Can we imagine an internet that respects our digital rights?
The importance of strong data protection policies cannot be understated. In the absence of strong, proactive legislation, internet users around the world remain vulnerable to intentional attacks on their privacy and unintentional breaches that put them at risk.
ExplorePartners
Making sense of the data privacy landscape
Internews’ Advocating for Data Accountability, Protection, and Transparency (ADAPT) project is building a coordinated advocacy effort to promote rights-respecting privacy policies and help internet users understand what protections currently exist to keep their data, and themselves, safe online.
Even in countries that have recently passed data protection legislation, it is important that individuals, private companies, and government have a strong understanding of how the law will be enforced, who will provide oversight, and how it will impact everyday internet users. ADAPT will regularly publish blog posts, podcasts, and other content that simplifies and highlights each stage of the legislative lifecycle.
Informed advocacy
Data protection laws and regulations are complex and evolving. ADAPT equips traditional internet rights advocates with the legal resources and expertise to conduct informed and effective campaigns promoting rights-respecting privacy policies in their respective countries.
Where we operate
ADAPT’s consortium partners are working on privacy advocacy and data protection legislation in six countries in Africa and Latin America. Data protection regulations vary widely across these countries, with some only just beginning to advocate around data rights while other countries have drafted or passed legislation. As a result, ADAPT is identifying and building strategies for each stage of the advocacy lifecycle, and working with consortium partners to engage in collaboration and information sharing across countries and regions. Learn more about the state of data protection in the six target countries here.
Bolivia
Bolivia does not have a personal data protection law, but its constitution does recognize the right to privacy. The laws that currently exist governing issues of privacy and data constitute a scattered and incomplete regulatory framework. A summary of the state of privacy and personal data legislation in the country can be found here [Spanish]. Draft data protection legislation has been introduced to the Bolivian lower chamber and is awaiting further review and consultation.
Brazil
The Brazilian General Data Protection Legislation (LGPD), drafted in 2018 and effective as of February of 2020, is in its early stages of implementation. To oversee enforcement, Brazil’s former president established the Data Protection Authority (DPA), tasked with operationalizing the nascent legislation. In these early stages, advocacy efforts in the country are focused on ensuring the DPA maintains consultation with civil society and human rights groups in developing good guidelines and regulations, staffs its ranks with respected experts, and establishes independence from the federal government as it begins enforcing sanctions this year.
Ecuador
On May 10, 2021, the Ecuadorian National Assembly unanimously passed the country’s first comprehensive data legislation. In addition to enumerating regulations and citizen/user rights around data privacy, the law also established a national data protection authority. It also seeks to regulate cross-border data transfers through a new Superintendent office, imposing steep fines for business who fail to comply. The law draws largely from the GDPR but features some key differences around individual monetary penalties for violations.
Ethiopia
Ethiopia has no specific legislation on data protection, and the issue is relatively new to public discourse in the country. Civil society efforts are currently focused on promoting greater awareness around personal data protection issues and getting in at the ground level to ultimately propose draft legislation.
Kenya
In 2019 Kenyan lawmakers passed the Kenya Data Protection Act, a robust legal framework that sought to modernize the countries legislation around the use of personal data. Other related laws include the Data Protection Policy (2019), ICT Policy (2019) and a handful of older legislation governing information, communications, and cybercrimes. Despite the country’s relative success in passing data protection legislation, oversight and enforcement remain weak, and a lack of funding and awareness have hindered implementation.
Nigeria
The Nigerian Data Protection Regulations (NDPR) was passed in 2019. Two additional bills (the Data Protection Bill and the Digital Rights and Freedoms Bill) are currently being debated, however, that would add to the landmark legislation. The concept of data protection is still relatively new to Nigeria, though, and civil society efforts aim now to educate policymakers and the public to help guide enforcement and implementation.
Core issues
Supporting privacy advocacy networks in the Global South
Privacy is Global! ADAPT builds networks to enable collaboration and information sharing for new data protection models, approaches, and best practices emerging from the Global South. Through ADAPT consortium activities, privacy advocates across countries and regions are better able to share technical expertise, advocacy best practices, collectively troubleshoot enforcement challenges and build cross-border projects and trainings.
Getting Creative with Privacy Advocacy
ADAPT supports organizations seeking to build capacity & networks amongst diverse constituencies to build coalitions & public support for rights-respecting data protection frameworks. Our consortium is building models for engaging new communities and expanding narratives around why data privacy is vital for all.
Enforcement Issues
Privacy advocacy doesn’t stop once data protection legislation is passed. Many countries continue to struggle with enforcement challenges including adequately funding regulatory bodies, human and technical constraints, inadequate infrastructure, and challenges with the cross-border nature of data protection regulations. ADAPT seeks to confront these challenges through nuanced advocacy and regulatory engagement.
Protecting the Data of the most Marginalized
We are all impacted by increasing levels of corporate and state surveillance. However, marginalized groups including the poor, racial and religious minorities, LGBTQ individuals, indigenous peoples, and women are disproportionally impacted and left vulnerable without specific legal protections. ADAPT supports organizations supporting these groups to better advocate for their data rights and push for policies to protect and empower these communities online.
Digital ID
The challenges surrounding the lack of legal identity in many countries has led to a global call for ‘legal identity for all’ and the development and issuance of varied Digital ID schemes in developing countries. However, the implementation of such schemes has not been devoid of abuse, with discrimination putting at risk the lives and livelihoods of the very individuals it is intended to benefit. The ADAPT project seeks to address the role of data protection in mitigating risks around privacy, cybersecurity, freedom of expression and equity and to design more trustworthy and rights-respecting Digital ID systems.