Recent Developments in Telecoms Regulation Threaten Online Rights in Uganda
By Edrine Wanyama |
In April 2017, the parliament of Uganda gave the minister in charge of Information and Communication Technologies (ICT) powers to single-handedly make regulations that govern the telecommunications sector. Hitherto, regulations proposed by the minister had to receive parliamentary approval.
The Uganda Communications (Amendment) Bill (2016), which parliament passed on April 6, 2017, means that making regulations for the telecommunications sector is in the sole preserve of the minister. Among others, such regulations are related to licensing and fees, operator obligations, competition, consumer rights and protection. It is for this reason that the newly passed law, which was gazetted back in February 2016 when still a bill faced criticism from civil society.
“The Minister may, after consultation with the Commission and with the approval of Parliament, by statutory instrument, make regulations for better carrying into effect the provisions of this Act.” Section 93(1) of the Uganda Communications Act 2013
“The Minister may, after consultation with the Commission, by statutory instrument, make regulations for better carrying into effect the provisions of this Act.” Section 93(1) of the Uganda Communications (Amendment) Bill (2016)
The authority, Uganda Communications Commission (UCC), was set up in 1997 by the now repealed Communications Act, Cap. 106 (section 3) and now established by the Uganda Communications Act, 2013 (section 4) (the Act) as the regulator of the communications sector but has since inception faced criticism over lack of independence from the government. The Act gives extensive powers to the minister of ICT, including to appoint the commission’s executive director and board members and to approve its budgets.
Meanwhile, there are growing concerns about mass surveillance particularly in the absence of a data protection and privacy law to safeguard citizen data collected by the state and private parties. These are further aggravated by the haphazard implementation of laws which have an impact on citizens’ communications.
On April 12, 2017, the telecom industry regulator Uganda Communications Commission (UCC) announced a seven-day deadline for subscribers to update their registration details using national identity (ID) cards in a move reportedly to address cybercrime. Mandatory SIM card registration has been in force since March 2012. At the time of the original deadline for conclusion of the exercise in August 2013, the commission reported that 92% of SIM cards were registered. However, investigations into past and recent crimes have revealed the continued existence and use of unregistered SIM cards.
The April 12 directive raised concerns about the conflicting requirements for the validation of SIM cards, with subscribers pointing out that various other forms of identification other than a national ID should be recognised. Pursuant to the Regulation of Interception of Communications Act 2010, Section 9(1), SIM card registration requires the subscriber’s full name, residential address, business address, postal address and identity number as contained in an identity document. Other forms of identification that have previously been used by subscribers have included employer identity cards, driving licenses, students’ identity cards and passports.
However, following an interim order as well as public statements by the Uganda Law Society and other stakeholders, the Prime Minister issued a directive extending the SIM card verification and validation deadline for a month to May 19, 2017.
The SIM card registration exercise has attracted criticisms from human rights defenders who claim it violates freedom of expression and goes against Article 27 of the Constitution which guarantees the right to privacy by possibly enabling mass surveillance of communications. Further, the absence of a data protection and privacy law continues to expose citizens’ data which is increasingly and now repeatedly being collected by the state. There is accordingly no guarantee that personal data will not be unlawfully processes and used.
Over the past year, national security has been cited as the basis for directives by the UCC including instructions given to telecommunications service providers to enforce two social media shutdowns during 2016.
Although Uganda has signed and ratified the African Charter on Human and Peoples Rights and also fully subscribes to the international bill of rights, specifically the Universal Declaration for Human Rights and the International Covenant on Civil and Political Rights there are repeated affronts to the rights enshrined in these instruments.
It is for this reason that the Collaboration on International Policy for East and Southern Africa (CIPESA) calls for the following actions to be taken:
- The Government should adopt a multistakeholder approach in decisions affecting the ICT industry in Uganda. Decisions that affect the rights of citizens should be evidence-based and reached in consultation with other stakeholders including academia, civil society, media and the private sector.
- The Parliament should immediately pass the Data Protection and Privacy Bill, 2015 subject to the proposed amendments from the citizenry.
- Government should harmonise the implementation of laws pertaining to registration of data of citizens, refugees and non-citizens in Uganda, including the Regulation of Interception of Communications Act (2010) and the Registration of Persons Act (2015).
- There is a need to reinstate the oversight role of the Parliament over the Minister for ICT in making regulations for the ICT sector. Failure to do so will leave excessive powers within the ambit of the minister and resultantly, lead to abuse.
Read more on the State of Internet Freedom Uganda 2016.