According to Menabytes, Egyptian ride-hailing company, Careem, was hit by a cyber attack on January 14, 2018. “Data of all the 14 million Careem customers (at the time) and captains was stolen as a result of the attack,” wrote Menabytes.
“The information stolen included customers’ name[s], email addresses, phone numbers and the trip data. The company did not specify what is included in the trip data but it is safe to assume that all the trip history of the customers was part of it.”
Data protection and online privacy have been at the center of the conversations for many following the Cambridge Analytica scandal. Yet, online data and privacy issues in Africa have largely been on the sidelines.
In turn, while as Facebook’s users in Europe are being protected by the European Union’s General Data Protection Regulation (GDPR), those in Africa are subject to being “governed by terms of service agreed with the company’s international headquarters in Ireland” as Reuters wrote.
According to Internet Society, Africa's privacy challenges are unique. Partly because of a "general lack of awareness of the risks involved in the use of information and communication technologies [across the continent]."
Like Facebook, several technology companies are always working towards avoiding fines or penalties in case they are found in violation of privacy policies or breach of their contracts. So far, they have been unlucky in the EU. The bloc is the perfect model of commitment to enforcing privacy policies for its citizens.
However, Africa, as a continent is heavily lagging behind, despite the fact that the internet and ICT are continuously becoming an integral part of its citizens as well as a significant contributor to its GDP.
According to a 2013 McKinsey & Company report, “the internet will contribute US $300 billion to Africa’s GDP by 2025.” It also projected that the internet’s contribution to Africa’s GDP would jump from the then 1.1% in 2012 to about 4%- 5%. The number of internet users would also jump from about 350 Million to over 600 Million.
At the country level, Daily News Egypt reported that “the contribution of the ICT sector to GDP was high, at 12.5%, in FY 2016/2017, increasing from 8.3% in FY 2015/2016.” In Nigeria, the ICT sector contributes around 12.5% to the country’s GDP. Similarly, the ICT sector contributed 2.9% of total GDP to the South African economy in 2012. The figure is expected to have increased significantly in the past 6 years.
However, despite the fact that the sector is becoming significant to the continent, there are some costs associated with it that the African governments or concerned authority haven’t moved fast enough to address. One of them being breach of online privacy and misuse of the data.
Apart from the Careem incident, in October last year, iAfrikan reported that South Africa had “suffered its largest data breach” ever as “millions of personal records” were “leaked on the Internet”. It is also believed that Cambridge Analytica had a hand in the controversial Kenyan elections held last year. The same was reported about the Nigerian elections that happened in 2015.
Yet, amidst all this, all concerned parties across the continent seem unmoved by the trend. Even when there were allegations that China bugged the African Union headquarters and spied on the African heads of states.
When you make an anecdote analysis, all companies that are fast rising in Africa are data backed. M-Kopa, the Nairobi-based fintech, and energy company has control of data for about 600,000 households in Africa.
Jumia, the Lagos-based e-commerce giant, according to its 2017 report, now has over 2.2 Million Africans shopping from across its platforms in Africa. The same applies to Uber, Taxify, Careem and other technology startups across Africa.
These companies are collecting data yet there are no clear guidelines on what they can or can not do with it. For example, although most of the companies claim to be pan-African, they are founded by expatriates from Europe and the U.S.
These, though operating from Africa, are ultimately satellite controlled from either the U.S or Europe. Something that raises questions about how far the data the companies collect travels and what it is ultimately used for.
In February this year, different African experts gathered for two days (19-20 February 2018) in Addis Ababa, Ethiopia to contribute to the development of the African Privacy and Personal Data Protection Guidelines.
According to Verangai Mabika, the meeting came “amidst growing concern across the world on the need to prepare for the EU General Data Protection Regulation (GDPR), which will be enforced on 25 May 2018.” An indicator of strides being made.
Yet, as Verangai later noted, “only 16 of the 55 [African] countries having adopted comprehensive privacy laws regulating the collection and use of personal information.”