and parcel of a right “to be let alone”.25 The third class defines privacy in terms of limited accessibility. A leading example of the characterisation of privacy as a condition of limited accessibility is Ruth Gavison’s definition. According to Gavison, this condition consists of three elements: “secrecy” (“the extent to which we are known to others”); “solitude” (“the extent to which others have physical access to us”); and “anonymity” (“the extent to which we are the subject of others attention”).26 The last group of definitions of privacy defines it in terms of “intimate” or “sensitive”.27 Julie Inness, for example, defines privacy as “the state of possessing control over a realm of intimate decisions, which includes decisions about intimate access, intimate information, and intimate actions”.
Although the above classes of definition of privacy are significantly different, they are common in one aspect: they all make reference to an individual (except Westin’s definition which extends its ambit to groups and institutions) making privacy an individual’s right. Surely it is from here the claim that in African culture there is no genuine concept or value to privacy emerges. Further discussion of this claim is dealt below.
Sometimes the concept privacy is used interchangeably with data protection. However in strict sense data protection law specifically regulates all or most stages in the processing of certain kinds of data.28 It accordingly addresses the way in which data is gathered, registered, stored, exploited, and disseminated.29 Putting it differently data protection is a sub-set of the broader privacy concept. Its main focus is information privacy as opposed to other forms of privacy such as bodily, territorial and matrimonial privacy.
The above overview shows that there is overlapping of the terms privacy and data protection. In this article the term “privacy” is used in a very broad sense as covering a range of “informational interests”, including a person’s interest in controlling the circulation of information that is confidential and the processing of personal data.
4. The Place of Privacy in African Society
4.1. Theory of Privacy
There is little literature that discusses the notion of privacy in the African context. So far the known theory of privacy in the continent is that of Neethling. His theory states that “privacy is an individual condition of life characterised by exclusion from publicity. This condition includes all those personal facts which the person himself at the relevant time determines to be excluded from the knowledge of outsiders and in respect of which he evidences a will for privacy.”30 Looking critically at this definition it can safely be argued that privacy in Africa is principally a Western imported liberal concept. The foundation of this concept is similar to Western society: individuality and self-autonomy. It can be concluded that up to this point in time privacy as a concept in the African context is conceptualised in similar terms as its counterpart Western society. The significance of Neethling’s theory of privacy is that it has received a wide recognition and acceptability in academia.31 Similarly it has been cited with approval by the Supreme Court of Appeal of South Africa in the case of National Media Ltd v Jooste.32
4.2. The Dominant Discourse
The dominant view claims that Africans exist in collectives: family, kinship or other types of groups. Due to this an individual in Africa has no space to claim for privacy as he or she is overburdened by group’s interests. This is in contrast to the Western individualistic cultures where an individual is considered autonomous and independent of the group, the condition which favours claims for individual privacy. Accordingly, Bygrave argues that the absence of privacy legislation in Africa reflects the priority of communal considerations over individual interests.33 In 2004 he went far to hold that none of the African countries have enacted comprehensive data privacy laws suggesting that it is due to the lack of culture of privacy in the continent.34 Yet Bygrave noted the development of data protection legislation in some African countries in 2010 and 2014 respectively.35 Similarly Gutwirth posits that insofar as sub-Saharan Africa can be assessed as one whole, privacy stands for little.36 In sub-Saharan Africa an individual is subordinate to the group, reducing the space for privacy.37 Bygrave and Gutwirth view the absence of any reference to privacy in the African Charter on Human and Peoples’ Rights (ACHPR) 1981 reflects the lack of privacy culture in Africa. As noted, the above views expressed by Bygrave and Gutwirth have similarly been expressed by other scholarships (e.g., Bakibinga,38 Olinger et al.,39 Burchell40 and Dagbanja41).
The above overview shows that the dominant discourse emphasises that as a pre-condition privacy develops in an individualistic society. No doubt this is the Western society. The claim assumes Western Europe has always been individualistic while African society collectivist. As a result, the former has space for privacy.
4.3. A Critique
Critics of the dominant view observe that Western Europe’s individualism has come a long way. Sihlongonyane correctly argues that the initial traditional standpoint of both African and Western values were similar among primitive societies.42 However, the shift from there has been drastic in the West than in African societies.43 Industrialisation, urbanisation and technological advancement have removed numerous factors that nurture the bonding factor in Europe.44 Similar tendencies have already occurred in Africa and have altered and continue to alter the bonding factor in the African society. Baniser posits, “privacy rights in the modern world are inherently intertwined with information technology. It is important not to overstate the differences in cultural understanding of privacy in connection to ICTs. The effects of globalization have greatly shifted perception as technology shifts traditional practices and opinions to more globalized ones, upsetting delicate balances and power structures. Thus, it is fair to say that the same trends have led to the concerns about the protection of personal information globally to the African context”.45 It is important to note that Bygrave had foreseen the possibilities of change of culture in Africa towards the value to privacy and regulation despite his over emphasis on individualism. He observed that although legal regimes for privacy protection are under-developed in most African and Asian nations, tempting to view this situation as symptomatic of a propensity in African and Asian cultures to place primary value on securing the interests and loyalties of the group at the expense of the individual, care must be taken not to paint countries and cultures into static categories.46
The dominant view has also been challenged on chronological account. The criticism is that demand for legal protection for privacy came so very late in the day, long after the rise of individualism, whenever it actually started.47 It is argued that the first legal decisions on privacy do not really appear until the very beginning of the twentieth century; the main constitutional commitments and international conventions offering some general protection are all phenomena of the second half of the twentieth century; and the main statutory interventions such as data protection legislation all appear in the last quarter of the twentieth century.48 Indeed, privacy has been a latecomer in the development of liberal constitutional or legislative rights for the individual and is still relatively insecurely grounded by comparison with eighteenth and nineteenth century efforts to buttress rights against arbitrary arrest, rights to freedom of conscience, association, speech and to vote for elected representatives’.49
Roos observes that the collection of information on individuals is not a new phenomenon. In fact, record keeping on individuals is as old as civilisation itself. The Roman Empire, for example, maintained an extensive system of taxation records on its subjects, who were identified through census taking.50 Yet during this time there was no claim for an individual’s privacy. Even after individualism had arisen such claim did not immediately arise. It was actually in the post-industrial society when claims for privacy arose. Bennett underscores that “by the late 1960s this development (technological determinism) had raised within post-industrial democratic states a complex but common set of fears that crucial individual rights and liberties were being compromised. States then responded with data protection statutes, designed to regulate the collection, storage, use and disclosure of recorded information relating to identifiable individuals and thus protect the value of personal privacy.”51 Accordingly individualism argument fails to offer a clear chronological account of the rise of privacy.
The other criticism against the dominant view is about geographical problem. The argument runs as follows: in many conventional ways (limited labour market regulation, social insurance and so on), the most individualistic society on earth is surely the United States, which has as yet no general data protection law at federal level.52 The recent attempt by the Obama administration to issue a draft Consumer Privacy Bill of Rights Act 2015 is still being criticised as offering insufficient protection.53 Moreover, in the USA, individualist arguments about economic liberty are frequently deployed against proposals for data protection or press privacy law, on the grounds that these would present unacceptable interventions in freedom to trade using personal information.54
Similarly the dominant view suffers from the logical problem. It is argued that many claims to privacy cannot readily be reduced to claims of liberty and autonomy. The concerns of data protection and press privacy law are not all about the power or right to make certain fundamental or important kinds of decision for oneself and carry them out without the obstruction of government coercive power.55 Rather, they tend more often to be about claims to dignity.56 Despite the above limitations, Perri 6 argues that together with urbanism and informatics, individualism gradually contributed to the rise of privacy as he notes, “although none of these is an adequate explanation of why privacy came to be so salient so late, individualism, urbanism and informatics no doubt all play a role in the gradual rise of concern about privacy”.57
There is yet another set of criticisms against the dominant view. This focuses on empirical evidence in support of the view. These criticisms are considered below.
Absence of reference to privacy in the ACHPR
This is one of the pieces of evidence that had been frequently cited by the dominant view in the past. The ACHPR, unlike other regional and international conventions and treaties on human rights lacks reference to privacy. The Charter was adopted in 1981 two decades after independence of African countries from European powers. The independence constitutions in these countries incorporated the Bill of Rights.58 Most of the Bills included provisions on privacy.59 Compared to the African Charter, African independence constitutions came much earlier. They continued to exist at and after the adoption of ACHPR. Thus absence of any reference to the right of privacy in ACHPR does not offer convincing evidence of lack of value to privacy in Africa. This is because reference to privacy right in African independence constitutions evidences this value. However to argue this way may probably be misleading for two reasons. First, despite reference to privacy, most independence constitutions were not rooted in the African soils. Indeed they were “imposed” by the colonial regimes. Scholars argue that such “imposition” did not reflect the African societal values. Shivji posits that the Bill of Rights in the independence African constitutions was inserted just to protect minority white population in the colonies after the departure of the colonial masters.60 In the same view Gutwirth argues that despite the fact that African states adopted the constitutions of their colonisers founded on individualism, the collectivist culture continued to outweigh the individual’s right to privacy.61
There is another problem with this evidence. While the scholars in the dominant view have observed that the African Charter omits reference to privacy, they failed to note that the African Charter on the Rights and Welfare of the Child 1999 makes such reference. To be sure, Art 10 of this Charter states that no child shall be subject to arbitrary or unlawful interference with his privacy, family home or correspondence, or to the attacks upon his honour or reputation, provided that parents or legal guardians shall have the right to exercise reasonable supervision over the conduct of their children. The Charter further provides that the child has the right to the protection of the law against such interference or attacks. However this also does not offer clear evidence of the value to privacy in Africa.
This piece of evidence has further become irrelevant after the recent adoption of the AU Cyber Security and Personal Data Protection Convention 2014, commonly known as the Malabo Convention. Chapter II of this Convention regulates protection of personal data. It is noteworthy that outside Europe, the Malabo Convention is the first treaty to regulate the protection of personal data.
Absence of comprehensive data protection legislation
It is widely acknowledged by scholars that privacy was first conceived in America. These scholars also acknowledge that Western Europe has always been picking up issues with regard to data privacy after being debated in America. However to date, the United States of America has no comprehensive data privacy legislation in the European style. Can this lack of comprehensive data privacy legislation support a claim that Americans do not value privacy? Again, in Japan and China, where new data privacy legislation in a European style has been adopted, its implementation has been difficult. The reason advanced here is lack of attitude towards privacy. Mere adoption of comprehensive data protection statute is one step but not conclusive in itself that a particular society values privacy for such reason. Up to 2016, there are 18 African countries with comprehensive data protection legislation. Yet in some of countries such statutes are not yet in force (e.g. Seychelles-adopted in 2003). In other countries the privacy regulatory authorities are not yet established although the statutes are already in force (e.g., Cape Verde-adopted 2001, Madagascar-adopted in 2015, Mali-adopted in 2013). Even where these statutes are in force and the privacy authorities are established there have been difficulties of compliance to the law (e.g. Mauritius-adopted in 2004).
It is noteworthy that data protection legislation is a policy agenda in many African countries. There are currently several draft bills and actual bills on this kind of law. However, one of the key motivations for the adoption of such laws is to attract foreign investments rather than protect privacy of citizens as such in these countries.
Frequent reference to family, groups, people and state
The African Charter is a regional instrument for Africa. It is therefore not surprising that some of its provisions reflect the culture and values of the African people. This makes sense because of its historical development and the context in which it arose. This is the departure from other regional instruments, like the Universal Declaration of Human Rights. To equate the two instruments is therefore a difficult task to reconcile the conflicting interests. It is noteworthy that, the empirical evidence provided by Gutwirth, makes a serious omission. He has asserted that the African Charter makes reference to groups be family, people or state. Moreover an individual has no right to sue a state. This assertion is flawed. This is because, Articles 2 to 17 of the Charter specifically incorporates individual rights. Each provision starts with the following opening, “every individual....” The rest of the provisions of the Charter make reference to “all people”, “family” or state. In such articles, there are rights and duties defined. The latter reflect issues such as unity, economic and social development, etc. whose realisation do not rest upon an individual but a group. In any case, reference to family, groups, people and state does not offer enough evidence of lack of privacy laws (by then) as asserted by scholars.
Preference of the law of the village as opposed to the state
Since Africa was put under colonial rule of some European powers (Britain, France, Belgium, Portuguese, Germany, etc.) in the second half of the 19th Century, there had been a constant erosion of customary law. In English colonies, for example, customary law was allowed only to continue to apply when it was not in conflict with morality. The English legal system was dominantly put in place. After independence, the English legal system continued to exist. The existence of foreign legal systems in Africa at the highest level reduced significantly the domain of customary law. To date, constitutions are supreme law in every African state. Any law has to pass the constitutional test for its validity. Legislature is an institution of making laws. On the other hand judiciary interpret laws. Although customary law is still applicable it is insignificant. Most customary laws fail to pass the constitutional test. As such every time a case arises over the constitutionality of customary law, the latter has been turned down by courts for being unconstitutional. Most such laws are those which denied women rights to ownership of properties, denied widows’ rights of inheritance, denied children born out of wed-lock right of inheritance, etc. Today, customary law which is in conflict with a law passed by parliament or constitution is strike out as unconstitutional. Gutwirth’s claim that in Africa many people prefer the law of the village as opposed to the state is unsupported. Moreover, his claim does not reflect realities of African societies which are now litigious about their rights as defined in different laws passed by parliaments. The contention best fits to describe pre-colonial African societies.
5. New Threats and Privacy Concerns in Africa
The most recent survey study about perceptions of the right to privacy in Zimbabwe already confirms that privacy is an important value in Africa. This survey has shown that 82% of the population under study rated privacy as a very important right.62 Although currently there are no many privacy surveys in Africa as in Europe, it is still possible to have a general view that privacy is becoming an important value and right in Africa. This generalisation is based on the rising privacy concerns as reported in media63 as well as the emerging case law and decided complaints by courts and data protection authorities respectively in some African jurisdictions. Decided on the basis of constitutional right to privacy, this case law is at the moment relatively developed in South Africa and Kenya.64 In contrast this case law has only begun to develop in Lesotho65, Uganda66 and Ghana.67 Similarly complaints resolved by the data protection authorities are increasing in Mauritius.68 This section provides an overview of the catalysts of privacy concerns in Africa in recent years.
5.1. Health Privacy
The rise of information and communications technology (ICT) has increasingly integrated the provision and management of healthcare. In Africa, mobile technology has given rise tele-health and m-health services. In the same vein ICTs have enabled hospitals to develop huge databases which keep patients medical records. As a result, massive sensitive medical data as well as personal information is exchanged between patients and medical practitioners. In Africa mobile health applications are void of data privacy regulations dedicated in this sub- sector. This state of affair poses significant risks on patients’ privacy in a number of ways. In particular issues of consent, confidentiality and security have challenged this system.
Another area that has for many years raised privacy concerns in Africa is HIV/Aids. Consent to HIV/Aids testing is the most controversial issue surrounding privacy. Many people in Africa are concerned with HIV/Aids testing without their consent. Since HIV/Aids has yet no prevention or cure, many people consider their health records in the context of HIV/Aids as most sensitive. The second issue concerns about disclosure of HIV/Aids test results or status to third parties without authorisation of people concerned. This has resulted into serious problems in the employment sector whereby medical practitioners in most African countries have been communicating HIV/Aids test results directly to employers while bypassing the employees whom were tested. Somewhat linked with the second issue, is discrimination of people living with HIV/Aids. Once their HIV/Aids status is revealed, many people living with HIV/Aids have found themselves discriminated.
5.2. Communications Surveillance
Communications surveillance which is the monitoring, interception, collection, prevention and retention of information has generated public fears over the intrusion of privacy not only in the developed world but also in Africa. Particularly in Africa where there is vacuum of data protection regulations and high records of abuse of human rights in many countries, unlawful interception and monitoring of private life is prevalent. Illustrations of projects on communications surveillance in Africa include SIM registration which is almost mandatory requirement in African countries. Massive personal information is collected for purposes of registration, transactions and interception of content of communication. The communities targeted by mobile development projects face an additional layer of privacy and security risks.69 Mobile networks are often monitored closely by the state, and SIM registration and biometric initiatives make it easy to tie a phone to a specific citizen.70 In its 2014 report i.e. Law Enforcement Disclosure Report 2014, Legal Annex Vodafone posits:
In every country where Vodafone operates, governments retain law enforcement powers that can limit privacy and freedom of expression. These include legal powers that require telecommunications operators to provide information about customers or users or to put in place the technical means to enable information to be obtained for law enforcement purposes, such as lawful interception. Governments also retain powers to limit network access, block access to certain sites and resources or even switch off entire networks or services. These powers have many legitimate purposes, including fighting crime and terrorism, and protecting public safety. However, use of these powers must be balanced with the respect for civil liberties and freedoms, including individuals’ privacy and freedom of expression.71
In South Africa the Spy Cable a tool which the state can intercept and/or monitor has raised privacy concern in a situation where the traumas of apartheid regime are not yet healed. This is similarly the case with Kenya which has recently contracted Safaricom, the telecom giant in Kenya, to construct security and surveillance system. Privacy International considers the Kenya’s state expansion of its surveillance power a new threat to privacy.72 The list of illustrations of surveillance technology which has the chilling effect over privacy is also noted in other African countries such as Tanzania where the government has acquired the Telecommunication Traffic Monitoring System. The governments in Tunisia, Libya, Morocco and Egypt had similar surveillance tools which were deployed during the Arab Spring.
While surveillance is part of measures towards national security, in Africa there is misuse of such technology. Particularly the rulers deploy this surveillance technology to silence and/or suppress opposition politics. In Benin for example, the wiretapping scandal of 2013 is a clear illustration of how the executive is directly involved in state surveillance. It is alleged that the Benin President Thomas Boni Yayi’s office, as well as his private home, were the central hub for the surveillance systems, which allowed the president to wiretap anyone he likes.73 This is similar to what happened in Uganda almost ten years before Yayi’s surveillance. In one occasion the President of Uganda, Mr. Yoeri Museven publicly admitted in Parliament on 8 September, 2003, that he had listened in on a conversation between Ogwal and a rebel commander of the Lord’s Resistance Army, something that made the Member of Parliament for Lira Municipality, Ms. Cecilia Ogwal, to be up in arms with the government and the President.74 As a result, interception laws, national security, terrorism law and intelligence legislation lack sufficient safeguards and oversight that would watch the abuse by states.
5.3. Mobile Money Applications
Privacy concerns in a mobile money ecosystem have manifested variously in Africa. One way is through identification of subscribers in various scenarios. In Kenya M-Pesa subscribers have used personal information under Mobile Money Operator (MNO) possession to catch cheating partners.75 If A suspects that a partner B is cheating, and A finds a number that B calls regularly, A sends money to the credit of that number and finds who subscribes to that number. However in order for A to remain unknown to the person calling B regularly, A sends either an amount that falls below the allowable minimum credit or sometimes an amount that exceed his credit balance. In either case a report is generated even if the transfer fails. This report normally discloses the name of the third part calling B and his phone number.
The second way that privacy of a customer is exposed is that every transaction (withdrawal or depositing) of mobile money is required to be recorded in an open book. However some agents do not record these transactions. All in all the details are left with the mobile money agents. It is not clear how long these details are kept by agents or for what other purposes they may be used. Thirdly, in case of illiterate subscribers the agents have always offered their assistance to facilitate transactions. This means that PINs or passwords of such customers are shared to the agents. A research study conducted in Kenya found that some M-Pesa clients were giving account passwords to agents, and while there is no evidence this has led to loss of funds or misuse of customer information, the risk could be significant.76 Fourthly, due to the great transparency in which mobile money is required to be conducted the availability of transaction data opens the door for abuse by an unscrupulous government, which could gain access to transaction records with little effort.77 For example, in October 2010 the Director of the Prevention and Combating of Corruption Bureau (PCCB-Tanzania) confirmed to the general public that, his entity had the technology to monitor and identify people dishing out bribes through mobile cash transfer (i.e. Vodacom’s M-Pesa; Zain’s Zap and Tigo Pesa of Tigo).78 This information could then be used in a number of ways to harass, intimidate, or manipulate the violated citizen.79 Also important to note is the fact that in every mobile money transaction there are several players involved: MNOs, banks or other financial institutions, telecommunication regulators, mobile money agents, and the customer. As mobile money services necessarily operate in a data-rich environment that creates incentives for the commoditization of personal information and targeted advertising, each of these entities (other than the customer himself/herself) has a growing interest in collecting personal information tied to mobile money transactions.80 With so many interested parties and little consumer protection, the opportunities for data leakage and subsequent abuse are abundant.81
5.4. National Identification Systems
In recent years some African countries have embarked on biometric nation identification (ID) cards in order to identify their citizens. Nigeria, Ghana, Uganda, Kenya, Tanzania, South Africa, Angola and Rwanda serve as illustrations of African countries with national ID cards. It is noteworthy that the national ID projects in Africa are based on biometric identifiers that extend beyond the basic identification. They include fingerprint biometrics, iris images and related features. As it is the case for other databanks in Africa, security and privacy of data in the databanks is not sufficiently guaranteed. This is because in many countries there are no data protection regulations or specific regulations for this sub-sector. As a result vast amount of personal information is collected and shared across government agencies as well as to private sector under the public-private partnership arrangements.
5.5. DNA Databases
In recent years national DNA databases are spreading across Africa. Mainly these databases are used by states to facilitate forensic investigations. Some of the countries which have DNA databases include Botswana, Egypt, Morocco, South Africa and Tunisia. DNA processing and profiling involves obligations to respect individual autonomy, which embraces informed consent and privacy. Concerns for privacy have largely arisen due to lack of a fair balance between crime detection, human rights and privacy.
5.6. Passing Privacy-Unfriendly Laws
In the guise to defend national security and public interests African countries have adopted legislation which has negative implication on the right to privacy. Such legislation has been passed in the areas of interception of communications, national security and intelligence, fight against terrorism, cybercrimes, media, access of information, penal laws, commerce etc. In a recently published article Yilma has critically analysed how legislative activities in Ethiopia by the state has limited the right to privacy in a manner that it renders the right as if it does not exist.82 This is the case in other African states.
6. An Overview of Privacy Regulations
In Africa privacy is protected in national constitutions. However being framed as a broad right, it has not been well enforced. There is little case law based on constitutional right to privacy in the continent. As highlighted above only South Africa and Kenya have tested this right in courts. Limited case law on constitutional right to privacy is also available in Lesotho and Uganda. In former Portuguese colonies in Africa (Angola, Cape Verde and Mozambique) privacy is also protected in constitutions as habeas data.
Besides constitutional protection, privacy is secured through comprehensive data protection legislation based on the European model. Currently 18 countries in Africa out of 54 have adopted omnibus data protection legislation. Similarly privacy is secured through sector specific laws and general legislation. There is also common law protection of privacy in some countries like South Africa.
The above discussion has underscored the value of privacy in the African society. This value has come about as a result of years of transformation of African society from colonialism, neo-colonialism and now globalisation. Contrary to the scholarship which has ignored the impact of such transformation and continued to maintain that Africans do not value privacy because of collectivism, this article, with support of empirical data, has demonstrated a reverse. Urbanism as well as the influence of modern technologies which came through globalisation has destroyed the social cohesion with which individuals were held together in Africa. Individualism is an order of the day in many urban areas in Africa (see part 2 above). Moreover, technology has changed many African collectivist cultures. To this end, it is recommended that privacy policies and regulations should be adopted to ensure that individuals’ right to privacy is secured.
1Bygrave (2004) Privacy Protection in a Global Context―A Comparative Overview, Scandinavian Studies in Law, Vol. 47, pp. 319-348, at p. 328.
2Bygrave (2010) Privacy and Data Protection in an International Perspective. Scandinavian Studies in Law, Vol. 56, pp. 165-200, at p. 176.
3Further discussion of such modifications is provided in part 3 of this article.
4Bygrave (2014) Data Privacy Law: An International Perspective, Oxford University Press, UK.
5Gutwirth (2002) Privacy and the Information Age, Rowman & Littlefield Publishers, Inc, Lanham/Boulder/New York/Oxford, pp. 24-29.
6Baniser (1999) Privacy and Data Protection around the World. Conference Proceedings of the 21st International Conference on Privacy and Personal Data Protection, Hong Kong, September, 13.
7Bakibinga (2004) Managing Electronic Privacy in the Telecommunications Sub-sector: The Ugandan Perspective. https://www.hitpages.com/doc/4981980869427200/1#pageTop, pp. 2-4.
8Olinger et al. (2007) Western privacy and/or Ubuntu? Some Critical Comments on the influences in the Forthcoming Data Privacy Bill in South Africa. The International Information & Library Review, Vol. 39, Issue 1, pp. 31-43.
9Burchell (2009) The Legal Protection of Privacy in South Africa: A Transplantable Hybrid. Electronic Journal of Comparative Law, Vol. 13, No. 1, p. 2, at http://www.ejcl.org.
10Dagbanja (2014) Privacy in Context: The Right to Privacy, and Freedom and Independence of the Media under the Constitution of Ghana. African Journal of International and Comparative Law, Vol. 22, No. 1, pp. 40-62.
11Ubuntu has been defined differently by scholars (e.g. Archbishop Desmond Tutu, Louw, Mokgoro, Mbigi, etc,). However to put it in simple terms, the concept Ubuntu refers to African philosophy which emphasises collectivist human relationship and assistance in everyday life. In Ubuntu, an individual is subjected under communal considerations. The concept is well developed in South African scholarship though it has its reflection in other African societies.
12Scorgie (2004) Ubuntu in Practice. HIVAN Research Associate. (Comments received by email.) Email to: HN Olinger (Hanno.Olinger@Kumbaresources.com) [6 November 2004] as quoted in Olinger, Britz, & Olivier (2007) Western privacy and/or Ubuntu? Some Critical Comments on the influences in the Forthcoming Data Privacy Bill in South Africa. The International Information & Library Review, Vol.39, Issue 1, pp. 31-43.
13The terms “traditional” and “modern” have been subjects of immense debates in various fields of studies. This paper does not intend to end such debates. However, I use the term “traditional” in the context of Africa to refer to pre-colonial African societies’ political, economic, social and cultural set ups while the term “modern” refers to the same aspects of the pre-colonial African societies after being transformed by Western imperialism during colonialism, neo-colonialism and now globalisation.
14Lassiter (2000) African Culture and Personality: Bad Social Science, Effective Social Activism, or a Call to reinvent Ethnology? African Studies Quarterly, Vol. 3, No. 3, pp. 1-21, at p. 5.
15Kamwangamalu (1999) Ubuntu in South Africa: A Sociolinguistic Perspective to a Pan-African Concept. Critical Arts: South-North Cultural and Media Studies, Vol. 13, No. 2, pp. 24-41, at p. 27.
17See e.g. Hofstede individualism index by country, http://geert-hofstede.com/countries.html.
18Warren, & Brandeis (1890) The right to Privacy’ Harvard Law Review, Vol.4, No. 5, pp. 193-195. Neethling, an African scholar, defines privacy as an individual condition of life characterised by exclusion from publicity. This condition includes all those personal facts which the person himself (or herself) at the relevant time determines to be exclusive from the knowledge of outsiders and in respect of which he (or she) evidences a will for privacy, see Neethling et al. (2005) Neethling’s Law of Personality. Butterworths, Durban, p. 36.
19Solove (2002) Conceptualising Privacy. California Law Review, Vol. 90, pp. 1087-1156, at pp. 1088-1089.
20Bygrave (2001) The Place of Privacy in Data Protection Law. University of New South Wales Law Journal, Vol. 24, No. 1, pp. 277-283, at p. 278.
21Ibid, pp. 279-281.
23For a critical appraisal of the definitions of privacy read Makulilo (2014) Privacy and Data Protection in Africa, Scholars’ Press, Germany.
24Westin, A.F, Privacy and Freedom (1970) 7 as quoted in Bygrave (2001) The Place of Privacy in Data Protection Law. University of New South Wales Law Journal, Vol. 24, No. 1, pp. 277-283.
28Bygrave (n4) p. 1.
30See e.g., Neethling (2005) The Concept of Privacy in South African Law. The South African Law Journal, Vol. 122, No. 1, pp. 18-28, at p. 19.
31Roos (2003) The Law of Data (Privacy) Protection: A Comparative and Theoretical Study. LL. D Thesis, UNISA, pp. 554-560.
32 3 SA 262 (A) 271.
33Bygrave (n1), p. 328.
35Bygrave (2), p. 193 and Bygrave (n4), p. 10.
36Gutwirth (n5), p. 24.
39Olinger et al. (n8).
42Sihlongonyane (2000) The Invisible Hand of the Family in the Underdevelopment of Africa Societies: An African Perspective. Scholarly Paper Series 1; http://www.gdrc.org/icm/country/scholarly/fanafrica.html.
45Banisar (2010) Linking ICTs, The Right to Privacy, Freedom of Expression and Access to Information. East African Journal of Peace & Human Rights, Vol. 16, No. 1, pp. 124-154, at p. 125.
476, P, The Future of Privacy: Private Life and Public Policy, Vol. 1, DEMOS, London, 1998, p. 23; Sorensen and Oyserman on individualism posits, “the concept can be traced back to the late 1700s during the French Revolution when individualism was first used to describe the negative potential impact focusing on individual rights would have on larger societal welfare and structure”, Sorensen, N. and Oyserman, D, “Individualism”, p. 517, http://sitemaker.umich.edu/daphna.oyserman/files/sorensen_oyserman_2009_individualism_1_.pdf
50Roos (n31), pp. 1-2.
51Bennett (1992) Regulating Privacy: Data Protection and Public Policy in Europe and the United States. Cornell University Press, USA, p. Vii.
526, P (n47).
53See e.g., Gellman (2015) Three bad ideas in the US Consumer Privacy Bill of Rights. Privacy Laws & Business International Report, No. 134, pp. 6-8.
546, P (n47).
56Ibid, p. 24.
57Ibid, p. 25.
58Tanzania serves as an example of African countries whose independent constitutions did not contain Bill of Rights. The Tanzanian Bill of Rights came in the Constitution in 1984 through the Fifth Constitutional Amendment but was suspended until 1988 when it came into force.
59Kenyan Independent Constitution, 1963 serves as an example of those Bills of Rights in African independent constitutions which did not contain specific provision for protection of privacy. However, the New Kenyan Constitution, 2010 secures very specifically the right to privacy in Article 31.
60Shivji (1989) The Concept of Human Rights in Africa, Dakar, Codesria, p. 19.
61Gutwirth (n5), pp. 24-25.
62Zimbabwe Human Rights NGO Forum et al. “Perceptions of the Right to Privacy in Zimbabwe A Research & Advocacy Report (Year 2) 2014”. http://opennetafrica.org/wp-content/uploads/researchandpubs/Perceptions%20of%20the%20Right%20to%20Privacy%20in%20Zimbabwe%202014.pdf.
63See e.g., Chimbelu, C, “Privacy concerns in Kenya as users turn to M-Pesa to catch cheating partners” interview with Grace Githaiga, Deutsche Welle reports, 12.07.2013, http://www.dw.de/privacy-concerns-in-kenya-as-usersturn-to-m-pesa-to-catch-cheating-partners/a-16947446.
64For critical appraisal, see Makulilo (2015) Myth and reality of harmonisation of data privacy policies in Africa. Computer Law & Security Review, Vol. 31, No. 1, pp. 78-89, at p. 80.
65See e.g. Makakole v Vodacom Lesotho (Pty) Ltd  LSHC 14; Kali v Mahasele  LSCA 27.
66See e.g., Victor Julieth Mukasa & Yvonne Oyo v Attorney General, Misc. Cause No.247 of 2006, High Court of Uganda in Kampala, (2008) AHRLR 248 (UGHC 2008); Kasha Jacqueline, Pepe Onziema & David Kato v Giles Muhame and the Rolling Stone Publication Ltd, Misc. Cause No.163 of 2010, High Court of Uganda in Kampala (Unreported).
67See e.g., Republic v Tommy Thompson Books Ltd (No. 1), [1997-98] 1 GLR 611.
68Mauritius Data Protection Office: Decisions on Complaints, http://dataprotection.govmu.org/English/Pages/Decisions-on-Complaints.aspx.
69Hussain (2013) Cellphone Projects in Developing World need better Privacy, Security Measures. In Marcovici, M, The Survaillance Society, BoD-Books on Demand, Norderstedt, pp. 101-104, at p. 103.
71Vodafone Group Plc Sustainability Report 2013/14, p. 53.
72Rispoli (2015) Kenyans face new privacy threats as State expands surveillance powers. Privacy International, 8 January 2015. https://www.privacyinternational.org/?q=node/99.
73Frowd (2013) President of Benin Alleged to be at the Center of Surveillance Controversy. In Marcovici, M, The Survaillance Society, BoD-Books on Demand, Norderstedt, pp. 97-100, at p. 98.
74Mulumba, B. D and Mugarura, E, “MP Ogwal to Sue Museveni”, The Monitor, 1.10.2003, http://allafrica.com/stories/200310010115.html.
75Chimbelu, C, “Privacy concerns in Kenya as users turn to M-Pesa to catch cheating partners” interview with Grace Githaiga, Deutsche Welle reports, 12.07.2013, http://www.dw.de/privacy-concerns-in-kenya-as-users-turn-to-m-pesa-to-catch-cheating-partners/a-16947446.
76Morawczynski, O and Pickens, M, “oor People Using Mobile Financial Services: Observations on Usage and Impact of M-PESA”, Brief. Washington, D.C.: CGAP, August 2009, http://www.cgap.org/gm/document-1.9.36723/MPESA_Brief.pdf.
77See Louis, K and Nicola, J, “Financial inclusion and financial integrity: aligned incentives?, in Shadow 2011: The shadow economy, tax evasion and money laundering”: Proceedings of the 2011 Shadow conference, University of Münster, Germany, pp. 1-28, at p.7, http://dro.deakin.edu.au/view/DU: 30041719
78THE CITIZEN, “PCCB has eye on mobile cash transfer”, 6th September 2010, p. 2.
79Harris et al. (2013) Privacy and Security Concerns associated with Mobile Money Applications in Africa. Washington Journal of Law, Technology & Arts, Vol. 8, No. 3, pp. 245-264, at p. 250.
80Ibid, p. 250.
81Harris et al. (2011) Emerging privacy and security concerns for digital wallet deployment. In Aspray, W and Doty, P (Eds.), Privacy in America: Interdisciplinary perspectives, Lanham, MD: Scarecrow Press, pp. 185-208, at p. 200.
82Yilma, K.M, “Data privacy law and practice in Ethiopia”, International Data Privacy Law, 2015, Vol. 5, No. 3, pp. 177-189.