What does the public know about transparency and safeguards in the procurement & deployment of Digital Technology Systems in Africa?

Press Release

AFIC released its research report “Sunlight in Digital Technologies”. This report analyzes data gathered through triangulation from varied secondary and primary sources, using an exploratory research design combining a scoping review of grey and published literature with key informant interviews and a survey in Uganda, Liberia, and Nigeria to assess what the public knows about transparency and safeguards in the procurement and deployment of Digital Technology Systems in Africa.

The report finds that overall, only 38% of survey participants were knowledgeable about government purchase of at least one of the three technologies which include biometric, artificial intelligence, and facial recognition technologies. In addition, more Nigerians were knowledgeable about their government’s procurement of facial recognition (75%) and biometric technologies (73%) than Ugandans (20%) and Liberians (54%). Artificial intelligence was the least known of the three technologies perhaps because of its nature i.e., less visible than facial recognition technologies which are on the streets, in offices and banks, or biometric technologies that are used during electioneering.   

The Report also explored the purpose for which governments procure the Digital Technology Systems across the three countries. Specifically, these technologies help government Ministries, Departments, and Agencies to deliver their statutory service delivery mandates while in some, they may support other purposes related to security other than the core purposes they were procured. Across the three countries, biometric machines, CCTV cameras, voter verification kits, and facial recognition systems have been procured for registration for citizens’ NINs, voter registration, and support in the management of elections.

The report further discovered that in all three countries, different government MDAs were procuring Digital Technology Systems. However, MDAs in the security sector and those whose functions depend on having accurate information about citizens (for instance, Electoral Commission) procured these technologies more than others. Fewer MDAs in Liberia procured and deployed DTS than in Nigeria and Uganda. The primary sources of funding for DTS procurement across the three countries are the national budgets (annual tax revenue). For example, in some of the agencies that participated in this study in Uganda, government funding for DTS constituted over 75% of the total cost, while donors contributed only 25%. The government financed the purchase of hardware while donors raised funds for software.

It was also clear all three countries are yet to establish institutions that will facilitate the protection of data collected through Digital Technology Systems. However, this report acknowledges that there have been efforts by all three countries to put in place institutions that oversee government digital platforms:

  • In Uganda, the National Information Technology Authority-Uganda (NITA-U) is expected to offer guidance to agencies to develop institutional data protection mechanisms, and in Nigeria, government is in the process of creating a central database linking the National Identification Numbers (NIN) with all data collected by government agencies and the private sector such as the sim cards, international passports, and Bank Verification Numbers (BVN). Furthermore, the National Assembly is reviewing the Data Protection Bill, which will create the Office of the Independent Data Protection Commissioner. These efforts are aimed at stemming misuse and abuse of personal data by criminals and third parties due to proliferation of databases with information on citizens.
  • Sanctions for data misuse were embedded in various laws and policies as reported by participants from Nigeria, Uganda and Liberia. However, participants from Nigeria and Liberia emphasized sanctions other than those from Uganda and Liberia. In Nigeria, laws have sanctions that strengthen proper use of data. Hence, although ostensibly procured to ensure efficient service delivery, promote safety, security, citizenship and democracy, evidence suggests that DTS are sometimes deployed against the grain of these ideals when they are used by security agencies to crack down on opposition politicians, especially in Uganda. Interviews with participants from civil society organizations in Uganda raised concerns on abuse or misuse of DTS, particularly CCTV cameras and the FinFisher spyware. They argue that these technology platforms were acquired primarily to enable state surveillance of opposition figures in order to silence dissenting voices.

This report seeks clarity on the extent to which the Digital Technology Systems are supported by prevailing legal and policy frameworks without specific laws governing their procurement and deployment. While there are no special laws to guide the procurement of DTS in all the countries, less than one percent of the value of contracts for DTSs is disclosed, increasing the risk for corruption and inefficiency in the tendering and procurement of DTSs across the three countries. With a lack of disclosure, it is difficult for data users in the public, private and voluntary sectors to meaningfully contribute to the improvement of performance and governance of DTS procurements.

Together with Partners, AFIC recommends that:

  1. Data protection laws and policies in respective countries should be enacted and strictly enforced to protect citizens from unwarranted manipulation for commercial and political advertising.
  2. Data holding public and private agencies should publish annual transparency reports regarding the release to third parties data collected using DTSs. Governments should also strengthen existing laws to ensure proper usage and protection of individual data that are collected through DTS. In line with this, the public should be sensitized on such laws so that in case of abuse they can seek justice.
  3. Civil society organizations should take interest and monitor the regulation and compliance of data holders the protection of personal information and privacy.

AFIC and Partners conducted this study; PPDC and CEMESP, with support from the Omidyar Network. The Report is available on AFIC’s website in English.