The dawn of Data Governance in Tanzania

The modern information, communication and technological world has enabled a rapid increase of data collection both personal and non-personal. The huge influx of collected data comes with added value when systematically collected, processed, visualized and analyzed for informed decisions by respective bodies whether private or public. Nevertheless, the influx of data comes with a dangerous aspect of vulnerability if there are no guidelines, policies and laws to manage the collected data, in what it’s called Data Governance (DG).

Tech Target defines “Data governance” as the process of managing the availability, usability, integrity and security of the data in enterprise systems, based on internal data standards and policies that also control data usage. Data governance is key and instrumental to effective data management at/of personal and organizational information; the data management need involve the procedures in place that consider the atmosphere before data has even started being collected, the atmosphere during the collection stage as well as post collection.

As per General Data Protection Regulation (GDPR), there are six (6) principles of Data Protection. And these are Transparency, Purpose, Limitation, Accuracy, Storage, Confidentiality and Accountability.

As part of my work in Internet Governance through Media Convegency’s work with CIPESA at the Arusha Palace Hotel with a closed group of stakeholders to share Data Governance perspectives in Legal, Security, Privacy, e-governance and Media with speakers (from the left), Media Convergency founder — Asha D. Abinallah, the CIPESA Executive Director — Wairagala Wakabi, Advocate PraiseGod M. Joseph, the Digital Security Expert - Esther Lugoe and Lovelet Sheme

Data Governance: Tanzania Context (2010–2022)

Tanzania is among the 53 countries that signed the “African Union Convention on Cyber Security and Personal Data Protection” in June 27, 2014. Exactly eight years ago to date (2022). And, yet still we have no law in place. Fathoming contextual situation of Data governance in Tanzania requires understanding the polarized approaches applied by President Jakaya Kikwete (pre- 2015 presidential elections) and those applied by the late Dr. John Pombe Magufuli (post 2015 presidential elections). Both terms and presidents are a product of the ruling party of Chama Cha Mapinduzi (CCM) but both with striking assertiveness in their different approaches of how they regard data governance. While the president Kikwete strived for an open governance policy (which also favors data collection, timely sharing and access to information as well as availability raw data) the later had an opposite stance towards it. A striking example is the Open Government Partnership (OGP), it was during Magufuli that the government withdrew from the OGP in July 2017, in which President Kikwete had taken initiative to join in 2011 just after he was elected as president for the second term in 2010.

The Magufuli era came in with the manifestations towards data in ways that favoured the authorities over all other entities. The civic space, and more on the freedom of speech and assembly had suffered severely where most underlying factors for consequences was imposed on individuals (especially public figures from oppositions and activists) and intermediaries (especially mobile companies and service providers from the Civil Society Organisations). The Magufuli era has been one of the times in Tanzania history where personal data information has been collected by the authorities in all forms and ways through biometric methods as well as other digitized forms of data collection.

Aside from other sectors role in data collection and governance, the Tanzanian government has done a great job at digitization (though with a great room of improvement). It has digitized its governance systems in a manner where personal data and information has been synchronised with no regards in its privacy or protection in a most vulnerable state. The principles of Data Protection and Privacy highly disregarded as a result of the lack of laws or guidelines. For instance, the mandatory sim card biometric registration, The National Identification biometric process and other several initiatives all adds to the vulnerability of the personal data collected without laws and regulations guiding collection and usage.

The legal framework of Data Governance in Tanzania

Currently Tanzania does not have dedicated laws or policies to govern personal nor non- personal offer data protection and protection of consumers against contemplated risks concerning data security. Despite the lack of a single law to protect data, there are some laws in place enacted to depending on the various legislations and sectoral laws which regulate data and offer protection in varying degrees. There are over ten (10) sections from ten (10) different regulations and laws among them the Constitution of the United Republic of Tanzania of 1977 in where Article 19 states that

“Every person is entitled to respect and protection of his person, the privacy of his own person, his family and of matrimonial life, and respect and protection of his residence and private communications”

Nevertheless, there are initiatives in place that gives light and hope to the realization of Data Governance in Tanzania (effective or not, time will tell). For instance, just when new Ministry of Communication and Information Technology was introduced late 2019 there was a slight improvement in the technological landscape, with introduction and existence of initiatives such as the “Data Use Partnership (DUP)” which has a well-defined data management aspect to it in lines of health.

A law on Data Protection and Privacy is needed now more than ever. not only to protect the privacy but most importantly to regulate why, how and when information is to be collected as well as the right channels and modes of sharing it to third parties. Being fortunate to be one of the stakeholders in the ecosystem, Tanzania is almost at its final stages of collecting data from stakeholders to integrate into the bill which has been announced to be tabled anytime soon. It should be noted it is being implemented closely influenced by the World Bank’s Digital Tanzania Project.

Identified Gaps in Tanzania in regards to Data governance

1. Lack of Comprehensive Legal Framework in data governance.
2. We don’t have a specific body or Regulator for data governance.
3. There is a lot of practice of Data transfer outside the Jurisdiction.
4. Limited Technology, Knowledge and Capacity required in Data Governance across sectors.
5. Very limited citizen knowledge on the rights and risks of Data Governance.
6. Very limited interest of key players in the important agenda such as the Media Stakeholders, Private and Public Sectors, the Civil Society and others.
7. A limited number of CSOs working in the thematic area and we have key stakeholders not aware of what, how and why we need to localize Data Protection and Privacy.

With the CIPESA Executive Director — Wairagala Wakabi after a Data Governance session in Arusha

My passion in Internet Governance posed an opportunity for Media Convergency to work with the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) on a research conducted in ten (10) countries with Tanzania among them. Media Convergency represented Tanzania working with a team which had legal experts on board.