The importance of strong data protection policies cannot be understated. In the absence of strong, proactive legislation, internet users around the world remain vulnerable to intentional attacks on their privacy and unintentional breaches that put them at risk.
Internews’ Advocating for Data Accountability, Protection, and Transparency (ADAPT) project is building a coordinated advocacy effort to promote rights-respecting privacy policies and help internet users understand what protections currently exist to keep their data, and themselves, safe online.
Even in countries that have recently passed data protection legislation, it is important that individuals, private companies, and government have a strong understanding of how the law will be enforced, who will provide oversight, and how it will impact everyday internet users. ADAPT will regularly publish blog posts, podcasts, and other content that simplifies and highlights each stage of the legislative lifecycle.
Data protection laws and regulations are complex and evolving. ADAPT equips traditional internet rights advocates with the legal resources and expertise to conduct informed and effective campaigns promoting rights-respecting privacy policies in their respective countries.
ADAPT’s consortium partners are working on privacy advocacy and data protection legislation in six countries in Africa and Latin America. Data protection regulations vary widely across these countries, with some only just beginning to advocate around data rights while other countries have drafted or passed legislation. As a result, ADAPT is identifying and building strategies for each stage of the advocacy lifecycle, and working with consortium partners to engage in collaboration and information sharing across countries and regions. Learn more about the state of data protection in the six target countries here.
Bolivia does not have a personal data protection law, but its constitution does recognize the right to privacy. The laws that currently exist governing issues of privacy and data constitute a scattered and incomplete regulatory framework. A summary of the state of privacy and personal data legislation in the country can be found here [Spanish]. Draft data protection legislation has been introduced to the Bolivian lower chamber and is awaiting further review and consultation.
The Brazilian General Data Protection Legislation (LGPD), drafted in 2018 and effective as of February of 2020, is in its early stages of implementation. To oversee enforcement, Brazil’s former president established the Data Protection Authority (DPA), tasked with operationalizing the nascent legislation. In these early stages, advocacy efforts in the country are focused on ensuring the DPA maintains consultation with civil society and human rights groups in developing good guidelines and regulations, staffs its ranks with respected experts, and establishes independence from the federal government as it begins enforcing sanctions this year.
Ecuador enacted the Ley Orgánica de Protección de Datos Personales de Ecuador (Law for the Protection of Personal Data in Ecuador) or the LOPD in May of 2021. The scope of the Law includes both the public and private sectors. It has a broad scope and guarantees a framework for natural persons, reaching economic sectors and authorities, with certain exceptions. In addition, it safeguards the protection of fundamental data by establishing obligations that regulate the adequate treatment of data, including tools such as the notification of data breaches and the appointment of data protection delegates.
Ethiopia has no specific legislation on data protection, and the issue is relatively new to public discourse in the country. Civil society efforts are currently focused on promoting greater awareness around personal data protection issues and getting in at the ground level to ultimately propose draft legislation.
In 2019 Kenyan lawmakers passed the Kenya Data Protection Act, a robust legal framework that sought to modernize the countries legislation around the use of personal data. Other related laws include the Data Protection Policy (2019), ICT Policy (2019) and a handful of older legislation governing information, communications, and cybercrimes. Despite the country’s relative success in passing data protection legislation, oversight and enforcement remain weak, and a lack of funding and awareness have hindered implementation.
The Nigerian Data Protection Regulations (NDPR) was passed in 2019. Two additional bills (the Data Protection Bill and the Digital Rights and Freedoms Bill) are currently being debated, however, that would add to the landmark legislation. The concept of data protection is still relatively new to Nigeria, though, and civil society efforts aim now to educate policymakers and the public to help guide enforcement and implementation.
Officially founded in 2018, Internet Bolivia brought together an existing community of individuals that had for years been working to advance human rights on and offline with the goal of specifically addressing the issue of digital rights in Bolivia. Internet Bolivia is currently the only NGO in Bolivia working on digital rights and data protection and pursuing reforms at the local, regional, and national level. Their work on data protection includes an initiative under Internews’ iREV project to develop websites and infographics focused on data protection as part of their awareness raising campaign aimed at civil society. They have also worked directly with the government to provide their inputs to the data protection law and have worked with AccessNow on a data protection report.
Founded in 2015, Coding Rights is a women-run organization working to expose and redress the power imbalances built into technology. Coding Rights has contributed to consultations and hearings on Brazilian data protection policies since 2009, long before the current policy was passed. Since then, they have been the advocacy organization pushing hardest for data protections in Brazil, conducting awareness-raising activities, educating and seeking feedback from community members, and conducting workshops on data protection.
Since its founding in 2009, FCD has worked to promote and defend the rule of law, democratic principles, and individual freedom in Ecuador by promoting democratic processes and transparency both on and offline. Their work on transparency and anticorruption has also featured a strong focus on ensuring open data in Ecuador.
CARD, founded in 2018, is a reimagined and more expansive version of a previous organization known as the Ethiopia Human Rights Project (EHRP) which was established in 2014 as a foreign based Human Rights Organizations. CARD’s programming is dedicated to promoting democratic principles through Ethiopia’s institutions, focusing in particular on issues like freedom of expression and disinformation.
KICTANet was founded in 2003 and has since become one of the most well-respected digital rights organizations in Kenya. They have worked extensively with the government, as the lead organization on the taskforce that provided comments on privacy, security and free expression issues with regards to Kenya’s data protection bill. Since then, KICTANet has been able to present comments during the public participation engagement period and has consulted with both the Senate and the National Assembly on issues regarding the data protection bill.
Since their founding in 2008, Paradigm Initiative has worked to advance Internet freedom in Nigeria and implemented large multi-country programs throughout Africa. Since then, Paradigm Initiative has been on the forefront of pushing for data protections in Nigeria. Paradigm has been advocating for and raising awareness on the lack of personal data protections, including direct advocacy with lawmakers, and partnering with many international organizations to publish articles and research on current practices in Nigeria.