This newspaper yesterday published a story that left a chilling effect on many Ugandans who use the transport app, SafeBoda. In its investigations, the National Information Technology Authority – Uganda (NITA-U) found that SafeBoda unlawfully shared clients’ data with a US company.
Guinness Transporters, which trades as SafeBoda, is said to have failed to disclose information to customers that it was sharing their data with CleverTap, a US-based data processor.
The January 25 revelations came on the back of a storm last week after the riding app changed its terms and conditions of operation. Be that as it may, the findings just points to the bigger picture. How safe are citizens’ data on all apps?
The last decade has shown all and sundry that technology has come to change the way we do things in all spheres of life. On a daily basis, many people transact online, communicate using apps, get essential services such as treatment, food and shopping other items using online platforms.
On many occasions, the apps require users to fill in their personal information before they are fully registered. Such information includes email addresses, telephone numbers, first and last names, location, age, and mobile device operating system.
Because of the level of disclosure, governments are always keen to protect citizens and that is why Uganda assented to the Data Protection And Privacy Act in 2019.
It is because of this that we think it is high time everyone, including the government, paid attention to security online. How government will respond after the revelation should be a matter of public interest.
We also demand that any tech firm that breaches the privacy laws should be held accountable and in the worst case scenario, be stopped from doing business in the country. For emphasis, we would like to state here what the Data and Protection Act (2019), Section 3, says:
1 - A data collector, data processor or data controller or any person who collects, processes, holds or uses personal data shall-
(a) be accountable to the data subject for data collected, processed held or used; (b) collect and process data fairly and lawfully; (c) collect, process, use or hold adequate, relevant and not excessive or unnecessary personal data; (d) retain personal data for the period authorised by law or for which the data is required; (e) ensure quality of information collected, processed , used or held; (f) ensure transparency and participation of the data subject in the collection, processing, use and holding of the personal data; and (g) observe security safeguards in respect of the data.
All online service providers should, thus, acquaint themselves with this. If you breach our trust then we have no reason to trust you.