A Guest Post by Leonce Muvunyi & Louis Gitinywa
Starting from May of 2019, the government of Rwanda has embarked on putting up the Closed-Circuit Television (CCTV) cameras all around the main roads of the city of Kigali. According to Wikipedia, a closed-circuit television(CCTV) is also known as video surveillance is a type of camera network system that enables surveillance by transmitting its signals only to the screens that are directly connected to it. The State institutions like Rwanda Information Society Authority (RISA) and Rwanda National Police in charge of implementing this policy claim that use of CCTVs will significantly boost security efforts by establishing a robust mechanism of deterring, preventing and detecting crime. And therefore they have started enforcing their utilization in line with ensuring road traffic safety.
However, there are some concerns about the process of collection, handling and sharing of personal data and risks of illegal surveillance through the use of CCTVs continue to divide the public opinion as the government embarks on tapping into ICT solutions to ensuring public security.
According to the Inspector General of Police Dan Munyuza, the enforcement of cameras networks across the country, which is anchored into the special presidential directives, is in line with ensuring the general public security;
“They are well advanced to the extent they don’t only capture the traffic speed, there those which monitor the violations of road traffic regulations, and there those that could run number plate recognition of vehicles, and we can see them from the commanding post here at the police headquarters,” said IGP Munyuza, during a recent interaction session with the media.
Apart from the CCTV Networks in Kigali city, the government has started enforcing the “traffic radars” on the highways connecting capital city Kigali with neighboring countries since earlier in May this year, which will be over hundreds of traffic radars devices installed.
These include Kigali- Kagitumba as you connect to the Kagitumba border with Uganda, Kigali- Rusumo on your way to Tanzania, Kigali-Nyamata-Nemba connecting with Burundi, Kigali-Muhanga-Huye- Rusizi going in the south-west border with Democratic Republic of Congo and Kigali-Musanze as you connect with DR Congo in the north-west.
In addition, the government has adopted a new policy along with a number of measures; the use of technology that would significantly improve road safety and security of its users. Government officials emphasize that all these measures add up on the Law Governing Information and Communication Technologies of 2018, which provides for prevention and punishment against cybercrime offenses.
“We are going to roll out the installation of the radar countrywide with much emphasis made on the accident spots. Some of them will be static whereas others will be mobile and placed on a certain area for a different purpose,” Munyuza revealed that, a survey that had been carried out on the roads had indicated several places, and it had suggested where all these cameras would be installed.
According to the head of Rwanda national Police IGP Munyuza, which is now under the docket of the newly reintroduced Ministry of Internal Security, CCTV data is collected through a dedicated private network that can not be accessible over the Internet. The storage of this data is regulated by internal standard operating procedures of the Rwanda national police and the use of relevant tools to secure the IT environment.
In this context of the introduction of digital surveillance’cutting-edge technology capacity, coupled with the massive development of the digital economy in both the public and private sector requires the need to have a comprehensive data protection legal framework in place, to protect and promote the right to privacy.
Data collection in the wake of data scandals such as Cambridge Analytica and the 2018 Google data breach have culminated in public skepticism in ways of data in which data is collected and processed. A great responsibility is placed on the state to protecting the privacy of citizens by implementing more comprehensive guidelines preventing government and corporations from overstepping their boundaries by articulating the rights and freedoms of people in digital spaces, meaning data subjects can request information about why and how their data is processed. This is considering that today Rwanda is striving for the digital era with the proliferation use of biometrics and digitized public services.
Furthermore, as the digital economy and cashless transactions, are becoming increasingly common in the country. while these systems promote certain benefits. however, there is however insufficient focus on the potential consequences of the technology such as the collection and use of personal data for commercial purposes, and how this practice leads to algorithmic manipulation of human behavior on the decision we make and the services we receive.
In the meantime, this recent development links up with the global debate about the ability of silicon valley’s GAFA (Google, Amazon. Facebook, and Apple) to freely collect consumers personal data in developing countries without any regulations has raised questions and public concerns about the lack of a clear comprehensive legislation and a regulatory framework on personal data privacy and data protection in the country.
Although, article 23 of the constitution of Rwanda of 2003 (revised in 2015), reaffirms the respect for privacy. Besides the constitution, other relevant laws like the penal code, the 2010 law relating to electronic transactions and the 2001 law governing telecommunications recognize and provides for some guidelines regarding the protection of privacy and personal data. However, the right to privacy enshrined in the Rwandan constitution has yet to be operationalized, the existing ICT laws and regulations only recognize so far the user consent and opt-in mechanisms.
With regard to the protection of privacy and personal data information, it is important to note that according to the recent figures published in 2019 by Rwanda Investigation Bureau it has been revealed that there were at least 113 cases of cybercrime particularly targeting personal data related to financial transactions. A figure that has doubled compared to the previous year of 2018.
Furthermore, based on the recent 2018 Africa Cybersecurity Report by Serianu Limited, the cost of theft of personal data in Africa was estimated at $3.5 Billion, a rise from 2016.
The use of technology in public life should be centered around transparency and the rule of law. In particular, privacy and security as the pillars of trustworthy services that enhance the overall well being of citizens. The development and the implementation of smart cities and the safety and security policies must be done responsibly, with full understanding and mitigation of their impact on the citizens’ right to privacy and other constitutional rights. while the rights to privacy and personal data are not absolute. They must be rigorously safeguarded, the right to privacy may only be limited through a law that regulates infringement.
Although some databases can be used for legitimates purposes, however, there are many risks associated with collecting and storing the very information that constitutes an individual’s identity. The Cambridge Analytica scandal shows us how damaging technologies can have a corrosive effect on privacy, the misappropriation of personal information can deny individuals their identity especially when data is collected without proper control or oversight. In many countries around the world, national privacy laws are increasingly being revised to strengthen the protection of personal data privacy and impose penalties for data breaches.
As Rwanda today is striving for the digital era with digitized public services with open portals like “Irembo”, cashless transactions, digitized citizens’ identity cards, and passports. Thus as the scale and the scope of digital economy development accelerates the demand for data is increasing. further, in the context of the current vacuum of a comprehensive data framework, there is a heightened risk of data misuse. Therefore it is imperative for the government to respond to public concerns around privacy with a robust legal framework for data protection that will enforce accountability towards the citizens over the use of their personal information by bodies or corporations that collect them.
GITINYWA Louis is a lawyer and legal researcher based in Kigali, his specializations include Digital rights & Tech Law, Constitutional Law, and Trade & Regional Integration Law. [email protected]