By Samuel Obedgiu , Agricultural Scientist and Environmental Activist . #WhisperEyeNews
In June last year, the Daily Monitor reported about the alleged data breach against the Uganda Securities Exchange (USE), allegedly leading to the exposure of personal data and sensitive customer information to the volume of 32 GB. USE is an entity approved by Capital Markets Authority where Stocks or shares for listed companies are traded.
This incident was first exposed through a tweet from an ICT security researcher called “Anurag Sen” through his Twitter handle @hak1mlukha.
One of the consequences of failure to respect data protection laws is that it can quickly result in hacks due to social engineering once this information gets into the hands of those with ill intentions. Am very sure data that leaked from USE servers is now on sale in the dark web where a lot of criminal activities take place.
Over the years, I have petitioned and lodged complaints to the authorities about numerous data breaches in Uganda. It was my petition against Safe Boda to Parliament in August 2020, that compelled the Personal Data Protection Office to initiate an investigation into ‘Guinness technologies limited “that trades as safe boda” for disregarding Uganda’s data protection laws.
Again last year, in line with the regulations made by the Minister for ICT, I formally notified Uganda Securities Exchange of this data breach and disregard of our data protection laws. The NGO Unwanted Witness also put in a notification of this data breach, as a rejoinder to the Personal Data Protection Office. However, it’s now coming to a year now and Uganda Securities Exchange hasn’t put in place any post incident remedies and neither has it taken a step to notify the individuals whose personally identifiable information leaked through their servers in Germany.
The personal Data Protection office is still silent about their investigations into this data breach, one year after they were informed. It’s both a mixture of lack of resources and incompetence on the part of the Personal Data Protection Office. If the data protection office can’t force Uganda Securities Exchange to safe guard our personal data, can it protect us against American big tech companies that collect more information about us?
Many big data companies have data analytics tools for the sole purpose of building one of the largest data bases. For instance, Cambridge Analytica before 2015, was harvesting data off of Facebook, which at the time was very easy to do. Facebook had started a program in 2010, where a developer could pay for access to any of the data for Facebook users. Many off-shore big tech companies are still employing these strategies.
For those who don’t know, data is a multi-trillion Dollar industry. Data is the world’s most valuable asset now. It runs all decision making, all user experience and communication for every organization.
Your data is important; it has contributed to one of the world’s biggest industries. In 2017, it surpassed oil and gas in value. Yet this entire time you have been producing data on digital devices, before the passing of this new data protection law, you never had any rights to it.
In this new 3rd industrial revolution, characterized by so much data miming, if you are not well educated and you are using these devices, you are being taken advantage of. 7 of the 10 most valuable companies in the world are big data companies.
None of the 54 African counties can individually force global big tech companies to respect data protection laws. We have no leverage. Africa contributes less than 1% to Facebook’s global revenues. If we raise complaints, they will simply disregard them.
This is the solution. We need an East African regional data protection agency that can go against big tech. We a can have bigger leverage with numbers. It’s sad that only 1 East African country is a signatory to the African Union Convention on Cyber Security and Personal Data Protection. We should take data protection issues more seriously than this.
There is no reason why Facebook should store African’s personal data on servers outside Africa. This is dangerous. We need a united voice on this issue