Currently, the world is migrating to digital platforms for social use, financial transactions, and educative functions, among others.
These steps involve input of personal data on the different platforms, a process that puts users’ data and information at risk.
On a daily, users interact with public Wi-Fi networks, and most are unsecured, putting them at risk of a breach.
A hacker can easily take control of the network and tap into your connection, they can see what websites you visit, your accounts, and passwords, or install malware on your device to track your activity and steal your data, even when you are no longer using public Wi-Fi.
According to the Personal Data Protection Office, the impact of trends like Artificial Intelligence on data protection and privacy can be both positive and negative.
Grace Kenganzi, the Manager of Public Relations and International Affairs, at the Personal Data Protection Office (PDPO), said artificial intelligence involves the processing of large amounts of data including personal data which makes it easier for personal data to be collected and shared.
She noted that while this is good, it also increases the chances of this personal data being misused, and the rights of the data subject being abused.
“This can happen if the personal data is processed without the consent of the individual whose information is being used. It can also happen if the data controller or collector is not transparent about why they are collecting or processing the personal data, how they plan to use it, and who will have access to it,” she said.
She added that increased Internet access has led to easier collection and processing of personal data, even inadvertently.
“Think about how many times you fill in your name, email address, phone number, and address while using an online service. All that is personal data. The other side of the coin to this ease in data collection and processing is the fact that this data becomes susceptible to online data breaches.”
Kengazi noted that data processors and collectors should have strong measures in place to protect the data.
“Beyond good cyber security measures, data protection should be thought of even as data processors and collectors design these online services. For example, they can keep the principle of minimality in mind while designing signup forms by asking for only the information they are required for customers to use a given service.”
The government of Uganda enacted, the Data Protection and Privacy Act, 2019 (the Act) to protect the privacy of the individual and of personal data.
The Act further regulates the collection and processing of personal information as well as provides for the rights of the persons whose data is collected among other key areas.
“Personal data” refers to any information that you provide to anyone about yourself and could be recorded into systems, filed, and processed. If you can be identified from that data, then it is personal data.
According to Dorothy Mukasa, Executive Director – Unwanted Witness, to achieve government’s vision (2040 Digital Vision and National Development Plan 3) Uganda needs to prioritize the development of a robust digital infrastructure, including broadband connectivity, digital literacy, and e-government services.
She adds that this requires significant investment in ICT infrastructure and human resource development, as well as the creation of an enabling policy and regulatory environment that promotes innovation, competition, digital inclusion, and digital rights.
She explained that “Investment in ICT is not just a financial endeavor; it is an investment in the empowerment of individuals and the safeguarding of their digital rights.
She added, “By harnessing the transformative power of technology, we can pave the way for a future where every Ugandan can enjoy the full benefits of the digital world while upholding their fundamental rights and freedoms.”
Kengazi also suggested that data controllers or processors who utilize AI to handle personal data should have the consent of the individual whose data will be collected or processed.
Second, they should be open or transparent about what they intend to use this personal data for, but also ensure that a human is supervising the collection and processing of personal data even when it is being done via AI –this shows a level of accountability.
She noted that having laws such as the Data Protection and Privacy Act, 2019, and a regulator like the PDPO to implement, is one of the ways of strengthening mechanisms to address data protection breaches.
“This provides a framework within which to address the risks that technology advancement poses to data protection and privacy,” she explained.