Why is it important to understand data protection, privacy Act

by Business Times writer
0 comment
Photo courtesy

It has become increasingly common in Uganda to witness the circulation of individuals’ personal information online or the unwarranted disclosure of private details by others. Such occurrences have led to a plethora of privacy-related issues for individuals, often resulting in regret for having shared excessive personal information.

In Uganda, possessing knowledge about personal information, privacy rights, and data protection has become indispensable. Without such awareness, individuals risk finding themselves at the centre of online attention or regretting their past disclosures.

The Data Protection and Privacy Act of 2019 defines personal data as information that can identify an individual, recorded in any format. This includes details about nationality, age, marital status, educational background, occupation, identification numbers, and other particulars assigned to an individual. Additionally, it encompasses opinions expressed about an individual.

Uganda has witnessed numerous instances of data breaches, with the most recent involving the Uganda Securities Exchange (USE) and its technological partner, Soft Edge LTD. This breach led to unauthorized access to the personal data of individuals collected by USE. Despite the existence of data protection laws, significant amounts of personal data, including sensitive information, continue to be collected by both governmental bodies and private entities, often disregarding established data protection standards.

The government frequently initiates data collection drives for national development purposes. For instance, the upcoming Population Census 2024 will entail the gathering of extensive personal information, which, if mishandled, could lead to misuse.

Observations indicate that the government is intensifying its mandatory collection of sensitive personal data. Examples include the National ID system and plans by various government agencies, such as the Uganda Police Force, to integrate CCTV forensic systems with National ID data and immigration records.

The creation of a centralized local data centre for government agencies in Jinja has enabled the sharing of citizens’ information among various departments without their explicit consent, thus contravening principles outlined in data protection laws. Section 10 of the Data Protection and Privacy Act, 2019 expressly forbids the collection and processing of personal data in ways that intrude upon individuals’ privacy.

For Ugandans, grasping the Data Protection and Privacy Act is crucial, especially now that personal information has become highly valued and commercial in the digital era.

We must rethink how our data is utilised: Who collects it? Why is it collected? Is it strictly necessary? Are there adequate safeguards to protect our privacy? Can I access, rectify, or delete my data? Is it shared with third parties? There are many considerations to weigh before sharing personal information. Today we’ll explore these aspects for you better to understand the Data Protection and Privacy Act 2019.

Who is a data collector and what principles govern data protection?

The Data Protection and Privacy Act 2019 defines a data collector as an individual or entity responsible for gathering data. It outlines the principles of data protection and specifies that anyone dealing with personal data must adhere to the following guidelines:

Accountability: Any entity or individual involved in collecting, processing, holding, or utilizing personal data must be answerable to the data subject for the handling of that data.

Fair and lawful collection and processing: Data must be collected and processed fairly and lawfully, adhering to relevant legal regulations.

Adequacy and relevance: Only adequate, appropriate, and necessary personal data should be collected, processed, used, or held.

Data retention: Personal data should be retained for the duration authorized by law or for the period necessary for the purpose for which the data was collected.

Quality assurance: Measures must be taken to ensure the quality of the information collected, processed, used, or held.

Transparency and participation: Data subjects should be informed and involved in the collection, processing, use, and retention of their data, promoting transparency in these processes.

Security safeguards: Adequate security measures should be implemented to safeguard the collected data against unauthorized access, disclosure, alteration, or destruction.

How does Uganda ensure the protection of its citizens’ privacy and personal data?

In Uganda, data protection is governed by the Data Protection and Privacy Act, 2019, and Data Protection and Privacy Regulations, 2021. This legislation establishes the legal framework for the protection of personal data and provides individuals with control over their personal information.

The Data Protection and Privacy Act 2019 stipulates that “No data collector, data processor, or data controller is allowed to collect, hold, or process personal data in a way that violates the privacy of a data subject.” Additionally, it mandates that if a data collector, data processor, or data controller suspects unauthorized access or acquisition of a data subject’s data, they must promptly notify the Authority in the prescribed manner about the unauthorized access or acquisition and the measures taken to address the situation.

Given the increasing number of internet users in the country, it is crucial for every Ugandan, whether online or using traditional methods, to understand the Data Protection and Privacy Act of 2019. According to the Data Reportal, Uganda had 13.30 million internet users in January 2024, with an internet penetration rate of 27.0 percent of the total population at the beginning of 2024.

Paradigm Initiative highlights that “With the increasing use of digital technologies, cybercrime is on the rise in Africa. If personal information is compromised, it can be used to gain access to accounts, steal identities, or even commit crimes. However, all is not lost! There are steps we can take to protect ourselves. One of the most important things is to be aware of the personal information we share online and to be selective about what we post.”

At the beginning of the year, the Personal Data Protection Office initiated the #StopthinkOwnyourPrivacy campaign to mark Data Protection Month in Uganda and celebrate Data Protection Day. This campaign included the launch of a five-year strategic plan on privacy and data protection.

During the launch, the Minister for ICT and National Guidance, Hon. Dr. Chris Baryomunsi, highlighted that in Uganda, as in other parts of the world, data privacy is a fundamental right and a cornerstone upon which digital freedoms are built. He emphasized that while we must acknowledge and embrace the transformative power of technology, we must also remain cognizant of its potential to infringe upon our privacy.

Paradigm Initiative notes that “One of the main reasons privacy is important is because it allows individuals to control their personal information and who has access to it. Without privacy, individuals are at the mercy of companies, governments, and other third parties who may use their information (also known as Data) for their gain. This can lead to things like targeted advertising, discrimination, harassment, identity theft, and even extortion.

In a world where our data is collected through numerous avenues each day, it’s vital for us, as data subjects, to grasp how we can enhance the protection of our data and privacy in this digital age.

You may also like

Leave a Comment

About Us

Business Times Uganda, is a leading Business news website focusing on Finance, Energy, Infrastructure and Technology. 

Feature Posts


Subscribe our newsletter for latest news. Let's stay updated!

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
error: Content is protected !!