Building Trust, Accountability, and Human Rights in East Africa’s Data Ecosystem

Data Governance, Open Institute, Restore Data Rights

March 13, 2026

Building Trust, Accountability, and Human Rights in East Africa’s Data Ecosystem

By Esther Njagi, Open Institute and Sharlene Muthuri, Amnesty International Kenya

Amnesty International Kenya (AIK) and Open Institute (OI) have collaborated since 2020 to advance data governance, data protection, and privacy rights across Kenya and the wider region. Our joint work bridges the gap between data for development and data for human rights, demonstrating that these two critical areas can coexist and complement each other. AIK brings expertise in human rights advocacy, ensuring that data collection practices respect individual privacy and promote accountability, while OI leverages data-driven development initiatives to support impactful advocacy at the subnational, national, and regional levels. This collaboration provides a lens through which the conference discussions were framed, emphasising that trust, inclusion, and human rights must underpin all data governance efforts.

Last year, we collaborated to bring the first East Africa Data Governance Conference, gathering policymakers, regulators, technologists, civil society leaders, academics, journalists, and development partners from across East Africa and beyond. Attended by over 150 participants from Kenya, Uganda, Tanzania, Ethiopia, South Africa, Zimbabwe, and the Netherlands, we explored pressing challenges and opportunities in data governance, emphasising people-centred, inclusive, and collaborative approaches in the region.

Bridging Policy and Practice

Data governance in East Africa is at a crossroads. Rapid technological innovation, growing digital services, and increased data collection present both opportunities and risks for governments, civil society, and communities. Across the just-concluded East Africa Data Governance Conference, held in March 2026, a series of critical discussions highlighted how the future of data in the region must be anchored in trust, transparency, and human rights.

Victor Ndede, Head of Programmes Amnesty Internal Kenya, making his remarks at the East Africa Data Governance Conference, Nairobi

Al Kags, Executive Director, Open Institute delivering his remarks at the East Africa Data Governance Conference in Nairobi

In the opening session, speakers set the tone by emphasising both urgency and opportunity. Victor Ndede from AIK encouraged participants to view the conference as a space for learning and collaboration, to leave with practical insights to strengthen data governance across the region. Al Kags from OI highlighted the overwhelming interest in the event, reflecting the growing momentum around data governance in East Africa.

Immaculate Kassait, SC, MBS, of the Office of the Data Protection Commissioner delivering the keynote address on the conference theme: **“Navigating Duality in Data Governance: Innovation and Accountability in East Africa.”**

A persistent theme throughout the conference was the gap between policy frameworks and their practical implementation. While East African countries have made strides in developing data protection laws and governance frameworks, enforcement and translation into everyday practice remain inconsistent. Uganda’s Personal Data Protection Office representative, Edna Kasozi, framed the stakes clearly: “Data underpins nearly every sector in our economy. This is why data protection cannot be an afterthought, but embedded within our framework.” Speakers emphasised that regulators, civil society, and private actors must work collaboratively to close this gap, ensuring systems are not only compliant on paper but also responsive to the realities of citizens.

Dr. Director General of the Personal Data Protection Commission (PDPC) Tanzania, speaking on how **policy harmonization across the region can strengthen cross-border data sharing and support a more integrated East African digital ecosystem**

Community Agency and Inclusion in Data

Another key discussion revolved around community agency and representation in data systems. In sessions on data ownership, custodianship, and sovereignty, participants noted that those who collect data often hold the power, while respondents have limited influence. Solutions proposed included capacity building, localised tools in Swahili, and inclusive methodologies to ensure that communities can meaningfully engage with the data affecting them.

The conference also highlighted the importance of representing marginalised groups, including persons with disabilities and young people. Without deliberate inclusion, policies and services risk overlooking the diverse realities and needs of these populations. The youth-focused session, “Haki Yako Mtandaoni: Emerging Issues on Data Protection and Digital Rights among the Youth in Kenya”, underscored that young people are both the most active online and the most vulnerable to data risks, calling for multi-stakeholder collaboration to strengthen safeguards and awareness.

Accountability and Ethical Data Practices

Across public and private sectors, participants stressed the need for transparent, auditable, and accountable data systems. In health systems, debates around SHA premium contributions highlighted the importance of fairness, community engagement, and accessible redress mechanisms. Similarly, discussions on AI and emerging technologies emphasised that legal frameworks must evolve alongside innovation, safeguarding accountability, protecting personal and creative ownership, and ensuring ethical use of data.

In sessions on ethics, algorithms, and data for human rights defenders, participants explored the risks of harm from mismanaged or unsafe data. Key takeaways included the need to minimise unnecessary data collection, conduct risk assessments, and embed ethical practices in all stages of data handling, particularly when dealing with sensitive populations.

Collaboration Across Stakeholders

A unifying theme was that collaboration is essential for effective governance. Subnational government sessions, featuring Kilifi and Homa Bay counties, with contributions from Nandi County and insights from the Kenya National Bureau of Statistics (KNBS), emphasised harmonising methodologies, improving data credibility, and clarifying the role of civil society organisations (CSOs). Counties were urged to act as custodians rather than gatekeepers, fostering trust through dialogue platforms and clear working frameworks such as MoUs.

Private sector engagement was equally central. Plenary discussions brought together Safaricom, KCB, Google, Smart Applications Group, and the University of Nairobi, focusing on synthetic media, AI, and data ownership. Panellists highlighted the need for legal frameworks to protect consent, verify released data, and safeguard individual and creative rights, including strengthened Data Protection Acts, opt-out mechanisms, and regional ethical AI standards.

Innovating with Equity and Community Agency

The keynote by Dr. Melissa Omino introduced NOODL—the Nwulite Obodo Open Data License—as a model for equitable African data sharing. NOODL ensures open access for African AI developers, conditional use for developing nations with benefits-sharing requirements, and negotiated royalties for developed nations. Grounded in relational ethics and ubuntu, NOODL embeds communities in decision-making, granting meaningful agency over how their data is used and shared.

Dr. Melissa Omino, Executive Director, Centre for Intellectual Property and Information Technology Law (CIPIT), making her delivery on the topic **: Before the Dataset: The Human Story Behind Governance**

“Before the dataset, there is a community. African languages and the people behind them must not be treated as extractable resources for AI.”

She urged policymakers and technologists to view data governance not merely as regulation but as a cultural and ethical responsibility. Governance succeeds when communities are the unit of decision-making, when consent is informed, value is reciprocal, and cultural integrity is protected.

Data Protection Litigation and Legal Progress

The region has also seen significant progress in legal enforcement. Six of eight EAC countries now have data protection laws, and courts are increasingly active, as demonstrated by Uganda’s banning of MeTA and Kenya’s Arunda case. Discussions emphasised the importance of awareness of privacy rights, informed and revocable consent, and opt-in/opt-out mechanisms, ensuring that citizens retain control over their personal information.

Looking Ahead

The conference highlighted the interconnected nature of data governance, human rights, technological innovation, and citizen engagement. From community-centred approaches and regional cooperation to innovation with accountability, one message was clear: the future of data in East Africa must be built on trust, transparency, and collaboration. The East Africa Data Governance Conference did not claim to resolve every tension between innovation and accountability. Instead, it did something arguably more important: it brought the region’s key actors into the same room to confront those tensions honestly.

And in doing so, it laid the groundwork for a more collaborative and accountable digital future. By embedding human rights at the centre of governance frameworks, leveraging technology responsibly, and engaging all stakeholders meaningfully, the region can create a digital ecosystem that is inclusive, equitable, and resilient.