Can we imagine an
internet that respects
our digital rights?

The importance of strong data protection policies cannot be understated. In the absence of strong, proactive legislation, internet users around the world remain vulnerable to intentional attacks on their privacy and unintentional breaches that put them at risk.

Explore

Featured Publications

The Data Protection Regulators Report published in 2022 outlines the key challenges faced by DPAs and areas for support and information sharing. The report recently received the Privacy Papers for Policymakers Award

Click here to read the Regulator’s Report

To learn about some of the creative approaches to advocacy taken by data protection leaders across the global majority, take a look at our brief country snapshots here:

Click here to read about our partners’ creative approaches to advocacy

Making sense of the data privacy landscape

Internews’ Advocating for Data Accountability, Protection, and Transparency (ADAPT) project is building a coordinated advocacy effort to promote rights-respecting privacy policies and help internet users understand what protections currently exist to keep their data, and themselves, safe online.

Even in countries that have recently passed data protection legislation, it is important that individuals, private companies, and government have a strong understanding of how the law will be enforced, who will provide oversight, and how it will impact everyday internet users. DIRECT will regularly publish blog posts, podcasts, and other content that simplifies and highlights each stage of the legislative lifecycle.

Informed advocacy

Data protection laws and regulations are complex and evolving. DIRECT equips traditional internet rights advocates with the legal resources and expertise to conduct informed and effective campaigns promoting rights-respecting privacy policies in their respective countries.

Where we operate

DIRECT’s consortium partners are working on privacy advocacy and data protection legislation in six countries in Africa, Southeast Asia, and Latin America. Data protection regulations vary widely across these countries, with some only just beginning to advocate around data rights while other countries have drafted or passed legislation. As a result, DIRECT is identifying and building strategies for each stage of the advocacy lifecycle, and working with consortium partners to engage in collaboration and information sharing across countries and regions. Learn more about the state of data protection in the six target countries here.

Bolivia

Bolivia does not have a personal data protection law, but its constitution does recognize the right to privacy. The laws that currently exist governing issues of privacy and data constitute a scattered and incomplete regulatory framework. A summary of the state of privacy and personal data legislation in the country can be found here [Spanish]. Draft data protection legislation has been introduced to the Bolivian lower chamber and is awaiting further review and consultation.

Learn More

Brazil

The Brazilian General Data Protection Legislation (LGPD), drafted in 2018 and effective as of February of 2020, is in its early stages of implementation. To oversee enforcement, Brazil’s former president established the Data Protection Authority (DPA), tasked with operationalizing the nascent legislation. In these early stages, advocacy efforts in the country are focused on ensuring the DPA maintains consultation with civil society and human rights groups in developing good guidelines and regulations, staffs its ranks with respected experts, and establishes independence from the federal government as it begins enforcing sanctions this year.

Learn More

Ecuador

Ecuador enacted the Ley Orgánica de Protección de Datos Personales de Ecuador (Law for the Protection of Personal Data in Ecuador) or the LOPD in May of 2021. The scope of the Law includes both the public and private sectors. It has a broad scope and guarantees a framework for natural persons, reaching economic sectors and authorities, with certain exceptions. In addition, it safeguards the protection of fundamental data by establishing obligations that regulate the adequate treatment of data, including tools such as the notification of data breaches and the appointment of data protection delegates.

Learn More

Ethiopia

Ethiopia has no specific legislation on data protection, and the issue is relatively new to public discourse in the country. Civil society efforts are currently focused on promoting greater awareness around personal data protection issues and getting in at the ground level to ultimately propose draft legislation.

Learn More

Kenya

In 2019 Kenyan lawmakers passed the Kenya Data Protection Act, a robust legal framework that sought to modernize the countries legislation around the use of personal data. Other related laws include the Data Protection Policy (2019), ICT Policy (2019) and a handful of older legislation governing information, communications, and cybercrimes. Despite the country’s relative success in passing data protection legislation, oversight and enforcement remain weak, and a lack of funding and awareness have hindered implementation.

Learn More

Nigeria

The Nigerian Data Protection Regulations (NDPR) was passed in 2019. Two additional bills (the Data Protection Bill and the Digital Rights and Freedoms Bill) are currently being debated, however, that would add to the landmark legislation. The concept of data protection is still relatively new to Nigeria, though, and civil society efforts aim now to educate policymakers and the public to help guide enforcement and implementation.

Learn More

Core Issues

Supporting privacy advocacy networks in the Global South

Privacy is Global! DIRECT builds networks to enable collaboration and information sharing for new data protection models, approaches, and best practices emerging from the Global South. Through DIRECT consortium activities, privacy advocates across countries and regions are better able to share technical expertise, advocacy best practices, collectively troubleshoot enforcement challenges and build cross-border projects and trainings.

Getting Creative with Privacy Advocacy

DIRECT supports organizations seeking to build capacity & networks amongst diverse constituencies to build coalitions & public support for rights-respecting data protection frameworks. Our consortium is building models for engaging new communities and expanding narratives around why data privacy is vital for all.

Enforcement Issues

Privacy advocacy doesn’t stop once data protection legislation is passed. Many countries continue to struggle with enforcement challenges including adequately funding regulatory bodies, human and technical constraints, inadequate infrastructure, and challenges with the cross-border nature of data protection regulations. DIRECT seeks to confront these challenges through nuanced advocacy and regulatory engagement.

Protecting the Data of the most Marginalized

We are all impacted by increasing levels of corporate and state surveillance. However, marginalized groups including the poor, racial and religious minorities, LGBTQ individuals, indigenous peoples, and women are disproportionally impacted and left vulnerable without specific legal protections. DIRECT supports organizations supporting these groups to better advocate for their data rights and push for policies to protect and empower these communities online.

Digital ID

The challenges surrounding the lack of legal identity in many countries has led to a global call for ‘legal identity for all’ and the development and issuance of varied Digital ID schemes in developing countries. However, the implementation of such schemes has not been devoid of abuse, with discrimination putting at risk the lives and livelihoods of the very individuals it is intended to benefit. The DIRECT project seeks to address the role of data protection in mitigating risks around privacy, cybersecurity, freedom of expression and equity and to design more trustworthy and rights-respecting Digital ID systems.

Partners

Officially founded in 2018, Internet Bolivia brought together an existing community of individuals that had for years been working to advance human rights on and offline with the goal of specifically addressing the issue of digital rights in Bolivia. Internet Bolivia is currently the only NGO in Bolivia working on digital rights and data protection and pursuing reforms at the local, regional, and national level. Their work on data protection includes an initiative under Internews’ iREV project to develop websites and infographics focused on data protection as part of their awareness raising campaign aimed at civil society. They have also worked directly with the government to provide their inputs to the data protection law and have worked with AccessNow on a data protection report.

Founded in 2015, Coding Rights is a women-run organization working to expose and redress the power imbalances built into technology. Coding Rights has contributed to consultations and hearings on Brazilian data protection policies since 2009, long before the current policy was passed. Since then, they have been the advocacy organization pushing hardest for data protections in Brazil, conducting awareness-raising activities, educating and seeking feedback from community members, and conducting workshops on data protection.

Since its founding in 2009, FCD has worked to promote and defend the rule of law, democratic principles, and individual freedom in Ecuador by promoting democratic processes and transparency both on and offline. Their work on transparency and anticorruption has also featured a strong focus on ensuring open data in Ecuador.

KICTANet was founded in 2003 and has since become one of the most well-respected digital rights organizations in Kenya. They have worked extensively with the government, as the lead organization on the taskforce that provided comments on privacy, security and free expression issues with regards to Kenya’s data protection bill. Since then, KICTANet has been able to present comments during the public participation engagement period and has consulted with both the Senate and the National Assembly on issues regarding the data protection bill.

Since their founding in 2008, Paradigm Initiative has worked to advance Internet freedom in Nigeria and implemented large multi-country programs throughout Africa. Since then, Paradigm Initiative has been on the forefront of pushing for data protections in Nigeria. Paradigm has been advocating for and raising awareness on the lack of personal data protections, including direct advocacy with lawmakers, and partnering with many international organizations to publish articles and research on current practices in Nigeria.