Litigating Internet Disruptions in Africa: Lessons from Sudan

By CIPESA Writer |

Internet disruptions continue to be registered across Africa, despite efforts by local and international actors to demonstrate to telecommunications regulators and governments that it is counterproductive to human rights, the economy and democracy to disrupt digital communication networks.

In 2021, up to 12 African countries experienced state-ordered internet disruptions. These included Burkina Faso (November), Chad (February), Republic of Congo (March), eSwatini (June), Ethiopia (various), Niger (February), Nigeria (June), Senegal (March), South Sudan (August), Sudan (June and October), Uganda (January), and Zambia (August).

As internet disruptions have become more prevalent on the continent, strategic litigation against governments that order themand intermediaries, such as telecom operators and internet service providers (ISPs), that effect them, has gained recognition as a push back tool. Strategic litigation can lead to significant legal precedents by publicly uncovering inequalities and highlighting human rights violations, raising awareness, and bringing about reforms in legislation, policy, and practice.

However, as this brief argues, there are several obstacles to the successful litigation of internet disruption cases, including weaknesses among groups and individuals that submit applications, and case backlogs that impede timely adjudication of cases. Indeed, few cases of strategic litigation on internet disruptions have succeeded. Cases in Cameroon, Chad, and Uganda have been dismissed. In Zimbabwe, while the court in 2019 declared that an internet shutdown ordered during protests that year was illegal, the case was decided on procedural grounds without addressing the litigants’ grounds, such as rights violations due to the shutdown.

A notable progressive decision was the June 2020 ruling by the court of justice of the Economic Community of West African States (ECOWAS), which held that an internet shutdown ordered by the Togolese government during protests in 2017 was unlawful and violated the applicant’s right to freedom of expression. The court also ordered the Togolese government to pay two million CFA francs (USD 3,400) compensation to the applicants for the violation of their rights.

Litigating against shutdowns in Sudan

Perhaps more than any other African country, Sudan has made legal precedents arising from litigation against disruptions. Of note too, is that Sudan is only perhaps rivalled by Ethiopia in the number of shutdowns it has experienced in the last three years. Since 2019, the north African country has experienced six internet disruptions.

Former president Omar al-Bashir’s regime initiated internet disruptions during public protests calling for his overthrow, but the government that succeeded him has been more prolific in utilising shutdowns in response to criticism and protests. The longest disruption was recorded in 2019 and lasted 37 days, during which the country lost an estimated USD 1.9 billion. Over 100 protesters were reportedly killed during the time the shutdown was initiated. The latest shutdown started on October 25, 2021 and lasted 25 days. It was instituted after the military declared a state of emergency in the country and seized control of the government. The shutdown was ended by a court order.

The 2019 and 2021 disruptions were both challenged in court. In June 2019, Sudanese lawyer Abdelazim Hassan lodged a lawsuit against the internet shutdown that had been instituted earlier that month. Within two weeks of filing the case, court on June 23 ordered his service provider, Zain, to restore his internet service, which the ISP promptly did. However, service was only restored for the litigant’s SIM card, with the block on access maintained for the rest of Zain’s customers. This was because Hassan had filed the case in a personal capacity as a Zain customer.

Hassan then launched a class action suit, and on July 9, 2019 the court ordered MTN, Sudani and Zain to restore services for all their customers. The telecom providers complied promptly. In September 2019, court ordered Sudani and MTN to apologise to customers for disrupting access to their networks at the behest of the military authorities in June of that year.

Another win for litigants against internet disruptions came on November 11, 2021, when the general court of Khartoum ordered ISPs to restore internet services to all subscribers in response to a lawsuit raised by the Sudanese Consumer Protection Organisation. On the same day, the Telecommunication and Post Regulatory Authority (TPRA) insisted on maintaining the shutdown despite the court order, citing “national security” and a “State of Emergency” as justification. The authority argued that it was necessary to maintain the shutdown as ordered by “the higher leadership”, provided the state of emergency and threats to national security persisted.

The TPRA decision declining to restore internet connectivity cited article 6(j) and article 7(1) and article 7(2)(a) of the law of TPRA of 2018. Article 6(j) provides that one of TPRA’s mandate is “protecting the national security and the higher interests of Sudan in the field of Telecommunication, Post and ICT”. Articles 7(1) and 7(2)(a) state that among the powers of the TPRA is to protect the state’s obligations and requirements in the field of national security and defence, and national, regional and international policies, in coordination with the competent authorities and licensees.

The judge dismissed that argument and issued an arrest warrant for the chief executive officers of the telecom companies for not restoring internet access. On November 18, 2021, the telecom companies restored internet access for all subscribers. The various restoration orders and arrest warrants bring to four the key decisions taken by courts in Sudan that held the regulator, ISPs and the government to account. Further, unlike the Togo case which was adjudicated in the aftermath of the disruption, in Sudan the court issued orders during the disruption and brought it to an end.

Lessons from Sudan’s experience

  • Leaders of telecom companies can and should be held individually liable for actions of their companies. In Sudan’s case, an arrest warrant against leaders of telecom companies yielded compliance with a restoration order in spite of the telecom regulator’s directive to maintain the shutdown.
  • Powers of telecom regulators, who often cite vague grounds of national security in ordering disruptions, can be challenged in court even if the regulators cite the law in ordering an internet disruption.
  • It is essential for courts of law to adjudicate swiftly on internet shutdown cases. In Sudan’s case, it took two weeks of filing a case for court to order restoration of service to the litigant. In another two weeks, the court had ordered service providers to restore services to all customers.
  • Litigation’s target actions and actors need to be well-defined. Sudan has lessons on litigation that benefits individuals and others that benefit groups of users. Further, the targets of litigation action are varied, to include the regulator, a particular ISP or all ISPs, and other state bodies.
  • Intermediaries have appeared helpless in the face of government orders and have acquiesced to government orders even when their lawfulness is questionable. Holding them liable for losses to customers, such as the order by the Sudanese court that they apologise to customers, could make them think twice before implementing shutdown directives.

Towards an Accessible and Affordable Internet in Africa: Key Challenges Ahead

By Paul Kimumwe |

Over the last few years, Africa has experienced exponential growth in internet access spurred by mobile internet, which stood at 28% penetration  in 2020. However, internet access and affordability are still a major challenge for the majority of Africans, especially the rural poor, women, and persons with disabilities.

According to the State of Mobile Internet Connectivity 2021, Sub-Saharan Africa has the largest coverage gap (those living in areas without mobile broadband coverage) at 19%, which is more than three times the global average. While internet access has become more affordable, particularly through mobile phones, costs are still high and unaffordable to many in the region, who remain offline.

A new brief by CIPESA explores some of the retrogressive measures that undermine citizens’ rights to access a reliable and affordable internet in Lesotho, Mozambique, Tanzania, Uganda, Zimbabwe, and Zambia. Some of these measures include digital taxation that has led to increases in internet costs, registration and licensing of online users that imposes high licensing fees and tough penalties, network disruptions including internet shutdowns that lead to inaccessibility of the internet, and the failure to provide enabling infrastructure that exacerbates the digital divide.

Many governments have been eager to increase their tax base, particularly from the telecommunications sector and over-the-top (OTT) services, which they claim are eating into the revenues of licensed operators. Several other governments have slapped taxes on mobile phone handsets and other devices. These costs are passed on to consumers, thereby raising the cost of owning and using a mobile phone and accessing the internet.

In addition, the lack of an enabling infrastructure, including lack of access to reliable electricity, has been a major hurdle to broadband adoption in many African countries. It is  estimated that 45% of Africans live farther than 10 kilometres from the network infrastructure essential for online education, finance and healthcare services.

Network disruptions including internet shutdowns, internet throttling and social media blockages have recently become endemic in several African countries, and present yet another hurdle. Governments have sometimes shut down or restricted access to the internet or to social media platforms in an attempt to limit or control conversations online and prevent mobilisation for potential pro-democracy protests. The disruptions have mostly been initiated around election times, public protests, and during national exams.

Various countries have also adopted the registration and licensing of online users on whom they impose high licensing fees and tough penalties. This has forced many online users to abandon their platforms due to the high costs and threats of prosecution. Many of those who are online routinely practice self-censorship for fear of attracting reprisals.

The lack of internet access requires immediate counter action by several countries especially given the overbearing effects of digital exclusion caused by the Covid-19 pandemic. Countries with better access to online platforms for business and education are reaping faster economic rebounds compared to unconnected economies. The internet plays a vital role in the realisation of human development and facilitates the enjoyment of several human rights and freedoms, including the right to freedom of expression and information, the right to education, the right to assembly and association.

According to the brief, African governments need to recognise and nurture the true potential of the internet in driving inclusive economic growth and development, as well as digital transformation, especially in the post-Covid pandemic era. This calls for robust investments in internet infrastructure, digital literacy and refraining from taking actions that undermine the transformative potential of digital technologies.

See the full brief here.

South Sudan’s Cybercrimes and Computer Misuse Order 2021 Stifles Citizens’ Rights

By Edrine Wanyama |

South Sudan has enacted the Cybercrimes and Computer Misuse Provisional Order 2021 aimed to  combat  cybercrimes. The country has a fast-evolving technology sector, with three mobile operators and 24 licensed internet service providers. Investments in infrastructure development have propelled internet penetration to 16.8% and mobile phone penetration to 23% of the country’s population of 11.3 million people, which necessitates a law to curb cybercrime.

The Order is based on article 86(1) of the Transitional Constitution of South Sudan 2011, which provides that when parliament is not in session, the president can issue a provisional order that has the force of law in urgent matters.

The Cybercrimes and Computer Misuse Order makes strides in addressing cybercrimes by extending the scope of jurisdiction in prosecuting cybercrimes to cover offences committed in or outside the country against citizens and the South Sudan state. The Order also establishes judicial oversight especially over the use of forensic tools to collect evidence, with section 10 requiring authorisation by a competent court prior to collecting such evidence. Furthermore, the Order attempts to protect children against child pornography (section 23 and 24), and provides for prevention of trafficking in persons (section 30) and drugs (section 31).

However, the Order is largely regressive of citizens’ rights including freedom of expression, access to information, and the right to privacy.

The Order gives overly broad definitions including of “computer misuse,” “indecent content,” “pornography,” and “publish” which are so ambiguous and wide in scope that they could be used by the state to target government opponents, dissidents and critics. The definitions largely limit the use of electronic gadgets and curtail the exercise of freedom of expression and access to information.

Article 22 of the Transitional Constitution of South Sudan 2011 guarantees the right to privacy. The country has ratified the International Convention on Civil and Political Rights (ICCPR) that provides for the right to privacy under article 17 and the African Charter on Human and Peoples Rights, whose article 5 provides for the right to respect one’s dignity, which includes the right to privacy. The Order appears to contravene these instruments by threatening individual privacy.

Despite a commendable provision in section 6 imposing an obligation on service providers to store information relating to communications, including personal data and traffic data of subscribers, for 180 days – a period far shorter compared to other countries – personal data is still potentially at risk. The section requires service providers and their agents to put in place technical capabilities to enable law enforcement agencies monitor compliance with the Order. With no specific data protection law in South Sudan and without making a commitment to the leading regional instrument, the African Union Convention on Cyber Security and Personal Data Protection, privacy of the citizens is at stake.

The section on offences and penalties lacks specificity on fines which may be levied on errant individuals or companies. On the other hand, some of the offences provided for under the Order potentially curtail freedom of expression and the right to information. For instance, the offence of spamming under section 21 could be interpreted to include all communications through online platforms including social media platforms like Facebook and WhatsApp. Under the provision, virtually all individuals who forward messages on social media stand the risk of prosecution. This also has a chilling effect on freedom of expression and the right to information.

The offence of offensive communication under section 25 potentially has a chilling effect on freedom of expression, media freedom and access to information. A similar provision under section 25 of the Computer Misuse Act, 2011 of Uganda has been widely misused to persecute, prosecute and silence political critics and dissidents. Section 25 of the South Sudan Cybercrimes Order could be used in a similar manner to target government critics and dissidents. 

In CIPESA’s analysis of the Order, we call for specific actions that could ensure the prevention of cybercrime while at the same time not hurting online rights and freedoms, including:

  • Deletion of problematic definitions or provisions from the Order.
  • Enactment of a specific data protection law to guarantee the protection of data of individuals.
  • Urgent drafting of rules and regulations to prescribe the procedures for implementing the Order.
  • Ratification of the African Union Convention on Cyber Security and Personal Data Protection.
  • Service providers should not be compelled to disclose their subscribers’ information to law enforcement agencies except on the basis of a court order.
  • Amendment of the Order to emphasise the oversight role of courts during the processes of access, inspection, seizure, collection and preservation of data or tracking of data under section 9.

Read the full analysis here.

Malawi Telcos Further Reduce Data Prices But Affordability Concerns Remain

By Jimmy Kainja |

Data prices in Malawi have been reduced following recent engagements between the Malawi Telecommunications Regulatory Authority (MACRA) and telecommunications operators. Under the new rates, the cost of 1GB to 4GB bundles are down by between 10% and 31% across the country’s two leading internet service providers – Airtel and TNM.

Announcing the reductions, MACRA stated that it was cognisant of affordability concerns raised by citizens and thus worked with telecommunications operators to “review and revise the current data prices more especially the lower volume bundles which are commonly used by the majority of internet users in the country.”

The new rates, which came into effect in April this year, cut across different validity periods – daily, weekly and monthly. In addition, Airtel Malawi has also removed the validity period for its 1GB PaNet NoVa, which is priced at MK3,500 (USD 4.40). Further, the reductions include packages for social media access and weekend access.

Validity Bundle Operator
Airtel TNM
Old rate New rate Old rate New rate
Daily 1GB MK 1.800 (USD 2.30) MK 1.500 (USD 1.90)
Weekly 1GB MK 2.500 (USD 3.14) MK 2.000 (USD 2.55)
Monthly 1.2GB MK3.500 (USD 4.40) MK2.500 (USD 3.14)
1GB MK3.500 (USD 4.40) MK2.450 (USD 3.10)
2GB MK5,000 (USD 6.30) MK4,000 (USD 5.05) MK5,000 (USD 6.30) MK4,200 (USD 5.30)
4GB MK8,000 (USD 10.05) MK7,000 (USD 8.80)
Unlimited 1GB MK3,500 (USD 4.40)

This is the second time in less than a year that data prices have  been reduced in Malawi. Last August, telcos reduced data prices in response to a joint statement by the Centre for Human Rights and Rehabilitation (CHRR), the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), and other organisations urging the Malawi government to review the cost of telecommunications services, especially in view of Covid-19 restrictions some of which have led to increased reliance on digital technologies in Malawi and across the world.

At the time, MACRA agreed with CHRR, CIPESA and others that the cost of the internet in Malawi was too high. The regulator committed to engaging with telcos to explore further possibilities for data cost reduction. Since then, the regulator reports having been engaging telcos “to further review the standard volume bundles offered to consumers to align to the cost of providing the services in the country.”

Malawi is currently ranked 174 out of 189 countries on the United Nations Development Programme’s  Human Development Index, which measures a country’s average achievement in key dimensions of human development. An estimated 71% of Malawians live in extreme poverty. Malawi has one of the lowest mobile and internet connectivity rates in the world, owing to socioeconomic factors but also due to policy gaps that have contributed to the high cost of the internet and limited investment in critical infrastructure that could spur connectivity, especially in rural areas where the majority of Malawians live.

According to the 2019 National Household Survey on Access and Usage of ICT Services in Malawi, mobile phone ownership at household and individual level was at 36.5% and 43.2% respectively. During the same period, internet penetration stood at 14.6%, of which 40.7% of users were in urban areas while 9.3% were in rural areas. The majority of internet users (96.8%) accessed the internet via mobile phones compared to 11.8% who connected via a laptop or a desktop computer. The survey revealed that poor quality of service, affordability, and literacy were among the factors inhibiting greater access to and use of the internet. Indeed, compared to its regional counterparts, Malawi scores lowly on the 2020 GSMA Mobile Connectivity Index, which measures the key enablers of mobile internet adoption in various countries.

The recent reductions are commendable efforts towards improving access to the internet for all citizens including disadvantaged and marginalized groups of the population, by improving affordability. They reinforce the interventions of the Universal Service Fund (USF), whose aims include providing universal access “in areas that are not economically viable or that are marginally viable without subsidies.”

However, other barriers to access such as the prevailing taxation regime need to be addressed in order to more meaningfully enable affordability for the majority of Malawians. Furthermore, it is essential to ensure a competitive environment through quality of service and compliance monitoring of dominant operators and removing barriers for licensing new market entrants. As stated by the GSMA in the Inclusive Internet Index 2020 report, “the country’s efforts to extend internet access are stymied by weak communications market competition [and] high prices for data.”

Challenges and Prospects of the General Data Protection Regulation (GDPR) in Africa

Policy Brief |
Privacy is a fundamental human right guaranteed by international human rights instruments including the Universal Declaration of Human Rights in its article 12 and the International Covenant on Civil and Political Rights, in its article 17. Further, these provisions have been embedded in different jurisdictions in national constitutions and in acts of Parliament.
In Africa, regional bodies have invested efforts in ensuring that data protection and privacy are prioritised by Member States. For instance, in 2014 the African Union (AU) adopted the Convention on Cybersecurity and Personal Data Protection. In 2010, the Southern African Development Community (SADC) developed a model law on data protection which it adopted in 2013. Also in 2010, the Economic Community of West African States (ECOWAS) adopted the Supplementary Act A/SA.1/01/10 on Personal Data Protection Within ECOWAS. The East African Community, in 2008, developed a Framework for Cyberlaws. Notwithstanding these efforts, many countries on the continent are still grappling with enacting specific legislation to regulate the collection, control and processing of individuals’ data.
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect. The GDPR is likely to force African countries, especially those with strong trade ties to the EU, to prioritise data privacy and to more decisively meet their duties and obligations to ensure compliance.
See this brief on the Challenges and Prospects of the General Data Protection Regulation (GDPR) in Africa, where we explore the consequences of GDPR for African states and business entities.