Data Governance, The Southern African Way

The southernmost region of Africa comprises sixteen countries, each with unique languages, cultures, and historical contexts. On the subject of data regulation and protection, Southern Africa prides itself with the introduction of the Malawi Data Protection Act, 2024, being one of the continent's newest frameworks for safeguarding personal data and supervised by the Malawi Communications Regulatory Authority (MACRA). Additionally, the Southern African Development Community (SADC) has taken proactive steps with its Model Law on Data Protection, aiming to harmonize information communication and technology (ICT) policies across member states and focusing on key regional priorities such as gender equality, trade access, peace and security, and deeper economic integration since its establishment in 2013.

The Southern African region is also a strong advocate for women's rights, exemplified by the Protocol to the African Charter on Human and Peoples’ Rights on the Rights of Women (famously known as the Maputo Protocol), signed in 2003 in Mozambique. This instrument underscores the commitment to advancing women's legal and human rights across Africa.

As an organization championing women’s rights, Pollicy has a keen interest in how Southern Africa is addressing the intersection of technology, data protection, and gender equality. Together with Niyel, Pollicy held a webinar conversation in December 2024 with key data governance experts from the Kingdom of Eswatini (herein Eswatini), South Africa, and Namibia. This article delves into each of these countries’ specific data regulation developments, as seen in public health, cybersecurity, democratic governance, and the rise of artificial intelligence respectively. These countries offer a small representation of the Southern African region and are navigating complex challenges and seizing opportunities to shape a digital future that prioritizes both innovation and human rights.

Public health data governance in Eswatini

Eswatini is edging closer towards first world status in improving its health care service provision and delivery, by employing the use of innovative software applications, like the Client Management Information System (CMIS). The CMIS holds sensitive, client-level information that is available to users, allowing clients the flexibility to visit any service site in the country and maintain their health records. The aim is to ensure that service providers easily access patient information, thus reducing time and location constraints. Additionally, service providers are also able to better receive the needed resources and support to improve clinical decision-making. Despite this progress and positive innovation, security concerns are not lacking, especially when it comes to patients’ personal information. Some of the concerns include:

• Confidentiality – whether there is a system that allows patient information to only be accessed by authorized personnel. In previous years, Eswatini would rely on the paper trail method, which allowed easy access to information but as it was not durable, also caused the loss of important records;
• Integrity - ensuring the data remains accurate and unaltered; and
• Availability and accessibility of the data in the event of urgent analysis

Digital divide

Eswatini is proud of the strong basic literacy rate afforded to civilians, and especially in the public health sector. Significant gaps in digital skilling and competency remain, particularly among older populations and rural communities, and these gaps have greatly affected the country’s data analysis. This is because marginalized communities are often left behind in digital skills and their data missing.

These gaps have fueled a strong advocacy agenda from civil society organizations (CSOs) who implement projects that improve clinical friendliness and service delivery through accountability and consistent monitoring of service provision. The advocacy agendas usually focus on:

• Free charges for clinical monitoring applications for patients all around the country; this affords everyone access to the applications free of charge regardless of their geographical location or economic status.
• On site tablets and other relevant electronic gadgets (such as dialysis machines, glucose trackers etc.) to be used by patients to meet the standards of clinical applications.
• Onsite champion/helper to assist the older population and marginalized communities with access to the applications.

Data Protection

Eswatini has made notable progress in establishing data protection and cybersecurity frameworks such as the existing Data protection Act of 2022, which lays out the ground rules that need to be followed to protect personal data in the country and also establishes the Eswatini data protection authority as the regulatory body of this law.

Looking at health data specifically, its effective management and utilization play a critical role in improving healthcare delivery and decision-making processes. In Eswatini, the digital revolution has opened up new avenues for optimizing data management and analysis, providing understanding of the distribution of diseases, identifying vulnerable populations, and targeting interventions effectively.

The Ministry of Health (MOH) actively pursues the objectives and strategies defined in the country’s eHealth Strategy (2016–2020), where Objective 2 of the Strategy calls for eHealth solutions that are practical, relevant, and sustainable. Additionally, this requires CMIS to be deployed in all health facilities, where the national Health Information System (HIS) Strategy has outlined a vision for data flow of client-level data, data exchange across sites, and automated reporting of indicators in a national data warehouse for both aggregated reporting data and de-identified client-level data for analysis and use for program monitoring and planning.

To this day, Eswatini has established and implemented the country's first national Emergency Response Council (EMR)—the CMIS—to strengthen client care through readily available client information at all locations throughout the continuum of care. Eswatini’s vision is for the CMIS to be a comprehensive EMR to manage the general population from birth to death. It was adopted by the MOH for client-level management and is currently being rolled out across the country.

At the community level, Khulisa Umntfwana, through generous support from the Southern Africa Aids Dissemination Service (SAfAIDS) is implementing a Transforming Lives Program with a feedback mechanism called the MobiSAfAIDS application - a customized version of the existing Mobi-Social Accountability and Monitoring (MobiSAM) application which is used in South Africa, as a way for citizens to communicate with the municipality and government and to demand social accountability monitoring amongst young people. The application provides real time data and evidence to ensure evidence-based advocacy which promotes accountability among service providers thus promoting youth friendliness in all clinical facilities where the project is implemented.

Cybersecurity Governance in South Africa

South Africa seeks to have technology that will solve everyday problems, including problems that may be caused by technology itself. The webinar covered cybersecurity and technological progress in South Africa, with a focus on how the rise in internet penetration and digital transformation across the country has made both the private and public sectors more vulnerable to cyber attacks. In response to this, South Africa’s government has been working hard to strengthen its cybersecurity frameworks and guidelines through initiatives like the Cybercrimes Act of 2020 and establishing the Cybersecurity Hub. These frameworks are resourceful for making the larger society understand cyberfraud, cyberforgery (making false data which leads to the actual or potential prejudice against another person) and cyber uttering (passing off false data through illustration, phishing etc. to the actual or potential prejudice against a person).

According to the 2024 South Africa cybersecurity predictions by Take Note IT, the country has undergone massive innovation in generative AI, augmented development, intelligent applications powered by AI, continuous thread exposure management and sustainable technology impact (to list a few). It is also commendable to witness how South Africa ranked T2 (Advancing) in tier performance by the 2024 International Telecommunications Union (ITU) Global Cybersecurity Index, where out of a maximum 20 points, the country scored: 20 in legal measures, 18.57 in technical measures, 14.84 in organizational measures, 12.84 in capacity development, and 20 in corporation measures.

Democratic Governance in Namibia

Thirdly, the webinar addressed Namibia’s strides in creating space for open democratic governance and inclusive citizen participation. With the 2024 presidential elections, the country maintained strong democratic principles and resulted in Her Excellency Netumbo Nandi-Ndaitwah as the winner. Notably, Namibia ranks number one in Africa for media freedom, reflecting a strong commitment to transparency, accountability and the free exchange of ideas. This freedom enables citizens to actively participate in discussions on governance (including data governance), ensuring their voices are heard and considered in policy decisions.

In the broader Southern African context, the importance of data governance frameworks is increasingly recognized, with countries in the region striving for efficient, secure management of digital data to promote public trust and bolster democratic values. Such frameworks, when effectively implemented, enhance governance and further empower citizens to engage in the decision-making processes that shape their future. Conclusively, Africa is making significant strides in policy development. The next step is ensuring the effective implementation of these policies, in a manner that is ethical, inclusive, and sustainable. We must maintain our momentum, promote transparency, uphold accountability, and continue to celebrate our achievements.

Artificial Intelligence (African Union level)

Africa has had a rollercoaster of technological progress, and indeed the continent has come a long way. Four years ago, only six African countries had data policies in place before the global pandemic (Covid-19). Fast forwarding to today, and thirty nine countries have solid data protection frameworks. Regarding AI, between 2023 & 2024, one country has an AI legislation, eight have rolled out AI strategies/policies, fourteen are tweaking their ICT policies, and eleven—including South Africa—are actively working on it. This is progress that should be greatly commended.

However, it does not simply suffice to put policies on paper, it is about making them work for the natural order of society. While African governments take pride in their accomplishments, it is important to acknowledge critical ethical concerns that persist—such as the pervasive installation of surveillance cameras without consent, the displacement of communities for the sale of carbon credits to major technology corporations, and the exploitation of underpaid workers who sustain international businesses. Moreover, the proliferation of misinformation remains a pressing issue. To remain competitive in the digital age, we must prioritize the development of comprehensive data flow mapping across the continent and establish robust data security measures.

Africa is making significant strides in policy development. The next step is ensuring the effective implementation of these policies, in a manner that is ethical, inclusive, and sustainable. We must maintain our momentum, promote transparency, uphold accountability, and continue to truly celebrate our achievements.