Equipping HRDs with Legal and Digital Fortitude

Trudy Lamunu Nov. 1, 2021

I recently bought medicine from a pharmacy in Nansana and received it in an envelope made from somebody’s bank details. If you live in Uganda, this occurrence is not new. Even though data privacy laws are existent in Uganda, many citizens and organisations continue to operate oblivious of their responsibilities as per the regulations.

bfl privacy.jpg

In conjunction with THINVOID and WOUGNET, BarefootLaw hosted onsite and online workshops on Collection, Disposal and Protection of personal data. These culminated in a Stakeholder Forum which brought together participants to share their lessons and experiences from past training, how laws are implemented and allow policy makers to explain the purposes of impugned laws.

A report by BarefootLaw which analyses most of the cyber laws of Uganda found that 4 in 5 (80%) human rights defenders (HRDs) interviewed expressed a high degree of ignorance regarding these laws and the required processes for data collection and storage. This is ironic because the people that ought to be equipped with any protection laws should be those in the business of human rights defence.

The Cyberlaws and Regulations Community of Practice (CoP), consisting of BarefootLaw, Thinvoid and Women of Uganda Network (WOUGNET) as well as Unwanted Witness, and others have over the past year hosted peer-to-peer interactive workshops to discuss collection, disposal, and protection of personal data across Uganda. Goal was to allow for human rights defenders to share their take on cyber laws and how they are implemented and allow the public service officials to explain the purposes of impugned laws. This is expected to help both sides come to fair understandings/ compromises.

To close the CoP project, BarefootLaw hosted a stakeholder’s forum themed, “Data for Diversity; Improving Data Privacy Laws through Inclusion’’ on 1st of September 2021. The forum comprised two modules, a webinar and a panel discussion and acted as a culmination of workshops that were conducted before. Close to two hundred human rights defenders from all around the country participated in them and enhanced their knowledge about.


The Data Webinar

The first part of the forum was a meeting style engagement with sixty-eight (68) participants, most of whom were representatives of the organisations which we interacted with in our onsite visits.


Figure 1 Some of the organisation representatives captured in a virtual group photo.

Kennedy Kasozi, a lawyer at BarefootLaw presented a refresher on the cyber and data laws of Uganda and how the attending organisations can comply with them, while Sandra Aceng, Project Manager at WOUGNET guided on data inclusion for minority communities such as women, children and the disabled.

In her opening remarks, the project lead from BarefootLaw, Peninah Igaga, gave an in-depth account of statistics of the project.


Of the workshops, Peninah said, “The eagerness to learn was priceless. The participants showed great interest in ensuring the protection of the data of their beneficiaries and the people they work with. Indeed, these trainings and the project were a long time coming.’’

This segment was concluded by a “showcase” of organisations within the digital human rights space. This emulated what would have been a networking session albeit online. The attending organisations exchanged contact information with whomever they felt was directly in their line of work. Organisations in the showcase included Her Empire, Gender Tech Initiative, Policy, Digital Woman Uganda, Strategic Response International, and Defenders Protection Initiative.

The Data Privacy Panel

For the second part of the Stakeholder’s Forum, media personality David Oguttu moderated a much-needed conversation with the responsible public service and parliamentary offices which are in the best position to help remedy some of the injustices/ unfair laws or misunderstandings, when implementing cyber laws.

bfl privacy.jpg

Figure 2 L-R, Timothy Kakuru (BarefootLaw), Peace Amuge (WOUGNET), Stella Alibateese (NITA-U), Charity Mugasha (DHRL), and David Oguttu (Moderator)

The conversation answered questions received from interactions in the field, allowing the public to share their take on cyber laws and the policy makers to explain the purposes of impugned laws. It also gave guidance to participating organisations on how to protect their data legally. Timothy Kakuru, Head of Impact at BarefootLaw, encouraged our online attendees, “To be watchful about where we share our data and know that we are empowered to retrieve information given.”

As the first ever director of the new Personal Data Protection Office, Alibateese is responsible for the management and operationalisation of the Office and is the national focal point for monitoring and assurance of matters related to the implementation of the Data Protection and Privacy Act, 2019.

She said that as a new office, they want to be able to educate people.

We believe that if the data subjects know their rights and how to enforce them, [it] will actually [be easy] for the data processors and controllers to comply,” Alibateese explained.

Some of the proposed ways NITA will do this is by hosting webinars, translating the Act to vernacular and using radio to disseminate knowledge.

Way Forward

Along with the workshops preceding the forum, we met our objective of providing the community of HRDs and the public with knowledge, skills, and the fortitude to be legally and digitally secure with their online activities and data. If we are to be prepared and aware of potential legal action stemming from our online presence, knowledge of the law must be made readily available for all.

Ending with the wise words of another one of our panelists, Charity Mugasha, the Engagement Lead at DHRL, who challenges people to ask questions. “For example if you go to a building and are asked for our private information, we need to ask about what it is going to be used for.”